Select Page

We would love to hear your feedback

THE DAILY SCAM NEWSLETTER  |  JUNE 19, 2024

Co-Founder/Content: Doug Fodeman  |  Co-Founder/Creative: David Deutsch  |  V04N19

Investing Your Money!

There are literally hundreds of ways for people to invest their money to try to grow it.  The hope, of course, is to better protect your financial future. And of course there are also lots of fake investment and banking sites that claim to offer good, or sometimes unbelievable, rates of return for your investment. These fake investing companies will steal every last penny you put in them! This week’s Top Story is about two of these bogus investment firms that came to our attention in the last few weeks, followed by another surprise. Would you have spotted these investment services as a fraud?  Can you spot any red flags that should send you running for the proverbial exit door? We hope you’ll see what we see regarding PrimeFortes.com, Chasebitcointrading.com and another related service that came to our attention! Also, these investment services led us to another dozen nearly identical bogus investment services!

On April 14, our friend Rob received a random email from a Mr. Kennedy Albano who, oddly, used the email address mrstevendavid31@gmail.com. (1st “red flag!) Apparently, there was an urgent matter that needed Rob’s attention. Mr. Albano claimed there were unclaimed funds ($15 Million dollars) in Rob’s name.  Mr. Albano said “I am here to inform you that your ATM CARD of $15.000.000 million has been in our office since last three years, but we confirmed that you’re the real owner of this ATM CARD. The confusion there is that a man from your family informed us you are dead, and he is here to claim your inheritance since you’re dead. MEANWHILE IF YOU RE ALIVE AND STILL INTERESTED, YOU’RE TO WANT COMPLY WITH ME VERY URGENTLY.”

Thank goodness Rob is still alive! Right? After a number of back-and-forth emails, Rob was finally given access to his riches! However, it wasn’t through an ATM card, as first described. Rob learned that his money had been moved into a bank…. A “CryptoBank” called PrimeFortes.com

Apparently, the rate of return from this crypto investment bank is astronomical!  They offer 9 different investment plans and the rate of the return varies based on how much you invest to begin with. Even the lowest plan shows an investment rate that will return more than 50% in two weeks if you invest $100 USD.  This is, of course, impossible, unsustainable and a complete fraud!

After seeing their truly unbelievable promised rates-of-return on Rob’s money, we started digging further into this CryptoBank called PrimeFortes.com.  One of the first things we noticed was that their “client reviews” were very likely fake.  For example, one was by a CEO named Samili Begum, though her company was not named. A reverse image search in Google showed us that “Samili’s” photo is very likely a stock image purchased online because we found that exact image on more than 65 other websites! But even more shocking was what we discovered when we conducted a reverse image search of the handsome man in the photo named “Shahoriar Shaun” – Banker.  It turns out that Mr. Shaun’s photo, along with other endorsements were found on 12 other cryptobank websites that were ESSENTIALLY IDENTICAL to PrimeFortes.com.  They also included the photo of “Samili Begum” and an endorsement from her BUT Samili’s name was changed!  (For example, she was named “Sonnia Randy” on MetroCapTrading.com, “Kate” on Cryptoprofits.cloud, and “Jenifer Smart” on OptimalEnergyltd.com. Other nearly identical cryptobanks included  bitbrain.capital, coinmarkettrades.com, cryptoversecapital.com, greenlinesignal.com, metrocaptrading.com, novatopfinance.online, octaearn.com, royalsolutionbd.com, and tokeninfinite.com.

    As one more small proof of the likely fraud associated with all 13 of these crypto-investment websites, we visited OptimalEnergyltd.com and found two references on their site stating that they started their business in 2015. And yet, the domain, OptimalEnergyltd.com wasn’t registered until October 9, 2023! By the way, though PrimeFortes.com comes up as clean on VirusTotal (as of 6/15/24), OptimalEnergyltd.com does not! Two security services show this cryptobank as malicious on VirusTotal. VirusTotal also shows MetroCapTrading.com as malicious.  As for PrimeFortes.com, though VirusTotal and Webparanoid don’t see problems with it, our friends at Scamadviser.com give it a trust score of 7 out of 100 and we’re certain it is just a matter of time before it is reported as malicious.

