Select Page

We would love to hear your feedback

THE DAILY SCAM NEWSLETTER  |  JUNE 12, 2024

Co-Founder/Content: Doug Fodeman  |  Co-Founder/Creative: David Deutsch  |  V04N18

This Popular Job Has Fooled Hundreds of People

Less than a week ago a gentleman contacted us to say that he went through a job interview for a work-from-home job and was hired. He had posted his contact information on job-hunting websites and was happy that he got this job offer, at first. He was sent a link to a long contract and asked to sign it. The contract detailed his work expectations, pay and benefits, including the fact that he started a 1 month-long probationary period, after which he would get his first paycheck. The man had provided his full name, address, phone number, and a copy of his driver’s license (front and back) to his new employer. But almost immediately, he started to think this new job wasn’t what he thought it was, even though he spoke with the hiring manager over the phone. (He said the woman sounded like an American, without any accent.) The job title was “Package Genius” for a company named Red Ship LLC (also called “Red Tag Ship LLC”). A Google search led him to one of our posts on Reddit about these types of bogus jobs and contacted us. He asked us to confirm if this job was legitimate or a scam? Not only was this job a scam that we’ve been documenting since 2019, but the signs of fraud we found suggested either a new cybercriminal group might be responsible for this fraud presenting as Red Ship LLC, or the cybercriminals most responsible for this were suddenly getting very sloppy! Check out what we uncovered…

To protect his identity, we’ll call the newly hired man “George.”  George sent us lots of information from his new employer.  For example, below is the email and link to the contract that he signed with Red Ship LLC. Notice that the HR Department person named “Wanda Venson” uses Spanish in her header and sent her email from the domain RedShip-HR.com.  In the last few years, we have learned that the fraudsters behind this scam  hire people (mostly women) from around the world to pretend to be Managers, Supervisors and HR people who actually speak with the victims and manage this bogus business! They also use one or two other domains for each fake shipping website they create. This time the primary site is redshipllc.com, but supported by the HR domain redship-hr.com and a domain for newly hired victims to log in and get instructions and shipping labels from the scammers (redship-shipdep.com). ALL three of these “Red Ship” domains were registered last week, on June 4 and are brand new! (However, we found other evidence that the “Red Ship LLC” scam site had been using another set of domains to support their fraud. See below.)

De: Wanda Venson <wanda.venson@redship-hr.com>
Date: jue, 6 jun 2024 a las 14:43
Subject: Employment Process (Red Ship LLC – 6/06/24)
To: [EMAIL REDACTED]

Hi,
To initiate the hiring process, kindly click the link provided. LINK: sform.io/pV0C97

Details needed:

  1. First and Last Name
  2. Address
  3. Email
  4. Photos of the front and back of your valid government-issued ID.
  5. A selfie holding your valid government-issued ID.

Let me know if you have any questions. Thank you! Kind regards,

Wanda Venson | HR Department

Direct number: +1 772-244-1147
Red Ship LLC
3242 SE Dominica Terrace #102 Stuart, FL 34997
(888) 863-0027

Mon-Fri 09:00AM-06:00PM EST
Sat-Sun Closed

====================================================

At a glance, Red Ship LLC website looks like a legitimate shipping business. But if you take time to look more deeply, the signs of fraud are not hard to spot. They claim to have been in business for “nearly a decade” and are located at the address: 3242 SE Dominica Terrace #102 Stuart, FL 34997.  However, all three of the domains they used were registered last week.  And their physical address is also a lie. Using Google Maps, we were able to “walk” down the street at this end of SE Dominica Terrace in Stuart, Florida. We found the following REAL businesses on this street….

There is NO BUSINESS WHATSOEVER called Red Ship LLC located at 3242 SE Dominica Terrace in Stuart, Florida. Google Map makes it possible to literally walk down this street and look at the businesses located there.

