Does Google Share Blame For This Scam? — Last week we heard from a 67-year old woman who told us that she had just been scammed out of $1360 and felt horrible about how it happened. She told us she used to be a very smart woman, with a high school IQ of 145! (This means that she used to be smarter than 99.9% of her peers, and she was considered “gifted.”) However, now she is beating herself up, feeling stupid as she ignored so many warning signs. This scam began when she turned to Google to find the Customer Service number for Zelle to answer a question about her account. Google, however, had been “poisoned” by scammers and instead of giving her the legitimate phone number for Zelle, it returned a scammer’s number. Tread lightly with us as we follow this fraud and ask the question….”Does Google share in the blame for what happened to her?”
We wish to protect this woman’s identity and will call her “Carol.” On Wednesday, June 7, Carol logged into her Zelle account to pay a doctor’s bill. This is something, she tells us, that she has successfully done many times before. Only this time, she decided to print out a receipt that she could use to submit to her insurance company for reimbursement. But oddly, she couldn’t find any way to print her receipt! We’ll let Carol tell you want happened next. Before you read her description, we ask that you keep in mind that she completely trusted the person she called and believed him to be a Zelle customer service representative because she trusted Google to correctly answer her question…
“I have to pay my doctor using Zelle. I have successfully paid him numerous times and decided to print out a receipt and submit this expense to my insurance company for reimbursement. I went to my account at the Zelle website and discovered there is no way to print out receipts. I thought maybe I just couldn’t figure out how to do it so I decided to call their customer service number. I Googled ‘Zelle customer service’ and called the first number that came up.
Someone with an Indian accent answered the phone saying ‘Zelle customer service.’ I told him what I wanted to do and he told me in order to do that he had to verify my bank account information. He had me go to the Zelle website and as a “test” send $500 to a person he named. My radar went up but he said ‘I will immediately send it back.’ He had me type the word ‘test’ in to one of the fields. He told me he had tried to immediately send me back the money but there was a problem. It just wasn’t working for some reason.
At this point, I separately Googled the phone number I had called. The only information that came up was that the number was from Ventura, California and was a landline. It also said the number was ‘low risk for scams.’
I went back to my Indian tech support guy who told me he had to run through some tests with me on a different app. This time Cash App, not Zelle. I did several tests with him, 4 in $10 increments and then 4 in $20 increments, all labeled as ‘tests.’ He told me I was not giving him correct information about my bank account and that’s why these tests were failing.
He had me then send $350 to some individual, a different one, through Cash App. He said this did not go through either and he would have to pay me back in bitcoin. (I was to send the money first, then get reimbursed, again) I went to the bitcoin website and purchased $50. After this, I realized this was a scam and cursed him out, and then hung up. I canceled everything I could and filed a police report but not before I was scammed out of $1360. Also, within a couple of hours that fake phone number no longer appeared under ‘Zelle Customer Service’ in a Google search. You call it now and it just rings and rings. I’m an idiot.”
By contrast to Carol’s initial experience, we conducted a Google search for Zelle Customer Service and easily verified that the phone number Google returned was the real customer service number for Zelle because it was associated with the REAL Zellepay.com domain! WHOIS records show that this domain was registered back in March, 2016. In “Internet years” that feels like 20 years old or more!
The phone number that Google returned to Carol was 805-626-8564. Without any understanding of the potential risks involved, Carol had no way to know that Google had been poisoned by cybercriminals to return a fake Zelle number. This is known as Search-engine (SEO) poisoning or Spamdexing. There are several ways that cybercriminals have figured out how to manipulate the algorithms on Google and other search engines. And, like most Internet users, Carol didn’t have the skills to understand the risks using Google or “DNS” ( Domain Name System.) Had she understood DNS, for example, she should have been suspicious that the Zelle customer service number presented to her was from a website that didn’t belong to Zelle and was likely very sketchy. But most people don’t have these skills. They depend on and trust Google to give them correct information. (Many people don’t even know that search engines can be poisoned to show fraudulent information!)
When we conducted a Google search for the phone number that Carol found, we saw a link to an online forum where people report scams, called Scammer.info. But we also saw seven other malicious links to websites hosted in Turkey and Russia, all of which are dangerous to visit.
A few hours after being scammed, we asked Carol to conduct the exact same search and take a screenshot of what she found. But by that time, Google was showing her the correct information for Zelle. The spamdexing episode was short-lived, though long enough to have victimized Carol. Should the tech behemoth Google be responsible for any of Carol’s losses? We think so, and here’s why….