    Rob ended up walking away from his millions of dollars because it was all too sketchy and he was certain that he had to pay lots of upfront fees and still wouldn’t have received a penny of his supposed millions! But Rob’s good fortune didn’t end there! On June 5, Rob was contacted by Gilbert Morrison from JP Morgan Chase Bank Bitcoin Trading Investment. Mr. Morrison was offering their investment plans to Rob that were unbelievable!  For example, a “Limited Plan” requiring Rob to invest $300 would return 25% interest in just 7 days!  That means that a $300 investment at this rate would be equal to more than $4300 after 3 months of compounded interest! An “Unlimited Plan” would return 50% interest in just 7 days if Rob invested $1000!  Those rates of return are simply MAGICAL!

    Similarly, over the course of several email exchanges, Mr. Morrison finally pointed Rob to the JP Morgan Chase bank bitcoin website: ChaseBitcoinTrading.com.  We also visited this site, hoping to cash in on this incredible opportunity. (Said dripping with sarcasm!) Unfortunately, we were disappointed to find so many discrepancies on their website that we just can’t trust them. (We’re sure you weren’t expecting to hear that. ;-)  For example, ChaseBitCoinTrading.com identified their brilliant Team of employees – investors, COO, Accountants, etc. – and they are all phony-baloneys!  “Andrew Tate” – the COO – displays a stock photo of a man whose photo was used on more than 44 other websites across the Internet. “Patricia Stockings” photo was found to be associated with an Italian Author named Monica, and other names. NONE of the links to any social media account worked at all. But, we truly loved the beard on Chloe Johnson!  

      All kidding aside, the sad reality is that many of these bogus investment companies are often associated with “pig butchering” scams. This type of fraud was recently described in great detail by the Wall Street Journal in this excellent article updated last week about an elderly victim of this scam:

      https://www.wsj.com/arts-culture/books/online-scammer-steals-live-savings-6a510f6d?mod=RSSMSN

      The fact that Rob was targeted by crypto investment scams twice in two months, and the fact that this led us to discover about a dozen other crypto scam investment sites, is disturbing. Plus, we only spent a couple of hours in this effort.  We’re sure that this fraud is just a drop in the bucket of all the online investment scams that are operating across the Internet. But thankfully, there is help out there as well!  About a week ago, Rob coincidentally received an email from Kevin Mitnick of Mitnick Security Consulting. He was letting people know that it’s not too late to help people recover funds lost to crypto scams, or other online fraud! Wow! Talk about serendipity! His email couldn’t have come at a more urgent time. (Although, we did wonder why Mr. Mitnick sent his email from a server in Nepal instead of his advertised domain, MitnickSecurity.com, according to our Google search.)

      Mr. Mitnick’s email says that his website is Cybers-Wizard.com, but oddly, a visit to this website shows a page saying that the site is currently under construction. However, we were able to find an historical screenshot from our favorite WHOIS tool. In addition to showing us that Cybers-Wizard.com was registered less than 3 months ago, on March 25, 2024, we found a screenshot of the top page that included the following information. Read the second screenshot carefully!

      Hmmmm…..Cybers-Wizard.com was registered less than 3 months ago and yet, depending on where you look on the screenshot of their website they’ve been in business for 2 years or 25 years.  Perhaps we’re misreading this.  However, it is surprising when they tell us that “our customers trust us to help them protect their most valuable assets by working with hundreds of thousands of vetted hackers.” But more importantly, their website said that their customer satisfaction rate was 8%!!!  Seriously? 8%? This shouldn’t make anyone comfortable and it had us shaking our heads. What were they thinking?!.  What’s really funny is that Scam-Detector.com gives Cybers-Wizard.com nearly the same exact score!  8.5% out of 100 as a trust score! Also, did you notice the incorrect English grammar in the Title on the screenshot above?

