Select Page
Weekly Alert  |  July 6, 2022

“I Need a Favor From You” – A Scammer’s Tell This week’s Top Story comes to us from a text conversation posted on Reddit on June 29 by someone named “ILik3Drugs” in Reddit.com/scams. (We’ve consolidated the 5 text screens into 2 images.) The conversation is sadly familiar because it contains a scammer’s “tell” that is important for people to identify, along with other “red flags.” Most readers likely understand the term “poker tell.” It refers to a Poker players change in behavior or demeanor that offers some clues about the quality of her/his/their cards. The poker tell can give away a poker players intentions or strength of cards. This scammer’s “tell” reveals the fact that the person you are communicating with is a cybercriminal, intent on stealing money from you! In this case, it begins when a man, identified as “Howard,” starts a text conversation with someone who sells a photo booth service to weddings, special parties, and such. Take a look and see how many red flags you can spot… 

We hope you noticed that the photo booth service provider asked Howard to submit his request via the service’s website form but Howard replied with “I don’t have time to do that.” “Howard” can’t easily perpetrate this common scam UNLESS it is through a text, email or chat service. His “tell” appears at the end of the first screenshot when he says “I’m ok with the cost but I need your a little favor from you.” (i.e. I need a favor)

What makes this exchange funny is that the man providing the photo booth service immediately recognizes that he’s dealing with a scammer and decides to have some fun! “Anything for you Howard!” “But in turn I actually need a favor from you too.”  Check out the “favor” below that Howard asks and then ask yourself if this makes ANY sense at all! This is followed by the photo booth provider replying with a line that is VERY similar to lies told by scammers!

Howard’s crazy request to ask the man to combine fees with a caterer who “doesn’t take credit cards” is insane and a HUGE red flag! Also, scammers often play the card that they are “out of town” in lots of scams like advance-check scams. The fact that “Howard” offers the man a $200 tip is also a HUGE red flag! But the man being targeted is an avid reader of the Reddit Scams forum and knows the “tells” often played by scammers! He replies with phrases that are often used by Nigerian 419 scammers! He says “I’m a God [fearing] Christian” meaning that he can be trusted to do the right thing because he believes that God will punish him if he doesn’t.  419 scammers frequently use such phrases to try to win the trust of people they target. Sadly, we believe it is most likely successful when they target people who are truly religious themselves and believe this as well.

The man from the photo booth service replies to Howard by asking for Howard’s social security number. (To which Howard says says he can’t provide.) Then the man asks for Howard’s birth certificate! This is hysterical because “Howard” doesn’t realize that HE is being conned!  Unfortunately, we routinely hear from victims of scams that they have provided these VERY SAME personal forms of identification to scammers after some text or email exchanges. Often, these exchanges concern fake job opportunities. NEVER, EVER provide this type of documentation to anyone unless and until you are standing in the Personnel Office of the business to establish your employment! If you are truly working remotely, then there had better be multiple Zoom/Video conversations with HR and other staff first! A one hour text exchange, or handful of emails does not a real job offer make! (We’re channelling Yoda.)

If you know someone who has given up very personal documents to possible scammers, such as a driver’s license, birth certificate or social security number, then this person’s risks for Identity Theft have risen significantly!  We recommend reading the following articles and taking steps to protect yourself:

https://www.ssa.gov/pubs/EN-05-10064.pdf

https://www.experian.com/blogs/ask-experian/3-steps-to-take-if-your-social-security-number-has-been-stolen/

https://www.tomsguide.com/us/what-to-do-ssn-stolen,news-18742.html

During our near decade reporting on scams and online threats, we’ve reported many times about the phrase “I need a favor” (and variations of it.)  This includes our Top Story posted on November 3, 2021. And it isn’t just us! Many forums online have warned their readers about this phrase and related phrases.  Here are 3 of these links…

University System of New Hampshire (June 15, 2021) – Phishing Email “Favor to Ask!!)

Radio Station Kook 101.7 (March 23, 2021) – “I Need a Favor” Scam Could Fool You Next”

University of Buffalo (May 14, 2020) – “Email Scam Alert: Messages Impersonating People Associated with UB”

Is the Facebook Internet Tracking Settlement Legit? (Yes!)Meta (formerly Facebook) has recently settled to the tune of $90 million in a class action lawsuit relating to improperly obtaining users’ data. People online have been wondering whether the settlement is even real or just fake news, as well as how they can get their share of the payment. If you want all the answers, keep on reading! What is the Facebook Internet Tracking Settlement?

A Reader Identifies Scammer “Dave Miller” In last week’s Top Story we shared a story from a woman in Montana who played with a scammer, and shared a voice message from the scammer with our readers. We asked readers if anyone could identify the scammer’s accent and we received this very interesting and thoughtful reply from a 70-year old woman from New Zealand.  She said…. “I’m probably wrong, it was just something about the way he said “Miller,”  “call” and “number” and didn’t sound very European to me. [At first, I thought he was Canadian.]  I’ve since listened to a few recordings of Canadian and Croatian accents, it is leaning more towards Croatian in my mind now.  I’d say that English probably isn’t his first language which is why he is speaking slowly.  Further proof of that is when he says “I’m trying to be getting to you”.  The use of the word “getting” is common in many of the Indian scammers’ vocabulary.

I’ve watched heaps of Scambaiter videos on You Tube. My favourites are Scammer Payback, Kitboga, Deyo and Jim Browning.  I’ve had a similar experience to Rita.  We get calls from people with Indian accents claiming to be from Spark (one of our national telecom providers) and the number on the caller ID is +61 which is Australia.  They say there’s a problem with our internet and want to help (we’re actually with Vodafone so it’s obvious it’s a scam).  I’ve strung them on for about 45 minutes in the past pretending to try to do what they say, putting the phone by the radio, and pretending someone’s at the door etc.  My husband wasn’t home at the time but reacted just like Rita’s husband. He got really angry and told me not to do it.”