- According to a variety of websites, “compensatory damages” have been awarded when a defective product causes harm, including economic loss
- According to the InjuryClaimCoach.com website, “Almost any product has the potential to cause harm if there’s something wrong with its design, manufacture, or marketing.” They say there are four key elements needed for a strong product liability claim:
- You used the product as intended
- The product was defective in some way
- The product malfunction directly caused harm
- There were actual damages, such as injuries
We believe that it is the design of Google that can lead to harm. At least some portion of Carol’s financial loss was due to the defective way in which Google’s algorithms were manipulated by cybercriminals. Search Engine poisoning is a bigger problem than most people realize. For example, TechRepublic.com published an article in January about the research of a company showing that SEO poisoning attacks are significant and on the rise through the use of fraudulent ads disguised as well-known companies! In February of this year, HealthITSecurity.com reported a significant rise in SEO poisoning that targeted the healthcare industry which tricked people into clicking links leading to malware. In December of 2022, PurpleSec.us reported on SEO poisoning last fall, revealed by research from Sucuri. That poisoning impacted about 15,000 websites! SEO poisoning can be a serious threat and, as Carol knows all too well, can have real life consequences for people.
Google needs to do a better job creating “guard rails” to protect its users! This can, and in our opinion, should include better education how to recognize the risks. At the very least, they should offer some type of compensation when people suffer financial harm as a result of their poorly engineered products.
Thinking about Carol again, we couldn’t help but wonder why she didn’t see through this scammer’s fraudulent tactics sooner. We asked her if, at any time, she expressed concern to the scammer about what he was asking her to do? If she did, how did the scammer try to rationalize his “procedure” to her? She only told us that “the man on the phone with me was generally neutral but would become irritable if I was too slow, in his opinion, entering information. He tried hard to be patient but it’s obviously not in his nature. After about 20 minutes of these ‘tests’ that weren’t working I started getting suspicious and annoyed. I became curt with this guy but figured I was already in it too deep. After the bitcoin thing I called him an asshole and said I knew he was a scammer and hung up.”
Sadly, we’ve heard many victims report that they continued to engage with a scammer once they had suffered an initial financial loss because they had already committed money and didn’t want to lose what was already invested. Think about this for a moment. If a scammer manipulates a victim to send $500, many victims will then “spend” more to try to recover what was already sent. We felt badly for Carol and wished that Google would at least compensate her for that initial $500 loss.
On June 24, 2020, we published an article in the “Your Money” column about a serious SEO poisoning incident that especially manipulated Amazon and Apple phone numbers in Google (It includes a screenshot example.) Also, Crowdstrike.com has published a good article about SEO Poisoning, that includes another graphic example of SEO poisoning.
Zoom Video Communications Settlement (EpiqPay) – Scam or Legit? — Have you received emails from email@example.com about the “Zoom Video Communications” settlement stating that you can get a refund? Are you wondering if it was legitimate? Don’t worry — it’s NOT a scam. Check out and protect yourself with this 100% FREE, all-in-one tool.
Kroger Job on Sketchy Website, Using Photos Against You, and AI Deep Fakes – Doug at TDS received a lovely offer in his inbox for a job for Kroger, an American supermarket company. The job offered to pay people to shop at Kroger and evaluate the company while doing so. They claim to pay $200-$400 per assing ment. That’s right… per assing ment! But the email came from a server in Hungary and the links didn’t point to kroger.com. They pointed to an application form on a website called stratesfy[.]com.
This is an obvious fraud. However, when we tried to notify Stratesfy via their listed email, info@stratesfy[.]com, it bounced back as undeliverable. And so we took a deeper look at stratesfy[.]com
Their website looks VERY much like a collection of stock graphics and information. We then used the WHOISXMLAPI Contact tool to figure out how to best contact them and discovered something very suspicious in the underlying code on the stratesfy[.]com main page. The code listed other companies/organizations…
“Zeiders Enterprises Inc”,
“The American College of Surgeons”,
“The American Association of Petroleum Geologists”,
“RaySat Antenna Systems LLC”,
“E Commerce” ],
Why would the underlying code on this website contain the names of other unrelated organizations/businesses, such as “The American College of Surgeons” or “RaySat Antenna Systems” (An American company founded around 2006)? We strongly suspect that the stratesfy[.]com website has been hacked, or taken over, and is being misused. Check out the online form found on this website that visitors are asked to fill out for that “Kroger” job….