      Remember, Mr. Mitnick said that his current website was MysteriousHackers.info in his email. It turns out that VirusTotal reveals that this website has been found to be malicious by one security service. Also, both Scamadviser.com and Scam-Detector.com have doubts about this site. A WHOIS tool shows that it was also registered less than 3 months ago on March 25! Oh, and did we mention that Mr. Kevin Mitnick, the world famous hacker, died in July of 2023?  At least that’s what is shared on his business website and his Wikipedia page.  Wow! He is one very clever hacker! He was able to email Rob FROM BEYOND THE GRAVE!

      Footnote: When we Google these exact words, in this exact order (using quotes)… “our customers trust us to help them protect their most valuable assets by working with hundreds of thousands of vetted hackers” we find seven other websites that use this quote and most of them seem very sketchy.  For example, one is called Muyern Trust Ethical Hack, using the domain Muyerntrusthack.solutions. Their site says that they have 28 years of experience, 2000+ employees and operate in 5 countries. But their domain was registered on 12/4/2023, a little more than 6 months ago. They also say they are located at 4949 Pleasant Hill Road in Guntersville, Alabama. This also doesn’t feel right since Google shows this address to be a small 1-bedroom home in rural Alabama.

      It appears that Rob opened a deep Alice-in-Wonderland rabbit hole and nothing inside of this online investment world is at it appears to be!  In case it isn’t already obvious, please stay away from cryptobanks and investment firms that offer too-good-to-be true rates!  Before investing, be sure to verify, verify, VERIFY!  And, for the record, we believe that 99.9% of all companies who claim they can recover your money lost to crypto or other online scams ARE THEMSELVES A SCAM!

      Are You a Victim, Online Privacy is an Oxymoron, Agent Keene and More…

      We are working with a reporter on a news piece about scams that use fake online banks as a part of their fraud. If you, or anyone you know, has been a victim of fraud that used an online bank account or website, please contact us by sending an email to fraud-victim@thedailyscam.com. We are very interested to hear your story and, with your permission, use it to help others avoid this type of fraud.

      Our readers know that the term “online privacy” is an oxymoron and we are strong advocates for understanding how and when our personal data is used or sold. We believe everyone has a right to safeguard their personal data and have full clear disclosure when and how their data is shared or sold.  We raise this point after recently reading an article in the NYTimes called Is Your Driving Being Secretly Scored?  The question is rhetorical if you read the article!  Or this parallel article from the New York Times about the actual apps on your phone that are gathering your data. What is most surprising is that several completely unrelated phone apps have been found to gather data on your driving habits and sell it to companies linked to the Insurance industry, according to the NY Times article. The permission you give to allow this, when you install the apps, is obfuscated and deeply buried. In other words, it isn’t obvious. Apps like Life360 (a location safety app for parents to monitor their children), MyRadar (about weather forecasts), and GasBuddy (helps find lower fuel costs) were all found to sell data to insurance companies. We find this type of secretive monitoring egregious and scam-like! Caveat emptor!

      Speaking of personal data, a YouTuber, @AdviceWithErin, posted a short video highlighting the ways that scammers collect LOTS of personal data just by offering you a job via text, email or DM.  If you know someone looking for a new job, I suggest you show them this Youtube video! https://m.youtube.com/shorts/YvdT8AWs8mg