    On the RedShipLLC.com website, this bogus company also lists five customer reviews. These are also lies and are completely fabricated. However, what was particularly interesting was that these lies led us to find another IDENTICAL fake website called QuickShipping.org!  Check out the lovely testimonial from James Ullery, HAPPY CLIENT.  He supposedly gave the same identical review to both RedShipLLC.com, located in Stuart, Florida and to QuickShipping.org, located on 120 S Central Ave, Floor 7, St. Louis, MO 63105.  In fact, all 5 people who reviewed Red Ship also gave identical reviews of Quick Shipping! How believable is that?! (Reviews were given by James Ullery, Charles Salmons, Alexina Skinner, Gregory Bond, and Jenny Rodriquez.)

    The domain of the identical business called Quickshipping.org was registered on February 16, 2024 and this website is hosted on a server in Chisinau, Moldova, bordering Ukraine. The website for RedShipLLC.com is hosted on a server in Kiev, Ukraine. Both Moldova and Ukraine were part of the former USSR, which dissolved in 1991. (We’ve said for years that the criminals behind this fraud speak Russian, because of early breadcrumbs we found about them!) It wasn’t difficult to find other people online reporting this fraud, including at the Better Business Bureau website! Using some other domain name, the bogus business Red Ship LLC, has been around since 2022 and people have reported online that after a month of working as a package reshipping agent they never got paid!

    Check out the review at the BBB.org: https://www.bbb.org/us/fl/stuart/profile/online-shipping-broker/red-tag-ship-llc-0633-92023348

    And there are 77 complaints about this fake company on Scampulse.com!

    Also, Scam-Detector.com gives QuickShipping.org a trust rating of 6.7 out of 100!

    These two websites bring our collection of fake shipping sites supporting this type of fraud up to 97 since 2019. By our estimates, at least 500 – 600 people (mostly Americans) have been victimized by the scammers behind this fraud, to say nothing about the merchandise theft itself. And yet, our FBI and Interpol cannot put a stop to this. In fact, we’ve seen no evidence whatsoever that they are even interested in this criminal group who are likely operating somewhere out of Russia or Eastern Europe. And so we suspect that we’ll be finding many more of these scam sites, and hearing from many more victims in the years to come. Sad, but likely true.  Finally, here is a list of George’s Supervisors and Managers that he received last week.  Feel free to call them and ask them if they know they are working for cybercriminals who move stolen merchandise and don’t pay their newly hired employees! It is quite likely they may not know, but they must suspect something is odd about the company when package reshippers turn over every 4 weeks!

    Manager: Norah Helen    Direct line: (772) 932-5960
    Email: Norah.Helen@redship-shipdep.com 

    Supervisor 1: Lea Knightings   Direct line: (772) 918-9564
    Email:   Lea.Knightings@redship-shipdep.com

    Supervisor 2: Vaeronica Smith   Direct line: (772) 218-9728
    Email: Veronica.Smith@redship-shipdep.com

    If you want to learn more about this fraud, check out our feature articles:
    https://www.thedailyscam.com/package-shipping-scams/
    https://www.thedailyscam.com/package-reshipping-scams-are-like-whac-a-mole/

      Namecheap Sucks, Amazon Call, Sexual Offers and More

      Namecheap is THE WORST REGISTRAR on the planet and clearly favors cybercriminals because they make millions of dollars from the many tens of thousands of malicious domains registered through Namecheap each year. Here’s one more small example of how awful Namecheap is. We recently told readers about malicious clickbait targeting people, including our friend Rob, from the domain littlealizer[.]click. Check out this screenshot of one of Rob’s email inboxes showing malicious clickbait from littlealizer[.]click collected during a one hour time period!

        He received over a hundred malicious emails from this domain and complained to Namecheap about it. When he similarly complained to Amazon about malicious clickbait, they took the domain offline in two days! Namecheap took more than 2 weeks, and only after he complained multiple times!

        Speaking of Rob, he shared an audio recording with us after answering a call, supposedly from Amazon, about a fraudulent charge to his Amazon account.  Of course the call didn’t come from Amazon, it came from a scammer’s number: 316-478-5434. Google can’t find any listing of this phone number.  The woman he spoke to had a heavy indian accent and it was a horribly poor quality call.  One thing was clear though. It was the noisy scam center in the background! Enjoy….