We appreciate this woman’s comments! It’s sad to know that people across the globe are routinely targeted by scammers and that little if anything seems to be done to decrease this deluge of scams. Adding “insult to injury” is when businesses and organizations themselves turn a blind eye when their services are used to victimize people because these business/organizations make money from the scammers! We routinely accuse ICANN of this abuse but they are not alone.  On June 29, the Red Tape Chronicles published an article about a lawsuit brought by the Federal Trade Commission against Walmart titled Walmart stores turn ‘blind eye’ to wire transfer fraud, enable millions in scams. (Why can’t the FTC bring a lawsuit against ICANN!)

Would it surprise you to learn that most people who are victimized by scams don’t try to get their money back because they don’t know how to go about it, or because they thought it not possible? Scamadviser published a fascinating report about this, and related data, titled ‘Do Scam Victims Get Their Money Back?’ Their report includes some very interesting findings and is worth reading.

Thank You For Your Purchase Let’s start with this lovely fraudulent voice message left on the phone of one of our readers. It is clearly meant to manipulate the recipient to call the scammers who will try to further manipulate her. But the AI used to read the voice message to her phone is actually very funny! It clearly wasn’t created by someone who is a native English speaker!  Listen and have a good laugh!

Another one of our readers sent us this obvious phish, thanking him for a purchase he never made! Fortunately, he recognized it for what it was, rotten carp.  Notice that it came from a personal Gmail account and claimed to be shipping his purchase to some unrelated address in Texas. The recipient was never addressed by name, or given the last 4 digits of his credit card that was presumably used. And, most importantly, Paypal does not use the phone number 888-986-6818.

Deeeeleeeete!

This next phish is actually funny if you look at how they represented Amazon throughout the email! Also, based on the subtle mistakes made in the top paragraph, it’s again clear to us that this scam was not created by native English speakers. Check it out and see if you agree! As is true of the above phish, and many phishing emails nowadays, this bogus Amazon email also tells us that our order was sent to the wrong address! Oh well, we hope “Mr. Cooper” enjoys his new Canon camera in Dayton, Ohio. By the way, according to Google, no such address exists in Ohio!

Another one of our readers shared this bogus email telling her she had renewed her Geek Squad protection bundle. This email was sent from a domain that SHOULD NEVER HAVE BEEN REGISTERED!   “ GeekSquadUpgrade22[.]store” is a very obvious fraudulent domain! And it was registered on June 27, the same day this fake email was sent.  Once again, scammers registered the domain in Iceland through Namecheap! HELLO ICANN! WHY AREN’T YOU PAYING ATTENTION?!

Happy 4th of July from Costco! It’s important to remind readers that cybercriminals not only target us with malicious mimics representing brand name businesses we are familiar with, but also using the HOLIDAYS and CELEBRATIONS in our lives (and respective countries.) Check out the opening graphic in this malicious clickbait pretending to be another bogus survey from Costco!  This email came from a crap domain to which the name “costco” was appended in the front as a subdomain (and separated by a period from the crazy domain.)

Mousing over the links shows us (in the lower left corner) that they point to a server set up in the Netherlands that appears to have no website on it. Instead it has malware lying in wait like a bear trap! Lunge for the delete key!

    Ukrainian Girls Online is NOT Safe! – Once again, cybercriminals choose Ukrainian women as the focus of their malicious clickbait, proving once more that they don’t give a damn who they hurt or how much pain they cause to the rest of humanity. Hmmmm, perhaps this clickbait was created by Russian cybercriminals who, like Vladamir Putin, takes some sadistic pleasure at victimizing the Ukrainian people? (We don’t know. This point is just speculation.)  However, what we DO KNOW, is that this email did not come from the domain ukrainebeauty[.]net and the links don’t point there either! Links point to a malicious domain called huddtryline[.]com which will then forward you to a very suspicious dating site called ukrainiangirl[.]net. This suspicious dating site was registered in Iceland through Namecheap, like MOST domains registered by cybercriminals! Fortunately, both the Zulu Risk Analyzer AND Virus Total were able to easily identify the original link to “hudd try line” as malicious!

    FOOTNOTE: We found several online bloggers saying that UkraineBeauty[.]net is also a scam dating site. (It, too, was registered in Iceland using Namecheap.) However, considering the very adult content on these blogs, we would rather not provide links to them. It’s safe to say, in general, that a VERY LARGE number of online dating websites are either scams or malicious, or both! Caveat emptor!

    Hello. Did You Like That Party Trick? – Apparently, scammers who are trying to bait potential victims are trying it with a text containing just one word… Hello.  Several readers have sent us screenshots of these texts. Here are two. The first came from 909-351-0768 and the second came from 919-48-1222. It is NEVER a good idea to reply to texts from unknown phone numbers, especially when the message doesn’t contain even a hint of why it came to you!

    At the other end of the information spectrum, check out this suggestive text that one of us received from another unknown number/sender.  Hmmmm…. Sounded like quite a party, right? But we weren’t there, we promise! We decided not to engage.

    Deeeeeleeeete!

    Finally, one of our readers received this bizarre text from an unknown number.  What also identifies this text as just another clickbait engagement is the fact that the recipient posted no new job on LinkedIn!

    Until next week, surf safely!

    Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
    have subscribed to it via Scamadviser.com or thedailyscam.com

    Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

    Contact Webmaster