      Rob gets the most amazing emails from people all over the world, including the FBI! On June 10th he received an email from Agent Elizabeth Keen! That’s right! As in “Agent Elizabeth Keen” from the TV series Blacklist that first aired in September, 2013 and ran for 10 years! We suppose the actress Megan Boone, who played Agent Keen, was sooooo successful that she was hired by the FBI and got to keep her stage name! She told Rob that he had a “legit fund worth $37.5 millions USD” waiting for him to collect!  This trail of emails later included an email from the Director of the FBI, Mr. Christopher Wray. Except Mr. Wray misspelled his own name as Mr. Wary.  Should Rob be wary of them? (**We apologize for all our bad dad jokes. We can’t control ourselves.**)

        You know, it isn’t always easy or fun to be a scambaiter and play with scammers day and night like Rob does. Sometimes it can be dangerous and even life-threatening too! Check out this recent email that was sent to him by “John Good afternoon” to say that some men are threatening to KILL him! And all because of one hair! (That is not a typo!)

        Seriously though, If you have any doubts about how sleazy and low-life some cybercriminals are, read this article on CNN detailing how they target small, rural hospitals in the US with ransomware.  Shutting down a hospital’s computers and network has literally caused people to die. This is no exggeration. Fortunately, Google and Microsoft are trying to help.

        https://www.cnn.com/2024/06/10/tech/hospital-cyberattack-google-microsoft/index.html

        FYI, the Podcast we just posted last week is about ransomware attacks and includes an interview with Justin Armstrong. Justin has lots of experience helping hospitals in the medical industry recognize, avoid, or recover from ransomware attacks.  Check out Episode 6!

        It breaks my heart to have to report this to our readers…. Damaging deepfake pornography photos of girls as young as 14 are being created and distributed online using AI Apps that put the girls’ real faces on fake naked bodies. This practice is denigrating and humiliating to the victims, and their families. Perhaps not shockingly, the creators and distributors of these fake images have often been found to be teenage boys from the schools where the girls attend.  If you have teenagers in your household, I strongly recommend that you have this important conversation with them about this hateful practice. Keep in mind that there can also be serious consequences to the boy who is sent one of these images and then passes it on to others. He should be reporting it to school officials! Not only has this new crime caused deep emotional harm to the girls who were targeted by it, but it is increasingly landing the boys in jail as more countries/states around the world modify their laws to make these deepfake creations illegal to create AND distribute.  Here is an article about the latest example of this heinous crime:

        https://www.cnn.com/2024/06/13/australia/australia-boy-arrested-deepfakes-schoolgirls-intl-hnk/index.html

        From the FTC website, check out what to do if your online love interest offers to teach you how to invest your money:  https://consumer.ftc.gov/consumer-alerts/2024/06/what-do-if-your-online-love-interest-offers-teach-you-how-invest-your-money

        Medicare-related scam:

        https://www.consumeraffairs.com/news/scammers-try-their-medicare-card-scheme-on-a-consumeraffairs-reporter-060924.html

        Check out our latest podcast about Ransomware Attacks, added just a few days ago!  Visit…

        https://www.securewon.com/resources/podcasts/

        Chase Bank, McAfee and PayPal Orders

        No doubt you’ll notice that this first smelly phish didn’t come from either of Chase Bank’s domains, chase.com or jpmorganchase.com. Anyone can write anything into the text field in front of an email address and writing “Chase” simply doesn’t make it from Chase! The link to “View Letter” once again misuses a service called Sendgrid.  Chase Bank customers are heavily targeted by phishermen in scams like this!

        Notice the names used in this bogus email from a free Gmail account.  “Scarlett” doesn’t match “bdmmz3918” and neither of them have any connection to McAfee Support! One thing is always true of these types of phishing scams….. They never include your personal details or credit card information in the invoice because this is a complete fraud! Never call the scammer’s phone numbers unless you plan on playing with them (scambaiter) or you have your noise-cancellation headphones and Air-horn can ready! Otherwise…. Deeeeleeeeete!

