Select Page

We would love to hear your feedback

THE DAILY SCAM NEWSLETTER  |  JUNE 5, 2024

Co-Founder/Content: Doug Fodeman  |  Co-Founder/Creative: David Deutsch  |  V04N17

Jeopardy TV Show & Federal Grant Invitations

The Internet is a remarkable tool, resource and invention for thousands of different reasons. One of those reasons is how easy it is to reach out to someone, anyone really, and connect with them! This week we have two amazing and unexpected invitations that dropped into inboxes. The first one came to me. It was an invitation from a Casting Director to apply as a family team on the upcoming Pop Culture Jeopardy Game on national television! Wow! What an incredible opportunity!  A week later, our friend Rob received a fabulous invitation to apply for a Federal grant, sponsored by both the US Government and other businesses. Also…Wow! We both felt so tremendously fortunate to have received these invitations, that is, until we started to look a little deeper and saw numerous “red flags” that made us pause. Read on and tell us if you think these invitations are legitimate…

On Wednesday, May 22, I received one of the most amazing and suprising emails I’ve ever seen in my inbox. Casting Producer Kat Geller sent me an email from the domain KeyMediaPartners[.]com telling me that she saw my LinkedIn profile and thought I would be a great match for an upcoming episode for the new Pop Culture Jeopardy game! Wow! Wow! WOW! As you can see in her email, she provided a shortened Bit.ly link but mousing over it showed that it simply pointed to the destination website at KGCasting[.]com. Because we’re always cautious online, we naturally asked VirusTotal.com to check out the website KGCasting[.]com. Imagine our surprise when VirusTotal said that malware was found on that website!

Now we were deeply disappointed! Was this NOT the invitation we thought it was? Were we being played? We wondered if we could find any other suspicious red flags associated with Kat’s email, website or invitation. We asked our favorite WHOIS tool about the domain she sent her email from: KeyMediaPartners[.]com. It told us that it was registered less than 9 months earlier.  That’s still pretty young for a website. When we visited the KeyMediaPartners[.]com website we saw a statement saying that they had been in business for 15 years, and at the bottom of the website they showed a copyright date of 2020, nearly 4 years.  We wondered how this was possible if their domain was registered less than 9 months ago?

Shortly after exposing these suspicious threads, I emailed Kat Geller with some concerns about KGCasting[.]com and questions about her offer. It’s been nearly two weeks and she still has not responded to my questions, though her email said to contact her if I had any questions.  Besides getting hit with malware (according to Virustotal) anyone who clicks the link to KGCasting[.]com will be forwarded from KGCasting[.]com to the real Jeopardy website page about this Pop Culture competition where they can sign up as a team: https://www.jeopardy.com/be-on-j/pop-culture. However, VirusTotal.com also shows 5 security services who report this KGCasting[.]com tracking link as a phishing threat! (KGCasting[.]com was registered anonymously in August, 2020. Oddly, our research found a “KG Casting Agency” on Facebook that includes the name “Kamal Grewal KG” in the name of the link. This Facebook page shows photos and language that strongly suggest it is a casting agency in India. Their website is listed as KGCastAgency[.]com but there is no website at this location.) 

To Kat Geller’s credit, we did find her LinkedIn page, or so we think, and it looks legitimate with more than 500 connections. It shows Ms. Geller as “Executive Producer” of Key Media Partners since 2020. (But she did not provide a website for this business on her LinkedIn page, making it hard to connect her to the domain in the email we received.) Also to her credit, her photo from her LinkedIn page was only found to be associated with her name on one other website that corroborated her credentials.  And so, we’re a bit conflicted! Is this clickbait trick really a clever scam that is misusing her name? We don’t know! Sadly, we came to the conclusion that this amazing invitation was too suspicious, and looking too much like malicious clickbait to continue with it. 

Finally, we want to remind readers of one more observation in our investigation that we believe is also significant. Remember that “Kat’s” email contained a shortened link to bit.ly. And yet, when we moused over it, we saw that it didn’t point to Bit.ly, but to tracking[.]kgcasting[.]com. This is no accident. This is purposely done and this small “reveal” strongly suggests an effort of deception. That small clue is significant! But tell us what you think at Jeopardy@thedailyscam.com

About a week later, our friend Rob told us about an amazing invitation he received from the Federal Max Grant website at federalmaxgrant[.]com. Rob was pre-approved for a grant that was sponsored by the US Government and “Sponsors.” In Rob’s best interest, we decided to check out this amazing opportunity and used our favorite WHOIS tool to look up “FederalMaxGrant[.]com” We discovered that this domain was registered in late Feburary, 2023, well over a year ago. However, what struck us as very odd is the fact that this domain, offering grants from the US Government and other sponsors, was being hosted on a server in Luxembourg!

