Select Page
Weekly Alert  |  June 15, 2022

Four Reasons Why You Can’t Trust Amazon or Google Trust online is a challenge, no matter what you’re looking at online. Together, our team made up of The Daily Scam, Scamadviser and Fake Website Buster, have exposed fraud ranging from bogus banks, retail sites, Facebook friends, dog/cat breeders & sellers, job offers, online dating and so much more! But scattered amongst this ever-changing sea of sharks, we think of islands of safety on which we all can pull ashore. Two pillars of safe havens on which we depend are Amazon and GoogleAccording to Statista.com, research published in October, 2021 showed Amazon holding 41% of the e-commerce market share. Google is also an Internet behemoth, offering dozens of products, some obvious and some not. (Check out this list of Google goods and services posted on Wikipedia.) If you ask any consumer around the world if they trust and use Amazon or Google, we suspect that an overwhelming majority will say yes! However, we’re here to tell you that you shouldn’t afford any more trust to these behemoths than any other website you find online! Below are four examples to support our contention that consumers should be skeptical and very wary when engaging with these websites, just like any other website!

Reason #1
Amazon Web Services cannot be trusted

Amazon Web Services is a subsidiary of Amazon and provides lots of online services to individuals, businesses, and governments, such as cloud computing, data storage and processing. We often see these services show up in links associated with the legitimate domain amazonaws.com, which was registered to Amazon in 2005.  However, AWS services are often misused by cybercriminals targeting people with malicious clickbait.  Take this recent email sent to one of Doug’s email accounts. It was immediately suspicious because it came from a server in Brazil.  Tracy Orloff, the sender, sent no real message, only a link that appears to point to a Google search for Doug’s email.  However a mouse-over of that link reveals a shortened Bit.ly link!

We unshortened that link using Unshorten.it and discovered that we will be redirected to an Amazon Web Service link through AmazonAWS.com. But a deeper look into this link reveals that Amazon will not be our final destination! Buried in that link itself was a redirect to a website called prolifestyles[.]store, and there were other redirects buried on that website as well. Both the Zulu URL Risk Analyzer and VirusTotal were able to confirm for us that this AmazonAWS.com link, containing the redirect to prolifestyles[.]store, was 100% malicious!

Reason #2
Amazon reviews can’t always be trusted

Sellers will sometimes try to post fake positive reviews of their products, or pay others to do that. Fortunately, the site called ReviewMeta.com uses AI to evaluate written reviews (but not star ratings alone) and then remove suspicious reviews from the ratings for consumers.  Here is one small example.  We found this very inexpensive set of earbuds by CAPOXO on Amazon for just $29.99 (40% off on June 11 from the original $49.99.) They have a 5-star rating based, in part, on 143 reviews. However, ReviewMeta.com assessed those 143 reviews and the AI said that 71% of them are suspicious. The ReviewMeta.com web page will give you a detailed breakdown why it feels that these reviews are suspicious. Despite the high percent of suspicious ratings, these ear buds still have a 5-star overall rating because the 43 remaining reviews are so strong.  However, how does it make you, the consumer, feel about buying a product about which 71% of the reviews were found to be suspicious? If you want to read more about Amazon’s problems with fake reviews, check out these worthwhile articles:

CNET: Amazon’s Never-ending Fake Reviews Problem, Explained (11/23/21)

Business Insider: How to Spot Fake Amazon Reviews and Avoid Scammers (11/19/21)

Reason #3
Google APIs can’t be trusted

According to Wikipedia, “Google APIs are application programming interfaces (APIs) developed by Google which allow communication with Google Services and their integration to other services…. Third-party apps can use these APIs to take advantage of or extend the functionality of the existing services.”  But “third-party” can also include cybercriminals, until their fraud or malicious intent is revealed or reported, and then stopped. Case in point is this “FedEx” email sent to Doug and saying that delivery of a package to him was suspended. He was asked to “schedule your delivery and subscribe to our calendar notifications to avoid this from happening again!” Except that this email didn’t come from FedEx and the link didn’t point to FedEx.com.  It pointed to a Googleapis.com link. VirusTotal reported that Trustwave found this Google API link to be a phishing trick. (The next day, Doug received a “2nd attempt” to notify him” and it contained another Google API link.)

Reason #4
Google Search Results Can’t Always Be Trusted or Safe to Click

Search-Engine Poisoning (also called “SEO poisoning,” “spamdexing,” and “black-hat poisoning.” Source: Wikipedia) is as old as Google and other search engines. Quite simply, it is a method of attack in which cybercriminals manipulate a search engine, like Google, to drop unsuspecting landmines in front of your eyes. If you click one of the links, your computer can become infected with malware. To learn more about this dangerous and deceptive practice, check out one of these articles:

NameCheap: Search Engine Poisoning and How It Can Affect You (6/3/21) – Excellent article!

Securus Communications: SEO Poisoning – Does It Affect Network Security? (2/15/22)

DarkReading: SEO Poisoning Used to Distribute Ransomware (10/28/21) 

FOOTNOTE: We hope readers are aware that people and businesses pay Google for words that consumers might search for so that their websites will show up higher in the listings when users search for that word.  Most people don’t look at search results beyond the first or second page of returns. We know of a pump company owner, for instance, who made millions of dollars in online sales over a decade by purchasing words related to pumps!

We hope this information is a wake-up call for readers! NOTHING can be fully trusted online and, as we routinely say…. Be skeptical online! Verify, verify, verify! Online deception is simply too easy and has been a serious global pandemic since the World Wide Web was invented. 