        One of our longtime readers sent us this lovely example of a phishing scam that looks legit on face value. But if you look more closely, it’s easy to see things that make no sense! Such as the fact that you’re told the $488.40 charge won’t show up on your bank account for 24 hours, though this was already charged to your account. That’s not how it works.  If this amount were charged to your account, you would see it listed as “pending” in your account. This is followed by absolute nonsense at the bottom of the email, including “Best regards, Your Company.”  Seriously? Delete! Report your smelly phish to us and Google!

        https://safebrowsing.google.com/safebrowsing/report_phish/

        Loan PreApproval, Stimulus Confirmation, and Netflix

        Another one of our readers sent us this voice message that was left on her phone not long ago. Apparently, she was preapproved for a $51,000.00 loan, although she never applied for one! The voice recording gave her 3 options which included calling 424-393-1161 if she wanted to be removed from these calls.  We looked up that number and, of course, found multiple references to scams such as this post on 800notes.com and multiple posts on Scammer.info going back to December, 2022! The call came from 288-945-4944.

          Last week I received my final 2024 “Stimlus Confirmation.” That’s right, “stimlus.” The fact that these idiots misspelled stimulus five out of six times, assures me that they are idiots and have no eye for details. (Thankfully!) But what I don’t understand is how they realize their error and spell “stimulus” correct on the sixth and final use of the word, but then not go back and correct the first five entries of it?  Sounds to me like these people need to find another line of work.  

          This is a threat we’ve all seen many times before but considering how many people use Netflix, it’s important to let you know this clickbait is still circulating!  “Your membership has expired!” No actually, it hasn’t and your lame email didn’t come from netflix.com and the links don’t point to netflix.com! The link in this one points to alexianepizzoa[.]com, a domain that was registered last February and Google knows nothing about. Hmmmm, we wonder why?

          Keranique Products

          Keranique products are popular and available from many businesses including Amazon and Keranique’s own website at Keranique.com.  However, their products are also being misused as malicious clickbait emails and we want to show you a recent example. This clickbait was sent from the malicious domain we mentioned recently called littleaizer[.]click that was registered with Namecheap. This malicious website was hosted on a server in Riga, Latvia and the link in this clickbait is connected to Estonia.  Did we mention that Keranique is a US company?

          WhatsApp Group Add, I’m Olivia, and Job Opportunities

          Wow, too many scam texts last week and too little space to show them all! First of all, we’re hearing from people who use WhatsApp that they are being added to random groups by unrecognizable phone numbers. Check out this screenshot a woman shared with us. She was added to a group called “Future Team A734” by a phone number in Indonesia!  Of course she clicked Exit Group and then blocked the number.

          More and more, people are reporting random texts that seem to land on their phone “by accident” such as this one from Olympic Roofing. Yes, there is such a business but the number in this text is not associated with this business, according to Google. The overwhelming majority of these random texts are scams!  Block the sender and delete.  

          You should never reply to these random texts, unless you want to join our anti-scam club and have some fun like we do! Check out this text exchange I had after I received a random text from Olivia. Supposedly, Olivia mistakenly sent me a text intended for someone called “Ms. Helen” but after telling her she had the wrong number, she wanted to be my best friend! After calling her out as a scammer, I never heard from her again! I think that since she ghosted me after I asked her that question, the answer is likely “yes.” 

          One of the most critically important things to recognize about possible fraud is the age of a website (domain name).  Here are two recent examples that came as texts to our readers.  The first is a job offer from Ashley. But the offer came from a bizarre email address using the domain tucoi[.]tech. This domain was registered a week earlier and is hosted on a server in Lithuania!  The second email is about weight-loss products and offers a link to the domain healthfith[.]com. But this domain was registered the day before this text arrived!  Domains that are this young are dangerous!  Remember to check a domain’s age using either of these great WHOIS tools:  

             https://whois.domaintools.com/

             https://www.whois.com/whois/

          Until next week, surf safely!

          Copyright © 2024 The Daily Scam. All rights reserved.
          You are receiving this email because you have subscribed to thedailyscam.com

          Marblehead, MA 01945

          Contact Webmaster