    As with any grant application, a lot of personal information must be provided, as shown in this opening grant application web page from FederalMaxGrant[.]com. However, we were also suspicious that the email to Rob said that he would have to pay a processing fee in order to get his grant funds “via check, crypto or cash delivery.”  According to this webpage from the REAL United States Government Grants website, at Grants.gov, the US Government does not charge any fees for applications for grants! (And, by the way, it struck us as odd imagining the US Government handing over a grant in CASH!)

    All of this made us suspicious again that, perhaps, FederalMaxGrant[.]com was not legitimate. Afterall, Rob had not contacted any service to inquire about a grant, AND all US Government owned websites are registered with the Global Top Level Domain ending with DOT-gov.  We looked over that website and found several reviews on it. One of them, by someone identified as “Lunice S.” seemed rather unique.  We asked Google to search for these exact words by Lunice, in this exact order…. “Hey, I recommend everyone and everybody to these services because you can get”  Surprisingly, Google returned that exact phrase from four other websites, including USAFundingApplications[.]org and Global[.]USAidGrantsFunding[.]com. These two websites were IDENTICAL! One of the other two websites is GrantsMatcher[.]com which includes the statement “GrantsMatcher is a completely independent, privately held for-profit entity and has no affiliation or relationship with the United States Government or U.S. Department of Education.” 

      Seeing the identical content on several other websites, including the same reviews by the same named people, made us pause. We wondered about the legitimacy of this invitation to Rob. We grabbed some additional text from the FederalMaxGrant[.]com website that we felt was unique and asked Google to search for this exact text in this exact order. (Just put quotes around the text to do this.) We searched for “Sometimes you can also include inventory, salaries, labor, advertising, marketing, etc. Also remember that most funding is not available for personal expenses” We were completely surprised by what Google showed us! This exact sentence was found on a total of ten different websites, plus it was found in a few Facebook and LinkedIn accounts! One of the websites was a free web-building service. Another was a domain registered less than 3 months ago and another was a domain that was registered in the UK. The more we travelled down this rabbit hole, the more bizarre the results. None of this felt legitimate to us. (We should note that this is the second time Rob has received an invitation to apply for a government grant at FederalMaxGrant[.]com! Check out what we reported about this website in November, 2023!)

      In the end, neither Rob nor I decided to accept the invitations we were sent, though I’ll continue to enjoy watching Jeopardy on TV! The next time you get an invitation, please don’t assume it is legitimate or take it for “face value.” Investigate it, research it, and “look under the hood” to try to understand all the details about it. Because, as you well know, online deception is simply too common!

      Scamming Scammers, Sex with Prostitutes and More

      We often tell our readers about Rob’s adventures as a Professional Scambaiter. Baiting scammers brings Rob a lot of satisfaction. We want to give you a little perspective about some of the impact Rob’s effort has had on distracting and annoying these low-life creatures who don’t give a damn about sucking the blood out of people. Just like Santa, Rob keeps a “list” and checks it often. His list consists of all the email addresses of scammers who have written him over the years. As he tells us… “I started a list with just a few scammers constantly writing me. The list is now close to 200.” Can you guess what Rob does with this list of stellar citizens?  He sends them annoying emails, every day, about 4 to 5 times each day. That’s about 800 to 1000 emails everyday landing in scammer’s inboxes from one of Rob’s fake accounts, and asking questions of the scammers. Rob tells us that many of the scammers are pretty annoyed at him (to put it mildly).

      • 10 have blocked him; some who first send him explitives
      • about a dozen have closed their email accounts (though he’s not sure if it is because of his bombardment or other reasons)
      • about 50 have sent various comments back to him, often containing expletives!
      • about a dozen keep answering his questions and want to know why he keeps asking the same question? (He’s automated this email process and sending the same email, over and over.)

      Rob says that his goal is to gather 500 email addresses of scammers and continue sending his automated emails about 4-5 times a day. He’s gotten very efficient at using his tools to send out these annoying emails. It takes him only about 15 minutes every few days! Some people go for walks, some people have pets, and some people like to knit. Rob likes to annoy scammers in any way he can. And we’re grateful for it!

      This week’s Top Story about two invitations is another example of what we routinely call “credibility problems.” But in the case of the email from the Casting Producer, we were able to confirm that the link led to a malware infection too! Again, deception is easy online. Here’s another example that, in all honesty, didn’t surprise us in the least. A couple of weeks ago Rob received two rather odd emails about three hours apart from the same email address, “Mustafa.Yildirim” at sentez[.]com, but using different names in the text field preceding the email addresses. Both emails claimed to offer links to a website where one can connect with prostitutes for sexual hookups, or connect with other people who want sexual hook ups. Though the invitations contained different text, they both pointed to a website at parg[.]co. Rob is no fool and, like us, doesn’t take things on the Internet at face value.  A little exploration told him that this was likely another example of malicious clickbait. Here’s why….