        Last week we reported that unsolicited sexual offers via email are not always what they appear to be. The one we showed you was highly malicious. Here we are again. This appears to be a very sexual invitation but it is just another serious piece of malicious clickbait, as reported by 12 security services!

        No doubt, everyone knows the name “Jerome Powell.” He’s the 16th Chariman of the Federal Reserve, afterall. Well, we bet you didn’t know that Mr. Powel likes to call himself “Jerome Powell Powell.” Yep, that’s right and we have proof!  Here’s an email that Mr. Powell Powell sent to Rob. Notice how he spells his email name!

          We want to remind our readers who have small businesses or who offer consulting services that YOU are also targeted by scammers and to be careful! Here’s a perfect example. A man, identified as Jacob, contacted an accountant last week. But he sent his email from a domain that was 1 day old!  Also, look at the last sentence from Jacob. It contains an important clue that “Jacob” is NOT likely a native English speaker! (We’ve seen this exact error many times before.)

          We want to raise awareness amongst our readers that there is a new variation of the scam phone call that typically targets the elderly and begins with “Grandma (or Grandpa), it’s me!” The scammer, disguised as a grandson claims to be in jail and needs money for bail but can’t call mom or dad! “Will you help me? But don’t tell mom or dad!” But this time, the scam call is to DAD and the son starts with “I got into a car accident.” The bloody nose and swollen face make it hard for him to sound like him.  He needs your financial help, of course. Here’s a sample scam call on NoMoRobo:

          Hey Dad, I got into a car wreck last night.”…… https://www.nomorobo.com/lookup/872-351-5014

          Here are several recent stories and resources about scams/fraud in the news, starting with the sad news that even a former Miss New York fell for the teens in Central Park who have been asking for donations to their baseball team, only to steal $2000 – $3000 from a victim’s Zelle account!

          https://abc7ny.com/post/former-miss-new-york-falls-victim-zelle-scam/14854173/

          This announcement from the FTC is not a surprise…..

          https://www.ftc.gov/news-events/news/press-releases/2024/05/new-ftc-data-shed-light-companies-most-frequently-impersonated-scammers

          Seriously?!

          https://gothamist.com/news/things-the-guys-who-stole-my-phone-have-texted-me-to-try-to-get-me-to-unlock-it

          We understand that people across the world have varying feelings and strong reactions about the war between Hamas and Israel. It is HORRIBLE and the suffering and death of thousands of innocent lives on both sides is inexcusable. It is not our intention to step into this stormy mess and take sides. HOWEVER, we do believe that it is NOT OK for the Israeli government (or any government) to pretend to be hundreds of US citizens so they can try to influence American political decisions! This is fraud, plain and simple. Check out….

          ​​https://www.nytimes.com/2024/06/05/technology/israel-campaign-gaza-social-media.html

          Finally, here’s a great resource from AAA for anyone who has ever had very personal information stolen by, or given to scammers: https://www.aaa.com/experianidtheft/

          Remember to check out our podcast series! New podcasts come out on the 15th of each month.

          One of our readers sent us an email he received from “Cendrillon Mailhot.” Wow! What a name! Despite having access to an infinite amount of information, even Google can’t find anyone with that exact name! Last week, Cendrillon sent an invoice attached to an email to our reader in New Zealand. Apparently, the fellow resubscribed to Microsoft’s Office 365 for nearly $500 NZ Dollars! That’s pretty darn expensive! According to the attached pdf, Microsoft is supposed to have an office in Dunedin on #140 Afton Terrace. Dunedin is a beautiful town, with Maori heritage, in South Island, New Zealand and about 13 Km from Lanarch Castle. (A beautiful place to visit!) But we seriously question that location for Microsoft’s office!  According to this website, there are only 13 homes on Afton Terrace and they go up to #21, not #140! Gee, could this be a phishing scam?!?!?!?!?!

          Report your smelly phish to us and Google! https://safebrowsing.google.com/safebrowsing/report_phish/

          Home is Where the Heart Is, Not a Domain Name!