In our May 24 newsletter Top Story, we wrote about the many ways that cybercriminals use the lure of photos and videos to trick you into clicking malicious links. These threats continue! Here is another recent example from the same group of criminals who’ve been misusing the name of a school employee to target a group of parents. It appears to come from Kacey but this email was sent from an account called Peter Vasko on a server in the European Union. The message was “any recollection of that image?” followed by a malicious link. Don’t fall for these nasty tricks!
One other final note. We’ve reported multiple times recently about the scary misuse of artificial intelligence to target victims. This recent article on Consumer Affairs also highlights the rise on these threats:
Bank of America, Geek Squad, and Xfinity — In last week’s newsletter, we reported on a malicious mimic designed to look like the legitimate services of intuit.com, and called intuitcpas[.]com. Our friend Rob reported another malicious mimic soon after called BookIntuit[.]com. According to WHOIS records, this mimic was registered on June 2 and ScamAdviser.com gives it a trust score of 1 out of 100! Moving on, don’t trust this “Bank of America” email either! It clearly didn’t come from the Bank of America website! The link to “view my account” points to a website in Russia but you’ll be redirected to a phishing site using the crap top-level domain called DOT-site. Deeeleeeete!
Check out this Geek Squad order that was sent to one of our readers from a free Gmail account! Scammers often try to write their fake support phone numbers into an email in a way that makes it harder for anti-spam servers to recognize the fraudulent email. This was done in the email below. Notice the spacing and the dots! Also, as is typical in most of these scams, the only thing to personally identify this purchase as “yours” is the use of your email address. Delete!
Again, Comcast Xfinity account holders are being heavily targeted by cybercriminals! Check out this email about a change in the terms and services for Xfinity. However, the link in this phishing scam points to a free webpage on Google Sites! How fast can you hit the delete key?
Netflix Rewards, NFL Shop Gift Card and Get Paid for Clinical Trials! — Netflix has certainly been in the news the last few weeks as they have been cracking down on the use of shared passwords within a family or group of friends. Their definition of a “household” has become stricter. This has nothing to do with the recent malicious clickbait sent to us but it’s worth noting anyway! Check out this bogus email that came from a server in Poland. Especially note the well-crafted subject line and top sentence (said dripping with sarcasm.) Again, these employ tricks meant to get this email through anti-spam servers. But it is also these very tricks that help us identify this fraud!
The links in this clickbait point to the shortening service at Twitter. When we unshortened that link, we learned that visitors will be sent to a nonsensical, crap domain that was registered in late March in Canada.
Check out this email that appears to be from the NFL Shop but actually came from a crap Microsoft email account. It’s just another “Answer & Win” clickbait email sent by a very active cybercriminal gang. This malicious email is a perfect example of the type of weapon used to target the public EVERY DAY! Delete.
Here’s something we’ve never seen before as malicious clickbait! Though Sunrise Clinical Trials appears to be a real business located in Florida, according to this record in Buzzfile.com, the email below didn’t come from them. It came from a server in Germany! But no worries, right? Get paid to take a clinical trial! Just click that SHORTENED LINK (to tinyurl.com) that was manipulated to look like a long link! You can ignore all the characters that follow the # symbol in the link. When we unshorted that link, we discovered that visitors will be sent to a malicious website in the UK that was created in January! What’s also funny to us is that the final destination URL is 3 characters shorter than the shortened link at tinyurl.com! (Excluding the unnecessary characters from the # symbol to the right.)
Update Your Account and E-Mail Account Termination! — The “ACCOUNTING DEPARTMENT” somewhere in Austria sent Rob this helpful email telling him to update his account information. The fine print shows that this clickbait was supposedly from the Mitsubishi UFG Financial Group, but that’s a big lie! What makes this email extremely dangerous is that the attached file is another file type that will take over your web browser and implement instructions from cybercriminals. The attached file is an “shtm” file. NEVER CLICK on these types of files!
The Daily Scam received a warning recently that our mailbox was about to be terminated. This brought back fond memories of the 1984 film with Arnold Schwarzenegger called The Terminator. We were given only a few hours to update our terms of service. We couldn’t help but think that if we didn’t click the link, Arnold would say “I’ll be back!”
Are You Interested in Selling? — Doug at The Daily Scam has received texts like this multiple times. In this one, “Mike” asks him if he is interested in selling his home. What makes this type of text suspicious to us is that Mike never identifies himself by full name or any real estate firm. He also uses a phone number that Google is unable to associate with any real estate firm. This text, to us, shows NO CREDIBILITY at all! However, if Mike brings us a suitcase filled with $3 Million dollars in cash, we will happily sign over our deed!
Until next week, surf safely!
Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com
Keurenplein 41, UNIT A6311 | 1069CD Amsterdam, The Netherlands