Would You Guess These Business Websites Are Scams? — While some online scams and threats are easily perpetrated by a single text, email or social media post, others are quite elaborate! They may require an exchange of communication between scammer and victim, as well as a supporting website, or even a phone call to speak to a person who is part of the scam! We’ve got several of these more sophisticated scams to share with you and a fundamental question… Were you to arrive at these business websites, would you know that they are fake and used as a part of elaborate scams? We’ll show you how to peel back the layers of fraud to tell truth from fiction online! (NOTE: We have evaluated these websites for signs of malware, using 3 different tools, and found none. Though we don’t believe these sites will hide malware traps, we cannot control what the criminals behind these sites will do. These sites are designed to be identified as “legitimate” businesses and not draw attention from security services due to malware. However, If you choose to visit these sites, you do so at your own risk and responsibility.)

The first business came to us via our friend Rob in the last week of June. It is called Whitefield Investments, a firm that claims to have “years of experience in Financial Planning, Investment Management Analysis, Legal and Tax Services Consulting.” Their top webpage even details nine services they offer to clients. (WhitefieldInvestments.com) They have a robust website detailing their client services, with a contact form and addresses for offices in Scotland and South Africa. However, we’re certain that this robust financial investment website is a front used by cybercriminals to support various financial scams.  Here are a few red flags…

1. Rob received an obvious Nigerian 419 scam email and, in typical Rob-fashion, responded to the scammers. This led to an exchange of emails and a $200 MILLION dollar investment scheme for Rob! Here is the first page of a pdf contract offer that was sent to him to sign. RED FLAG: No one legitimately offers millions of dollars to random people across the Internet! If you read the opening paragraphs of this letter, we hope you’ll agree that this is absolute fraud.

2. The WhitefieldInvestments.com website claims that they have been around for years. For example, at the bottom of each webpage, underneath “Recent Tweets” is a link that goes nowhere and claims to be a post from November 17, 2019. And yet this website didn’t exist until November 15, 2021. It was registered in Iceland, through Namecheap, the #1 most-abused Registrar by cybercriminals (in our humble opinions!) It’s very important to look up registration information about a website and ask yourself if the information you see makes sense or is suspicious! (Two of our favorite WHOIS services are Whois.domaintools.com and Godaddy.com/whois.)

3. Of course, neither of the addresses listed on the WhitefieldInvestments.com website show any such business located there! Check out Google’s report for 1 Kings Inch Place, Renfrew, Scotland and 1 Bridgeway Road, Capetown, South Africa.

4. Several well-respected security services have identified WhitefieldInvestments.com as a scam website! 

The next scam business is one that is looking to hire workers to help ship packages for the company. The company is called Lime Logistics LLC and uses the website LimeShipUS.com. We are 100% certain that this website was built and controlled by the same Russian-speaking cybercriminal gang we have reported on for more than 2 years. We’ve exposed more than 45 scam shipping websites that we believe are connected to this gang. Check out our article about this group of cybercriminals called Package Shipping Scams. Let’s expose this sham company, now using the domain Limeshipus.com.

1. The Lime Logistics website claims to have been in business for “5+ years.” On their “About” page they say “Since 2015, we have been delivering logistics solutions for clients of all sizes and sectors.” And yet, this website domain didn’t exist until June 20, 2022! (By the way, Lime Logistics shows their business email as info@lsusemail.com. The domain, lsusemail.com was also registered on June 20, 2022.)

2. The LimeShipUS.com website shows a team of 3 people, listed as William Barba (Warehouse Manager), Joe Troup (Operating Officer) and Matthew Dodge (Logistics Manager). Google and LinkedIn have no record whatsoever of these 3 men. No former history to be found for them online. We  strongly suspect that the photos of Joe Troup and Matthew Dodge were artificially generated from an AI photo site, such as Generated.photos, meaning that these are not real human beings. That would explain the complete lack of online history for these “employees.”

3. A Google search for the website domain, LimeShipUS.com, shows absolutely NO INFORMATION whatsoever.  That’s extremely suspicious for a business claiming to have been around since 2015 or so, don’t you think? Also, Scam-Detector.com gives this website a rating that is “questionable, controversial, and flagged” (38.8/100 as of 7/9/22).

FOOTNOTE: Don’t be fooled or misled if you find that a suspicious company has actually filed legal documents with a business agency located in a state. We learned last year that the Russian-speaking cybercriminals behind these bogus websites were using a firm to “legally” register their bogus businesses! The agencies through which they are “registered” do not confirm legitimacy or authenticity of the businesses posted on their site!

