Select Page
Weekly Alert  |  July 19, 2023

You Are Targeted on Social Media Coincidentally, our readers reported several different examples of scams in the last week across a variety of social media platforms. From Facebook to GoFundMe to Nextdoor. On top of that, we came across a group of employees of a business listed on LinkedIn that, in our opinion, are also very suspicious. All of these are reminders just how common it is to be targeted on the apps and websites we use frequently to stay connected to one another.  Even social gaming apps like Word Bingo has romance scammers trying to weasel their way into the hearts of potential victims and we’ve got proof! Join the party below for a bumpy social interaction and keep your hearts and minds alert as we stroll through scammer tricks…

It wasn’t long ago when a woman reported a Romance scammer to us. This wasn’t unusual, sadly. But what was unique for us was that the woman said she met this scammer on the gaming app Word Bingo!  Coincidentally, we suspect that this romance scammer is likely the same scammer we call the Professional Love Scammer From Zimbabwe because “Anthony Pace” chose to use a picture that our Zimbabwe scammer has used many times in the past when targeting women. Anthony Pace claimed to be an “independent contract engineer” from Berlin, Germany but currently living in Atlanta, Georgia. The woman who reported him to us conducted a reverse image search of his photo which led her to our website!  His “sincere” exchange with her over several days of playing Word Bingo confirms that scammers target their prey on social gaming apps. Beware!

Nextdoor.com is a social media app/site that connects many millions of people in neighborhoods across the world. According to their “About Us” page, “Nextdoor is where you connect to the neighborhoods that matter to you so they can thrive” and they do this in more than 11 countries and 300,000 neighborhoods. And so it shouldn’t surprise anyone that scammers have used Nextdoor.com to target people with fraud. Just a few days ago, a woman posted a message (shown below) as a scam that she found on the Nextdoor.com site. She called it a scam because, she said, it was found posted on other neighborhood Nextdoor sites in different cities under different names.  A man identified as “Sean Nelson” posted it and claimed that he was trying to raise money for himself because of the challenging circumstances he faced…

There were several interesting comments from other neighbors about this post. They included…

“You are correct this guy got same story different names He even posted in Gardner Massachusetts.”

“These folks & their GFMs are really taking advantage of this app. This app is getting quite the reputation.”

“How many ppl are using this same sob story for their gofundme? So far I’ve seen 2 men & now 1 woman using the same job at Walmart. SCAM”

“He had 2 separate go fund me with 2 different goal amounts.”

“I knew right away that he was a scammer. I looked into all his activity. It only goes back a week. But I kept digging and see that he has 2 different go fund me’s. To all the kind people who want to donate please ask questions and go with your gut.”

Below is a screenshot of the GoFundMe page posted by Mr. Nelson that people are calling a scam, followed by Mr. Nelson’s full text from his request.

“I was recently forced to leave my apartment by July 3 in order to avoid eviction. I have been really struggling since the loss of my mother, which led to the loss of my job as a tech recruiter for Walmart for the past two years. I have been struggling to find work and catch up with past due bills and was taken into a local rooming house on the border of Malden and Everett on scholarship. My biggest concern is that I am about to lose my vehicle because I am past due. My car insurance check bounced, my plates will get canceled, and I am currently at risk of repossession. I have worked as a recruiter for the last 20 years and am good at my job and actively interviewing. I potentially have two well-paying job offers coming through early next week, but if I lose my car I wouldn’t be able to work either of them, since the hybrid model has come back into fashion and most of these jobs are in the suburbs. It’s just been a tough time and I fear a repo on my credit will prevent me from getting another car anytime in the near future and prevent me from taking a full-time position with high earning potential that could help me get back into my own apartment and regain my financial independence. I have contacted every agency near me from Jewish family services to catholic charities, to st Vincent de paul, and no one is able to offer assistance. I am an only child who was caretaker for both his parents, my dad 10 years ago from cancer and my mother recently from kidney failure. They were both estranged from their families and neither my uncle nor aunt will assist me due to their poor relationships. I have no friends who can help me in this way. I have reached the end of my resource pool and truly need some help from some generous souls. I feel very alone in all of this and I just don’t know what to do.”

Whether or not you trust the Nextdoor.com post and GFM page, found under multiple names in different neighborhood communities, the point of one of the commenters above is spot on! Before you donate, ask questions to verify, verify, verify! And if things don’t add up, don’t give money! (Note: Here is Nextdoor.com’s policy on GoFundMe posts on their site.)