          One of our readers has been bombarded by malicious clickbait lately. Oddly, a group of them came from domain names that had the word “home” in them AND the malicious links in these emails also pointed to a domain that contained the word “home!” We’ve never seen anything quite like that before! Check out this first example. The email wants you to think it came from USAWildSeafood.com but, in fact, it was sent from the homey domain CloverHOMErenovations[.]com. This domain was recently registered in Iceland through Namecheap on 12/14/2023 (less than 6 months ago.) (The link in the email was not functional.)

            Now check out these two emails below. The first one is NOT a consumer rewards for Starbucks. Hell, no! But it did come from the domain HOMErenovationsplan[.]com and the links point to InsideOutHOMEsolutions[.]com! For the first time in YEARS, we feel that the scammers behind this first fraud are being honest with us! Homerenovationsplan[.]com was registered in Seppa, India by someone named Sakshi Padol last November 15. (This domain is now hosted on a server in the Netherlands.) We have LOOOONG believed that these types of malicious clickbait are being produced by a cybercriminal gang in India. In fact, we used to call this gang the Hyphen-Poopy Gang! (If you want to know why, read these articles we wrote in August 12, 2022 and October 11, 2023, for example.) Needless to say, “Loyalty does NOT pay off” if you click the links to home in this email!

            The second email wants you to think it came from AARP.org but that’s not true! The email was sent from the oxymoron website WonderfulHOMEinteriors[.]com. This seemingly innocent domain name was registered in Japan on February 8, almost 4 months ago. The links point to the royal pain-in-the-homey domain called RoyalHOMESsartinterior[.]com. It was registered in Ireland last July, 2023. Does any of that sound like AARP.org to you? Deeeeeeeleeeeeeete!

            Email with YouTube Information and Dangerous Attached Files

            Years ago, we used to see this type of clickbait often but not so much anymore. One of our readers sent this lovely health suggestion email to sip salt water before bed. The most important thing to pay attention to in these types of malicious emails is the fact that they contain a linked graphic (and linked sentence) to what appears to be a YouTube video! (Look at the YouTube symbol in the graphic.) HOWEVER, when you mouse-over the graphic or linked text, they NEVER point to YouTube! This one pointed to a sleazy, oddly spelled domain registered in Spain (“.es” = España = Spain) called DailyCouponZoffer[.]com[.]es. But that’s not your final destination. This supposed coupon outlet will redirect you to a malicious domain called RockMalltrk[.]com. ‘Nuf said. Delete!

            Another one of our readers sent us this VERY dangerous clickbait that is often used to target businesses with malware! “You have received a new voice message” it claims. But the attached “voice message” is always an incredibly dangerous file type that can take over and control your web browser!  These files end with either html, htm, shtml, php, or js. This makes no sense because the email tells you that the sound file should end in “wav.”  That’s all you need to see before lunging for the delete key!

            More Pig Butchering Introductions and a Job Offer!

            Wow! Lately, it seems that 99% of all scam texts are either random text introductions to a pig butchering scam, or a scam job offer!  One of our friends told us that he recently received a random text from 847-773-5579 saying “There’s a play today and I’d like to invite you to go with me.” Of course he didn’t know the sender. It was just an “accidental text” from a scammer intent on taking every last penny you have through an investment scam! I also had a similar type of text last week from 213-571-6393, but when I answered the question, I never heard from the scammer again!  I wonder why?

            Random job offers via text ARE ALL SCAMS! Real businesses do NOT operate like this!  This text was sent to a woman who has been employed as an executive in the skin care industry with a well-known company for more than 40 years! NOTICE that this text was sent from an email account named sxiycsumit265 and using the domain tucoi[.]techTucoi[.]tech was registered in Vilnius, Lithuania on the very day this text was sent! Do NOT believe a word that “Ashley” says!  Just BLOCK and DEEELEEEETE!

            Until next week, surf safely!

            Copyright © 2024 The Daily Scam. All rights reserved.
            You are receiving this email because you have subscribed to thedailyscam.com

            Marblehead, MA 01945

            Contact Webmaster