If you think you have good super-sleuth skills to see through fraudulent websites, check out these additional online businesses, and remember…. It’s easy to deceive others online!

    BannerWest.com – Digital marketing company

    Alpha-Shipping.org – Shipping & “inspection service” company

    Duxpapillonsforhome.com – Dog selling website

Is the Email Alert from “security@facebookmail.com” Legit? – Security alerts are nothing new, but when everyone is receiving the same email script and request from a large company like Facebook, it’s natural to wonder if said email is legitimate or not. That’s been the case recently, with netizens looking to find out if the email from security@facebookmail[.]com is just another phishing attempt.

Anti-Scam Tactics From a 91-Year Old and Other Comments – Lots of interesting things happened in the last week. Let’s start with this conversation we had with a 91 year old man, we’ll call “Grandpa.” Grandpa proudly told us that he receives many spam/scam phone calls and will often answer them, especially when he’s certain they are either from scammers or telemarketers.  Depending on how he feels about the call or what they say to him, he told us that he makes one of 3 choices….

1. 1. He may immediately scream an expletive loudly into the phone and then hang up, with a smile.
   2. If the caller has a foreign accent, he’ll tell the caller that they have reached the “Deportation Service of the U.S. Department of immigration” followed by “how can I help you….”
   3. He’ll insult the caller, sometimes with expletives or by calling him a “low life” or “degenerate.” If the caller responds with something like “you shouldn’t say that to people” he quickly replies with “then don’t call here anymore!”

He’s feisty, for sure, and without any filter! Would it surprise you to learn that Grandpa was once in the Marines? While we applaud Grandpa’s enthusiasm to fight back, most people would rather not engage with cybercriminals and telemarketers. Most people simply wish they didn’t receive these calls in the first place! Joseph Steinberg recently published an article on Scamadviser on how to recognize likely scam calls based on the area codes they come from! Check out his article Avoid Returning a Call or Text From These Area Codes – It May be a scam

Another one of our elderly readers told us how surprised she was upon getting a voicemail message for her husband.  Her husband had passed away more than 2.5 years earlier! The voice message, received on July 1, was about a prescription. And the caller’s phone ID showed the call coming from a real Walmart not far from her. (The caller ID was 520-326-5868.) However, when she did a quick Google search of the phone number listed within the message, she found complaints describing it as a scammer’s number. Here is a transcription of her phone message:

“Hi this is Walgreens located at the Southeast corner of Campbell Avenue in Fort Lowell Road in Tucson. We have one or more prescriptions that are delayed or ready the pharmacy is open till 9:00 PM tonight except when it closes for a meal break from 1:30 PM to 2:00 PM tomorrow. The pharmacy is open 9:00 AM to 6:00 PM. They will be closed for a meal break from 1:30 PM to 2:00 PM. If you’d like to change your communication preferences. Go to our website or to opt out a future order update calls. Call 844-924-7733. We look forward to seeing you soon. Goodbye.”  A search for the phone number 844-924-7733 tells you everything you need to know about this call! There was even an article called “Drug Store Scam” posted back in 2017 and related to this scammer’s phone number!

Our friend Rob shared two interesting articles with us last week that we think our readers may also value.  Would you believe that the US Internal Revenue Service approved 76 fake charities that were all using the same mailbox, though they had addresses around the country? Check out this recent NYTimes article 76 Fake Charities Shared a Mailbox. The I.R.S. Approved Them All. And then the Truth in Advertising blog posted this article on July 5 titled Let’s Judge Mortgage Scammers.

A Reddit user, by the name of “leothecool2011,” posted this image that he received on his phone (it wasn’t clear if it came from a website popup, email or via text). It starts with “ILLEGAL DETECTED.” It’s actually a funny attempt to extort money from the victim! Of course he didn’t fall for it and posted it instead as the “worst scam attempt of all time.”  It didn’t take Leothecool2011 very long to discover that the left image used in this extortion scam was taken from this ABC News article from 2014 and the picture on the right was taken from another 2014 NPR article about the FBI arresting a ‘reputed mobster.’  According to the Reddit user who posted this image, he thinks the scammers have been using the same pictures for 8 years and resending this extortion scam!

Amazon and Coinbase Invoices, and McAfee Order Confirmation – Once again, we heard from the DFO of a school telling us that she received another scam email that was spoofed to look like it came from a school employee. The “employee” wanted to notify the business office of a change to her bank for auto-depositing her salary payments. Fortunately, this DFO was well trained and knew how to check the “Reply-to” address listed behind the code. Though the reply-to address looked like the employee’s email at the school, she found that the REAL reply pointed to the following Gmail address: williamssarah3213@gmail.com Spoofing email addresses is a common trick amongst skilled cybercriminals! LOTS of cybercriminals have been using bogus Gmail accounts to perpetrate their phishing fraud, including all the smelly phish in this week’s phishing column!

