Do YOU Have a Target on Your Back? — The amount of information about each of us that is available for free or for sale online is frightening! There are hundreds of legal data brokers buying and selling this information. There are also lots of cybercriminals who use this, and stolen information, against us as well. Though privacy laws vary around the world, Europeans have better privacy protection than Americans when it comes to collecting and using personal information. But the amount of personal information available about all of us can make one feel like we are wearing a BIG RED TARGET on our backs! In this week’s Top Story, we’ll show you how two people have been targeted by cybercriminals using their very personal information.
One of our readers sent us the voice message below that she recently received. The AI voice claims to represent Humana Insurance company and it includes the woman’s full name, which we’ve redacted to protect her identity. This is what she told us about this phone call….
“I got a call on my cell phone Wednesday from ‘Humana.’ The callers used AI voice intelligence and addressed me by my full name. What flagged my radar is the inference that it is a “followup phone call.” I have Humana as one of my providers. What if I had called them recently? I’d have fallen right into the scammer’s trap if that were the case and I’d actually answered the phone!!! As it is, I Googled the number (833) 296-6910 and it is reported as spam. It looks like the scammers bought an active list of people with their phone numbers. If the line goes to voicemail, the victim is provided a code, in case they call from another line. If the victim calls back from some other number and provides the code, the scammers can immediately queue up their information. What is scary – besides them having a full name – is whether they have actually acquired a list of the victim’s insurance providers as well!
They called again yesterday morning and I [picked up] but didn’t say anything. I got as far as hearing, “. . . if this is [NAME REDACTED], say yes or press one . . .” then I hung up. I called Humana and established that this is absolutely fraud and that Humana would never use AI to contact a client. The info that was left in the message is now with their fraud department. I feel like it is only a matter of time, when the planets align and I unwittingly wind up a fraud victim!”
Scam voicemail as Humana
The woman who received this voice message has become very cautious because she has had to be! She is frequently targeted by malicious emails and phone calls to both her landline and smartphone. The AI voice message asked her to call Humana back at 833-296-6910. But a Google search for this phone number shows very credible websites, like 800notes.com and NomoRobo.com, describing this number as a scammer’s number. (As recently as July 15th, a man named Howard posted a related scam voicemail on NomoRobo that was received from 833-296-6910. On 800notes.com, at least 6 people have reported this number as a scam.)
Think about the personal information gathered about this woman and used to target her…. Full name, phone number AND her health insurance provider! Our team at The Daily Scam and Scamadviser are regularly targeted by cybercriminals! (We don’t think they like our work. Big surprise, right?) Just recently, David from The Daily Scam was heavily targeted using personal information about him. Let’s start with this email sent to David on July 13 at 4:32 pm. It appears to have come from himself! NOTHING about this email makes any sense whatsoever. However, cybercriminals used a personal email address to target David. A few hours later, the same cybercriminals targeted David again with another email that was expertly spoofed to appear as though it came from Microsoft! This second email was sent to one of our email addresses at The Daily Scam.
Both emails contained malicious links pointing to a WELL KNOWN misused service at fleek[.]co. Cybercriminals had targeted David with phishing tricks designed to capture his login credentials to both a personal and TDS email account. Fortunately, VirusTotal.com informed us that 15 security services are aware of the misuse at fleek[.]co!
Though David didn’t fall for their malicious clickbait, the cybercriminals targeting him tried again two days later. This time they created a lure using David’s full name and home address to create an email pretending to represent the U.S. Government. Apparently, David “may be eligible for the 2022 Homeowner Stimulus Relief Program.” The links in this clickbait pointed to a parked domain, first registered in 2007 and not in use, called CoffeeDoorToDoor[.]com. Buried on this unused domain was a “short survey” of questions for David to answer, starting with “are you a homeowner?”
Our team knows that we will always be targeted. But what about you? Are you aware of the amount of personal information and kinds of information that is easily accessible about you online? To begin to understand your risks, visit these two services and look carefully at what they report about you online…
a) HaveIBeenPwned.com is an outstanding service first created in 2013 to help people learn if their personal information was compromised in data breaches across the Internet. (Source: Wikipedia) It is safe to enter all of your email addresses and phone numbers into this website’s search field and click “pwned.” If your personal details have been reported as stolen, pay special attention to WHAT INFORMATION has been stolen! If it includes passwords, then change your password to every account that uses that password!
b) The second website is a service called OneRep.com. It offers to remove your personal information from data brokers for a fee. OneRep.com will show users a representation of the kind of information they find about you when you fill in their search fields. (We do not receive any money from OneRep, nor represent this company in any way. You can choose to manually opt out of each of the data brokers sites reported on OneRep instead of purchasing their services, though this can take quite a bit of time.) Alternatively, you can also try SearchPeopleFree.com, BUT be very wary about clicking on Ads or “Sponsored Links” to other data broker websites, such as TruthFinder[.]com, that may entice you to purchase their services. Some of these other websites may even hint that they have information about you that is NOT TRUE, such as court and police records.
Most importantly, we want our readers to understand that cybercriminals will use personal information about YOU to target YOU! It’s important to remain skeptical and question the legitimacy of contacts you receive via email, phone, text and through social media!