Watch Out for These Fake Airbnb Websites! It’s June, the first month of summer! Many of you have already started to plan for a wonderful summer vacation. However, while you are busy arranging accommodation for your holidays, scammers are all around you, with a handful of travel scams aiming to lighten your pockets. Check out the Trend Micro article about how YOU can spot these scams!

We Need The Secret Code! Dare we say it, but sometimes we truly love the creativity and ridiculous games played by Nigerian 419 scammers. They can sadden, and brighten our day, all at once.  Here’s a perfect example sent to us by our friend Rob, a.k.a. Scam-Baiter Extraordinaire.  On June 4th, Rob replied to a random scam email he received from “Charles Mensah” about transferring more than $5.7 Million dollars into Rob’s bank account from Citibank.  Of course, NONE of the communication involved the real domain from Citibank. Mr. Mensah asked Rob to contact Nancy Lex from “citibanksecurity[.]org.” This domain was registered anonymously in Canada on February 2, 2022. (By contrast, CitiBank.com was registered to CitiBank in 1991 with verifiable phone and address information.)  However, in order to transfer the money to Rob, he was asked to give a SECRET CODE to Ms. Lex, the Citibank Officer.  He didn’t give it to her, of course, just to play with them. Check out Ms. Lex’s response below as she continues this game of cat and mouse…

FOOTNOTE: We continue to be appalled by how easy it is for criminals to register domain names that are such OBVIOUS examples of fraud, as well as copyright infringement, against businesses like Citibank.  (Hey @ICANN, are YOU listening?!) ANYONE registering citibanksecurity[.]org anonymously a few months ago should be seriously evaluated before that registration is approved and given.  One would think that ICANN, the controller and rich overlord of all things related to domain names, would have a big security division for this.  But ICANN doesn’t care AT ALL about citizens of the world because they make money off of every single domain name and cybercriminal purchases make ICANN rich!  At least VirusTotal shows us that several security services are well aware of this fraud!

Phishing With Security Service Lures! Phishermen have long been using phishing lures disguised as the very security services we need to protect ourselves from them.  Adding to this threat, we’ve seen a significant rise in a newer trick in their arsenal.  More and more of their phishing emails are misusing Intuit.com’s billing system for small business owners. Below is an example pretending to be from Geek Squad. It was made to appear as a bill sent through Intuit. But wait! The email provides a scammer’s phone number so you can call to cancel the charge that never came through your credit card though they claim your subscription was auto-renewed. Those who are gullible enough to call are painfully manipulated by these leeches! There are two very interesting things to note about this email…

  1. It was sent on June 3 but if you look at the “Due Date” entered into the blue box, you’ll see that it is written in the format that is NOT USED in the United States or Canada, which is where Geek Squad’s parent company is based!  The date format in the email is written as day first (03), followed by month (06) and then year. The Due Date should have been written as 06/03/2022 (US format) or as 2022/06/03 (Canadian format). This scam was most certainly sent by a cybercriminals from outside the U.S. and Canada.

  2. Though this invoice was supposed to be from Geek Squad, check out the email address found at the very bottom of the email! The domain used in that email, techtary[.]com, is currently for sale and there is no website located on it.

The next three smelly phish all came from various personal Gmail accounts.  The first one is very funny because of the English errors in the email! Just don’t call their “Excivite” unless you want to scream at them and then hang up. It pretends to represent “Mcafee.”  The second email pretends to be for Norton Life-Lock but came from a personal Gmail account called ahmad marguellest 295! They want you to believe that you ONLY have 24 hours to call and cancel your subscription OR ELSE! That’s total BS!

This final fraud, disguised as another McAfee order, has sooooo many red flags that SCREAM FRAUD!  Check out the last 3 sentences in the email. How many suspicious “red flags” can you spot? We count at least 7, including the delightful presentation of their phone number!  Enjoy and delete!

Student Support Loan Forgiveness? One of our readers sent us this voicemail that he received from “Jade” with “Student Support.” Jade was calling to speak to the man about his student loans and to offer some “possible” forgiveness program and other loan options. The problem was that the man receiving this call had no student loan debt and wasn’t even a recent student!  Jade asked him to call her at 855-886-8997.  This phone number was heavily reported on NumberGuru.com as a scam, and also reported three times on Robokiller.com as a scam phone number, similar to the scam reported at the top of the page.

A U.S. government website offers tips for recognizing student loan scam calls. Check out “3 Ways to Spot Student Loan Scams” at StudentAid.gov.  Also, in February of this year, NPR produced a 5 minute piece on Student loan scams.  Listen to that news report here!

New Payroll Update and Click to Activate –One of our readers received this lovely email from “Payroll” but actually coming from an auto parts manufacturer in Brampton, Ontario, Canada. Apparently, the recipient has a new payroll update! To review this update, she was asked to click a link sending her to a malware-laden site hosted in Amsterdam called CharlesPegUy[.]ma. Yikes! Lunge for the delete key!

Another reader sent us this brilliantly stupid email that came from a server in Germany, though the recipient is an American citizen and doesn’t use any services in Germany! Click to activate your updated Mailbox. No thanks.

    Your Card Has Been Charged and Earn Money By Carrying Our Logo! –These recent texts, sent to us by readers, are completely bogus! The phone numbers they both came from are also listed on a VERY suspicious Turkish government website that has likely been hacked and with malware traps lying in wait.  In the second text, the sender offers $400 each week if you agree to put a Nokia business logo on your car.  However, notice the links provided! Both Wixsite[.]com and Weebly[.]com are free web-hosting services on which anyone can create a web page for free! Does this sound like Nokia.com to you? Run, don’t walk and keep your car logo-free!

      Until next week, surf safely!

      Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
      have subscribed to it via Scamadviser.com or thedailyscam.com

      Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

      Contact Webmaster