Check out this email from a Gmail account called “Dispatch Info” (using a random email address: ujmd68962). We don’t think that legitimate emails from Amazon send attached invoices like this email anyway! The scammers want you to call 808-800-9857 if you want to cancel this order or discuss the fact that your new iPhone is being shipped to the wrong person somewhere in Pennsylvania!

Deeeleeeete!

Unclaimed Tax Refunds and A Threat Has Been Detected – Nobody likes paying taxes! So imagine how you might feel getting this email to see if you have any “unclaimed tax funds!” Except that this malicious clickbait came from a personal ATT email account! This email was stripped of the links it contained so we don’t know where it wanted to send you. However, we’re 100% certain it will NOT be in your best interest!

Cybercriminals HATE security services! That’s obvious. So it is no surprise that this email, which is 100% malicious, tells you that 92 threats have been detected on your computer!  Fear can be an effective trigger to manipulating someone into making a quick decision, like clicking an email because they think their computer has 92 viruses. But it is all a lie so don’t let this bogus email trick you into clicking a link you shouldn’t click!  Though we are also missing the links associated with this clickbait, we’re certain they are not safe!  Caveat Emptor!

You Have 2 Voicemails and Your Case Has Gone to Court – Again, one of our readers received this email sent to “undisclosed-recipients.” It claims to have come from “Comcast” (a telecommunications service) and contained 2 attached “eml” files. Do NOT, under any circumstances, open eml attachments unless you are expecting such attachments and are 100% certain of the sender and reason for sending them!. This is a phishing email and clicking these attachments can cause malware to be installed or open another email with malicious links. (Check out this brief description of the risks associated with these attachments posted on TheDefenceWorks.com, from 2019.) Clearly, the email did not come from Comcast.net or .com!

This next email is a mish-mash of multiple topics meant to raise your level of anxiety and trick you into clicking without thinking!  The FROM address is named “Pretrial deportation” but the actual address shows that this email came from a server in France (“.fr” = France)  But in a twist, the email informs you about a lawsuit concerning a debt you owe! Notice that the sender says you MUST click the link while using a PC. That’s because the malware associated with this clickbait won’t operate against an Apple computer!  The link in this clickbait doesn’t point to Docusign.com, but points to a server in Luxembourg! (“.lu” = Luxembourg)

Our friend Rob asked us to warn people about a growing misuse of malicious QR codes appearing across the Internet and print form! (QR codes are used in many places, including boarding passes and such.) Here are a couple of articles about these threats:

   From Tom’s Guide last week

   From Aura.com

Your Past Injury? Is It You in the Video? And More! – Last week one of our longtime readers told us she received a random text that said “We are in the office looking over your past injury. 1-888-858-0276 —- Can you give me a call real quick to go over what you’re owed comp-wise? stop 2 stop”  We believe this to be a scam for several reasons…

1. 1. She had suffered no injury and wasn’t expecting anything related to this. 
   2. You may think this was mistakenly sent. But then why is it that Google can’t identify anything about that telephone number? NOTHING!
   3. Given the content of this message, one can reasonably presume it was sent by a lawyer. Lawyers are well-educated professionals.  No lawyer we know would send this message via text AND use poor English grammar to do so!  The sentence “Can you give me a call real quick to go over what you’re owed comp-wise?” contains 2 grammatical errors and is not professionally written.
   4. Writing “stop 2 stop” is also pretty lame.

On July 5, a Reddit user (Shitp0st_Supreme) posted a screenshot of a malicious text that has been successful at manipulating people for years! “Is it you?” We’ve written about these before. Don’t click these links!

This next bizarre text came from “jocwelyn” via an unknown email account. It’s another piece of malicious clickbait using the lure of possible “free money.”  But the domain used in the link likely has malware lying in wait. It is being hosted on a server in Brisbane, Australia! It was one of 2 texts sent to us at The Daily Scam.

We are confident that the second text, shown below, also came from the same people who sent the text from “jocwelyn.”  It contains a link to a bizarre domain named “ok thank you DOT-co” and came from an email address domain called bandams[.]us. The okthankyou[.]co domain was also registered anonymously and is being hosted in Brisbane, Australia! This is not a coincidence. The email domain, bandmas[.]us, was registered in India last April. Hmmmm…. (Perhaps the Hyphen-Poopy Cybercriminal Gang, located in India, is targeting us?) In any case, DELETE!

Until next week, surf safely!

Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com

Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

Contact Webmaster