Scam Sales Disguised as Amazon Prime Day Sunglasses – Amazon Prime Day was just last week. To many millions of online shoppers, Amazon is both a remarkable convenience and diverse resource of products. Once each year, they offer special discounts for their Prime members. But this also means that once each year, scammers offer scams disguised as Amazon prime day discounts! Can you tell real prime from fake prime? Check out Scamadviser’s article and find out…
The Week in Review: Scammers in Cambodia, PayPal and a Good Laugh! – In previous recent newsletters, we’ve shared bogus texts sent to people from unknown numbers that consist of one word… “Hello.” In response, our friend Rob sent us this very thorough article published last week on Vice.com, about extensive scam operations in Cambodia. The opening paragraph is about a woman who received a “Hello” text that resulted, months later, in a total loss of about $2.5 Million dollars! The Vice article is a frightening account of criminal organizations that suck the blood from both victims AND the people forced into servitude to work on behalf of the scammers!
On July 15, a Reddit user posted a rather bizarre circumstance that happened to him. Someone she didn’t know paid her $5 through her PayPal account. Soon after, she received the following email that appeared to come from PayPal (The Reddit user did not provide the full “from” address information.)
Another Reddit user, named iamnewtome, provided a very good response explaining WHY this email was likely a scam. Here’s what she said…
- PayPal is never going to request you reverse something. They’ll do it themselves.
- PayPal is never going to use exclamation points in their correspondence. It’s unprofessional and conversational.
- PayPal is never going to use the term “kindly”. [TDS NOTE: Though “kindly” is more commonly used in England.]
- PayPal is never going to use broken English and half sentences in their communication. Thousands of dollars are spent to generate email copy so that it fits all correspondence rules and regulations for money institutions.
We agree! Caveat emptor!
Standing on our tiny soapbox once again, we want to SCREAM at Gmail and other email services who WRONGFULLY allow users to register emails that are OBVIOUSLY used by scammers and are NOT LEGITIMATE! Check out this 419 scam email from the “FBI.” Victims are asked to reply to “federalreserve08” at Gmail!
Finally, we needed a good laugh. Thankfully, this 419 scammer’s email provided it. It came from someone who identified himself as Father Rowlands in Kyrgyzstan (“.kg” = 2-letter country code for Kyrgyzstan), Father Beverley in France (“.fr” = 2-letter country code for France) and Father Douglas (Telegram account), all at the same time! Sadly, this man is “one step away from death.” We think we ought to help with a small push.
Comcast Xfinity and Norton Life Lock – One of our readers received this crazy email telling her that a “new readable audio message” was available. But the message was wait-listed until she updated her inbox. (How does that make any sense?) This crazy email pretended to be from the user’s Telecom/Entertainment service called Comcast. But the links pointed to a phishing page on the free website service called WixSite.com. Check out the crazy combination of email addresses shown in the “TO” section of this phish.
This next familiar phish looks like it came from a legitimate, but hacked email account at BiblicalArchaeology[.]com. Though it claims to represent a purchase of Norton LifeLock, check out how the scammer’s spelled “Norton” using zeros instead of the letter “o.” They also misspelled “Macs” as “Mace.” Lunge for the delete key!
Free Year of Netflix and Trump Merica T-Shirt – Would you like a free year of Netflix for entertainment? This bogus reward claims to provide it to you. However, the link points to a server called “peoplenone” in the Netherlands! And check out that insanely absurd domain name from which this malicious clickbait was sent!
We love getting deals and steals sent to us at The Daily Scam, such as this July 4th promotion for a “Trump Merica” t-shirt offer. The offer came from a personal Gmail account named “ryan2drunk4u” which immediately got our attention! A simple Google search informed us that many online t-shirt sellers are offering this merchandise. We wondered why “Ryan” felt it necessary to use the link-shortening service at Bit.ly rather than posting a direct link to his t-shirt website?
We used Urlex.org to expand that shortened bit.ly link and discovered that it points to a seemingly-legitimate t-shirt selling website called alice-print[.]com. HOWEVER, alice-print[.]com was registered anonymously in Iceland, using Namecheap, just a few months ago. We hope that combination of information (anonymous, Iceland & Namecheap) sounds familiar to our readers! To us it means scam, scam, scam! And so, we think we’ll pass on the t-shirt offer.
You Have Voicemail and FINAL WARNING – In our previous newsletter of July 13, we showed readers a dangerous email containing “.eml” attached files. Another reader received a similar dangerous email. Check out this screenshot of it showing that it came from a free email service located in Melbourne, Australia. The email pretends to be from Comcast.
LARGE RED CAPITAL LETTERS are meant to grab your attention! Check out this “final warning” that came from an oddball domain that has never been registered, according to a WHOIS check. The links to “renew now” point to a hacked domain registered in France many years ago. Delete and avoid this bear-trap!
Amazon Alert and Secure Money Transfer –One of our readers sent us this screenshot of an “Amzon” alert he received. It claimed that his card was recently used to purchase a Samsung Smart TV. Fortunately, he was smarter than the alleged TV purchase and did not call back the scammer’s number, 844-925-1214, to report this fraudulent fraud text.One of our readers sent us this screenshot of an “Amzon” alert he received. It claimed that his card was recently used to purchase a Samsung Smart TV. Fortunately, he was smarter than the alleged TV purchase and did not call back the scammer’s number, 844-925-1214, to report this fraudulent fraud text.
We LOVE that a banking website called BankWebUSA[.]com is found to be registered anonymously on June 10th in the Cook Islands, a small country located in South Pacific Islands, not far from New Zealand. It gives us tremendous confidence that this $5000 bank loan is legitimate and all American! Not!
Until next week, surf safely!
Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com
Keurenplein 41, UNIT A6311 | 1069CD Amsterdam, The Netherlands