      1. the emails came from sentez[.]com which is a technology business site in Turkey
      2. the names “Madison Lane” and “Alexandra Manning” don’t match the name found in the actual email,  “Mustafa.Yildirim”
      3. No verifiable dating website was given in the email
      4. Virustotal shows 5 security services who identified the link in the email as malicious

      Truth be told, Rob gets lots of unsolicited invitations, opportunities, offers of money and love!  The emails he gets from beautiful, young women looking for love are the most fun to follow because each is a “story” that makes you feel like you’re reading a great fictional tale or, as in the case below, reading complete nonsense. For example, “Nino” wants a man who can “ugliest speak.” (Whatever that is!)  These tall tales are full of inconsistencies, signs of deception, fraud and, on face value, make no sense at all! Afterall, Rob is an older gentleman. He tells us that he has never posted his name or email on any dating websites, or anywhere to draw this type of attention. And yet, check out this lovely (i.e. hysterical) email thread he got a couple of weeks ago from a beautiful young woman who claims to be from Georgia, in Eastern Europe on the southern border of Russia…

      FOOTNOTE: Last week we reported on a new tool commissioned by ICANN (ACID Tool) to report fraudulent domains to the Registrars and hosting services that publish websites for those domains. On May 28, Rob shared a scammer’s email with us in which he was asked to contact someone at the malicious mimic domain called ciitibnk[.]comClearly, this domain is hoping people will see this as CitiBank, at a glance.  We used the ACID Tool to locate the Registrar that allowed this mimic to be registered (There is no website currently at this domain.) and learned that the Registrar was PublicDomainRegistry.com. We reported it, via email, and immediately received an auto-reply telling us that we needed to use their online form to report fraud. OK, a bit inconvenient but we visited the form and it took us just a minute to copy/paste and submit why we were reporting this domain:

      Dear Abuse Team, The domain citiibnk[.]com is registered through you and it is crystal clear that this malicious mimic wants people to think it is related to the real Citi Bank domain.  It is not! Ciitibnk[.]com has been found to be malicious by 9 Security services on VirusTotal.com!

      We are thrilled to report that about 20 hours later, we received the following message from the Abuse Mitigation Team at PublicDomainRegistry.com… Thank you for your notification. We have suspended the reported domain name.”   A small but important win! We encourage everyone to try using the ACID Tool to determine who to contact to report malicious domains and websites!

      Sometimes, the fraudulent actions of criminals become famous because of the very fraud they perpetrate. Here are two recent examples. Perhaps you saw in the news not long ago that a lending company had started a forclosure against the Elvis Presley Museum known as Graceland due to an unpaid loan of nearly $4 Million dollars. That turned out to be a scam perpetrated by a Nigerian Scammer!

      The second example was known as the “Hollywood Con Queen.” An Indonesian man conned more than 500 people who work in the entertainment industry over the course of ten years!  The con artist was finally arrested and is waiting extradition to the US from Britain. Not long ago, a limited 3-part series about this fraud came out on AppleTV.  Check out a trailer on YouTube.

      Have you ever heard the word “sharenting?” It describes the over-sharing of children’s personal information by their parents on social media. Why would this interest us at TDS? We often write about the harm caused by the lack of online privacy, especially when private information is collected and used by cybercriminals. Sharenting is another form of over-sharing personal details that can have unforeseen negative consequences. To see what we mean, check out this recent article on CNN:

      Sadly, misinformation and disinformation campaigns are now the norm across the Internet, typically targeting democracies in an effort to manipulate our elections and degrade or destroy our society. This is certainly what we’ve come to expect from countries like Russia and China. However, we would never have predicted that such malicious, disinformation campaigns would be traced back to a former American citizen, a former police officer, who is now hiding in Russia!  Details were recently posted about Mr Mark Dougan’s disinformation campaigns on several credible news sites such as the NY Times and NBC News:

      One more reminder that an offer of “free money” from someone online being generous is NOT what it appears to be…

      https://consumer.ftc.gov/consumer-alerts/2024/05/free-money-social-media-nah-its-scam

      Remember to check out our podcasts: https://www.securewon.com/resources/podcasts/

        Package Delivery Notice

        Remarkably, none of our readers shared any phishing emails with us last week and none hit any of our honeypot email accounts either! The only bogus email we saw last week that was likely a phishing scam was this bogus package scam that pretended to be from “PackageExpress.” Check out the crazy random domain name the email supposedly came from. We checked that domain name and it has never been registered. That means that it was spoofed by the scammers who sent it.  Should we cancel your order? Hell yes!