Facebook Victim: Last weekend one of our readers was scrolling Facebook on her phone when she saw this post about Simon Cowell from America’s Got Talent. It began with “very sad, 10 min ago in Chicago… …he has been confirmed with…” followed by the link to See More. When the woman clicked “see more” her phone’s web browser jumped to a website called CleanUpPhone[.]com and presented the title “Security Update!”  If you read the text presented to the woman, we hope you find it as absurd as she did! This threatening text is a malicious trick to get the victim to install malware on her/his phone, not to remove it!  The domain CleanUpPhone[.]com was registered in Russia last October! Don’t believe these malicious popup and redirect tricks!

If this should happen to you, immediately quit your app/browser and restart your device. Once you are back up, clear your browser’s cache. (If you don’t know how, Google it or ask a friend for help!) A similar threat targeted another woman on her laptop recently. Check out the screenshot below in The Week in Review!

And finally, we have a cautionary note about company employees that we find highly suspicious. If you have an account on LinkedIn.com then you know that you are notified if/when people look at your LinkedIn profile. Not long ago, Doug was notified that a woman named Ann Smith had viewed his profile and then sent him an invitation to connect over LinkedIn. Ann Smith had her own profile and it showed a beautiful blonde woman who was identified as the Vice President of Investment for a company called LTV SaaS Growth Fund.

There was something about this invitation that felt “off” to Doug, starting with the question why this woman from this firm would want to connect with him. And so he decided to dig deeper.  He found Ms. Smith’s profile and started digging into the company that she was listed as the Vice President of Investment for. Within 30 minutes he found seven beautiful women, nearly all blonde, who were listed as the “Vice President of Investment” for LTV SaaS Growth Fund. Many of them even shared the same last name of “Smith.” This was far too ridiculous a coincidence for us!  Not only were these women all listed as the Vice President of Investment, but their listed biographies were nearly identical and some of their photos looked like the same woman in the photo.  Three weeks later, four of these women’s profiles had been removed from LinkedIn, leaving just these 3 profiles of women with different names but strikingly similar faces. Also notice that 2 of these women have only 23-24 connections and all claim to have attended Florida International University.

Just to be clear, we’re not calling the company LTV SaaS Fund or its employees fraudsters. But we **DO BELIEVE** that someone has purposely been posting fake profiles of their Vice President of Investment and the person responsible specifically wanted our attention. The point? Once again, don’t believe everything you read online, even in social media and social gaming apps and platforms! (End note: We cannot find any reference/verification of the company LTV Saas Fund on either the BBB.org website or the US Government Investment Advisor Public Disclosure website. Caveat emptor.)

Top Scams of the Week Weekly scams of the week: Amazon, USPS, Costco, FedEx, and buyKOREA. Can you spot all these scams? Check out and protect yourself with this 100%  FREE, all-in-one tool.

More

Can I Pay By Cashier’s Check? What Do Tomatoes & Scams Have In Common? — One of our readers is a therapist and sent us the email below from a GREG BALDWIN. The therapist told us that this is a variation of the “over paying” scam using a fake cashier’s check. The person, paying in advance by check, will accidentally pay more than the required amount. An “honest” mistake, right? He then wants the therapist to reimburse him for the overpayment. Here are the hints that Mr. Baldwin’s email is suspicious….

  1. The request to accept a cashier’s check is odd for this service. Cashier’s checks are sometimes used in advance check scams. The check will be more than the payment needed and the victim is asked to reimburse the difference with real money. It’s easy for scammers to create fake checks!
  2. The email was sent to “undisclosed-recipients” typically meaning lots of people!
  3. Asking for 2 people for at least 10 sessions suggests that the check would be quite large! Paying in advance for this many sessions is HIGHLY suspicious!

We are very excited to announce that the Global Anti-Scam Alliance (GASA) now has Podcasts on a spotify channel! Check us out!

Another woman contacted us last week and we helped her out of a nasty threat that started when she opened her browser to search for the best way to prune tomato plants. She saw a link to a home improvement website called BobVila[.]com. She clicked the link at 2:23 pm and was immediately redirected to a cargo packers & movers website in India! Then her browser was hit with a popup from another website which claimed to be an “Apple Notification” informing her that a Trojan spyware threat had been detected on her computer.  Several messages told her to call “MacOS Support” at 866-749-0844. This is NOT Apple’s phone number! It’s a scammer’s number! Don’t believe this BS! Immediately, QUIT your browser.  Then re-open that browser and clear your browser’s cache to make sure that it doesn’t hold any malicious data tracking cookies.