        Fashion For Sale on Social Media and Licensed Liquor Store

        One of our readers told us about an experience she had on Facebook and Instagram last month concerning ads from two fashion websites with incredibly discounted items. (Can you see where this is going?) First, on May 15 she saw an advertisement on Instagram for a fashion website called VivienneDuvall[.]com. She ordered 2 pair of pants for an outstanding price of about $40 each. She immediately received an email from the website thanking her for her order and a tracking link about her order. The tracking link showed that her pants were coming from China and provided little detail.  After 20 days, here order has still not arrived and she wondered if this was a scam and contacted us. Here’s what we learned….

        • The website domain, vivienneduvall[.]com was registered less than 6 months ago, and about 5 months before the woman placed her order. That makes this site very young and that’s never a good sign!
        • One security service informs VirusTotal that VivienneDuvall[.]com is malicious (See image below)
        • The “Contact Us” webpage on VivienneDuvall[.]com ONLY provides an online form to submit any questions to the company. There are no phone numbers or email addresses listed. (The woman did receive an email address in her email after making her purchase, along with a tracking link. The woman sent an email saying that she still hadn’t received her order after 20 days and wanted to cancel it. Her “tracking link” said the order was still in China!  She quickly got an emailed response asking her to be patient and that her order was on the way. She has now filed a dispute with her credit card company about this order.)
        • There are many people on Reddit who have similarly complained about this company and their purchases. Generally, they have said that it takes many weeks to get their order and often the clothes they purchased are cheap junk knock-offs and poor quality.  You can read more here on the Reddit thread.
        • Scam-Detector.com called this site suspicious

        Later, this same woman saw another advertisement on Facebook for clothes. This time the links pointed to a website called DignLike[.]com. Again, she contacted us to ask if we thought this site was legitimate. HELL NO!  It turns out this website was registered about two weeks earlier AND, already, VirusTotal.com was reporting this site as malicious from one security service! To ALL OUR READERS, PLEASE do your due diligence when you see Ads on social media!  MANY are scams!  Research the site names by doing a Google search, check out the full domain using a WHOIS tool and even asking Virustotal.com if the site has been reported as malicious.

        Speaking of fraud, David found another fake online liquor store!  This was was inappropriately called Licensed Liquor Store and using the domain licensedliquorstore[.]com.  As legit as it may have appeared, he easily saw through the fraud by using both a WHOIS tool and Google search.  Here’s the harsh reality….

        • The website says they were founded in 2015 and therefore have been in business for about 9 years. Yet, their domain, licensedliquorstore[.]com, was registered a little more than 5 months ago!
        • They give their address as 3091 Melville Street in Arlington, TN 38002. But Google tells us that there is NO SUCH ADDRESS in Arlington, TN.

        And so, once again, don’t believe everything you read online! 

        Personal Attacks Continue…

        I reported in previous newsletters that The Daily Scam pisses off low-life criminals and, in return, they have chosen to target not just me but also my family with various forms of fraud and malware tricks.  Here is another recent example. A family member received an email that was made to look like it came from me, but came from an Outlook account called “zaanuloubon.”  The email supposedly contained 2 pictures “from my trip” along with a link. The link was found to point to malware lying in wait on the website xglfbee[.]com. Oh Goodness! What a surprise!  

        These attacks are not unique to me. And these tricks are often used by the nasty, sub-humans who don’t care how much pain they cause or to whom. Please make sure that YOUR family is skilled enough to look carefully at a sender’s email address and never assume that it comes from the name that appears in the text field.  Also, evaluating suspicious emails on a phone or iPad is FAR more difficult for most people than doing it on a computer.

        New Job Opportunities! And Fake USPS Notice

        Many readers are reporting a spike in job opportunities that are randomly coming as texts from strangers onto their phones.  Here are two recent examples. “Olivia” contacted a man who hasn’t been looking for a new job for at least 28 years, he tells us. He didn’t recognize the number, 909-546-8907, but decided to play with the person texting. After about 20 minutes he called her a scammer and she denied it, eventually stopping the conversation. Legitimate businesses will never randomly text you for a job interview, especially without a phone call, video chat or visit in person!  When this man insisted on a video chat with Olivia to talk about this job, she completely ignored him….three times!

        This next great job opportunity came as an iMessage from a free GMail account called “chastainsakhile.” The sender did not name the company and asked for a reply via WhatsApp. Just what you would expect from a legitimate company, right?  ***SAID DRIPPING WITH SARCASM***

        And, in case you missed getting one of the many MILLIONS of malicious texts hitting American’s phones in the last year about your “delivery,” check out this text received by a Reddit member who posted it recently. The text pretends to be from the United States Postal Service but came from a phone number in the Philippines! Like that makes any sense?  The link in the text is 100% malicious and points to the crap domain usasyzps[.]xyz instead of usps.com! Deeeeeleeeeete!

        Until next week, surf safely!

        Copyright © 2024 The Daily Scam. All rights reserved.
        You are receiving this email because you have subscribed to thedailyscam.com

        Marblehead, MA 01945

        Contact Webmaster