Last week we saw a couple of very interesting news articles on CNN.com that, once again, support our contention that “online privacy” is an oxymoron, especially from legitimate companies! Would you be shocked to learn that tax prep companies shared your personal data with Google and Facebook? Or that Google stole data from millions of its consumers to train AI tools? We’re not. Check out…

https://www.cnn.com/2023/07/12/tech/tax-prep-companies-taxpayer-data-google-meta/index.html

https://www.cnn.com/2023/07/11/tech/google-ai-lawsuit/index.html

Cryptocurrency is unregulated, uninsured and unsupported by any government. Investing in it is like walking through a town in the old Wild, Wild, West while holding a bag of gold. And, incredulously, you’re hoping your bag will magically hold more gold by the time you reach the other side of town! Do you really think you’re going to make it through with that gold in tact? Or that you’ll have more gold in that bag by the time you get to the other side of town? Read this consumer alert from the FTC to see a real-life scenario leaving you with NO BAG OF GOLD: Cryptocurrency Deposits with No Returns. (Published 7/13/23)

Amazon Prime, iCloud Storage, and Your IRS Refund —  Is Frank Sinatra back so soon again?! In last week’s Your Money column, we reported that Frank Sinatra was listed as head of a fake company on a phony website. Now, it seems, good-old-Frank (frankk293sintraa) may be sending us phishing emails disguised as Amazon! Once again, the attached pdf file says that your order will be sent to a “Robert Garcia” in Winter Park, Florida! Scammers LOVE to use this name/address to startle you into calling them to report that the order you never placed is also going to the wrong location!

Deeeeeleeeeete!

Oh no! Your “iCloud storage is full” says this email from a domain called barnegies[.]com. That doesn’t sound at all like apple.com or icloud.com to us! The links in this phishing email all point to an equally bogus website called wrotectivisitor[.]jp[.]net. Fortunately, 3 security services have already identified this domain as a fraud.

We LOVE learning new things in our effort to expose online fraud! Last week a reader shared a phishing email with us that came from a server in Brazil and claimed to be about a refund from the US Government! The link to “claim your refund” pointed to an “slink” at LinkedIn.com, something we’ve never seen before. Digging deeper we learned that it is actually quite common for phishermen to slink their way into your inbox! (Sorry for the bad dad joke).  The investigative reporter, Brian Krebs, wrote about this type of fraud and misuse of the slink services back in February, 2022! According to Google, an “slink” is a smart link that will forward people to another service beyond LinkedIn. If you see “slink” after the first single forward slash, beware that you’ll be redirected somewhere else AND that your click will be tracked and monitored!

We visited the outstanding site urlscan.io and their search tools told us that the use of “slinks” on linkedin had been used thousands of times in just the last few weeks alone.  The urlscan.io site also told us that this smelly IRS phishing scam has been seen before: https://urlscan.io/result/4b08c28c-b313-4d79-a6b0-f3ab301136dc/

Resolve Your Tax Debt This next email is such an obvious fraud. However, we want readers to notice the link-shortening service used in this malicious clickbait. It’s rg[.]by and we’re seeing cybercriminals using it a lot lately! (see the next column below!)  This “fresh tax help” email came from a crap domain, KnowledgeProposal[.]store, registered in Iceland through a crap registrar, Namecheap, just a few days before the email was sent. The rb[.]gy link will forward victims to a very malicious domain called finalistLine[.]com.

Suspicious Virus Detected —A TDS reader sent us this Google “Security Notice” email that came from another crap domain called arenainside[.]site.  It claimed that a suspicious virus was detected by Google on his device. But the link in this malicious clickbait pointed to the same link-shortening service as above… rb[.]gy. And just like the clickbait above, the link in this email was found to forward people to the FinalistLine[.]com website!

Package Cannot Be Delivered —The first thing to notice about this bogus text is the fact that it didn’t come from a short code. It came from a crap email account at a crap domain called yisjx[.]buzz (Registered less than 2 weeks earlier) The link provided in the text for another crap misspelled domain called redeliverys[.]com.  This domain was also registered less than 2 weeks earlier. You know what to do!

Until next week, surf safely!

Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com

Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

Contact Webmaster