Select Page
Weekly Alert  |  June 21, 2023

Scamming a Scammer – Are You Free? An all-too-common scam happens when a phisherman targets a business, organization or school by creating a fake email account in the name of the head, CEO or other leader of the institution. The scammer, using the newly created email account, reaches out to employees to ask for a favor because she/he is in a meeting and needs something right away. Keep in mind that these bogus email accounts are often clever because they often contain the photo of the real employee, real contact details found in the person’s legitimate email, and may sometimes even be spoofed to appear as the person’s legitimate email, but contains a different “reply-to” address. For years we’ve been reporting on these types of scams that have targeted a school in Massachusetts. Not long ago, we had the great privilege to jump into this school’s email system and respond to a scammer pretending to be the school Principal. The good news…. It didn’t go well for the scammer and we tricked him into clicking a tracking link TEN TIMES over 2 days! The bad news… the “Principal” said that Doug was going to be fired on the next school day! Enjoy!

Early on Friday evening, June 9, a school employee received an email from his Principal, a man named “John [LAST NAME REDACTED]” but the employee recognized that it didn’t come from John’s email address. He contacted Doug and invited him to engage! Check out this conversation which included a trick to get the scammer to click a tracking link that revealed his location…

John [REDACTED].     5:04 PM (1 hour ago) to me

Are you free at this moment??

John [REDACTED] 5:28 PM (1 hour ago) to me

I wonder why you are seeing my massage and you are ignoring me

NOTE: Asking if “you are free” or “available” is a VERY common first line used in this scam. By the way, we would have felt very uncomfortable if we had truly seen this scammer’s “massage!”

Doug 5:34 PM (1 hour ago) to John

I’m sorry John,

I was very busy finishing student grading!  What’s up?

John [REDACTED].     5:35 PM (1 hour ago) to me

Can you complete a task for me at this moment?  Are you there?

Doug.  5:39 PM (1 hour ago) to John

Yes, I’m here. I’m free now.  Do you want to call me instead?

NOTE: A scammer will NEVER want to speak with you by phone or video chat because it will reveal him as a fraud!

John [REDACTED].   5:41 PM (1 hour ago) to me

Am in a meeting right now I can’t make phone calls that was why I’m contacting you through here and I need you to help me get something done right away it’s very important can you ?

Doug.   5:42 PM (1 hour ago) to John

Yes, I can help. What do you need?

John [REDACTED].   5:43 PM (1 hour ago) to me

Can you help me purchase some couple of gifts cards from the store I need to send them to some staff members for a job well done I’ll be reimbursing you back once I’m done with my meeting can you help me with that right away and also keep discreet cause I don’t want words going round before it get done. Okay

NOTE: This scam is EXCEPTIONALLY common! No REAL LEGITIMATE PERSON will ask you to purchase gift cards, reveal the code and send it via email! This is 100% a scammer’s request!

Doug.   5:45 PM (58 minutes ago) to John

I’m about to head out to pick up some take-out dinner so that works for me.  There’s a CVS next to the restaurant.  What kind of gift cards do you want? Also how much and how many?  My order is going to be ready in 15 min!

John [REDACTED] 5:46 PM (58 minutes ago) to me

The amount I want is $200 in five (5) pieces  so I that will be total amount of $1000 I’ll be reimbursing back to you once I’m done with my meeting you get them remove from each pack,scratch them off and take a clear picture of them and mail them to me on here ok.

Doug   5:47 PM (57 minutes ago) to John

Wow!  That’s a lot more than I expected you to say. Can I use my school credit card to get these?

John [REDACTED]     5:48 PM (56 minutes ago) to me

Yes, go ahead.

Doug 5:49 PM (57 minutes ago) to John

Ok, thanks.  Give me about 20 minutes. Leaving now!  Dinner is ready to be picked up

John [REDACTED].    5:50 PM (56 minutes ago) to me

Ok, thanks.

At 6:17 pm, Doug sent “John” 2 pictures of gift cards taken from the Internet. He purposely inserted them in a small size so that the scammer would have to click them to enlarge them and read the scratch codes…

 

John [REDACTED].    6:17 PM (30 minutes ago). to me

Are you there?

Doug    6:18 PM (29 minutes ago) to John

Yes, were they OK?

John [REDACTED].    6:19 PM (29 minutes ago) to me

Keep sending

But Doug didn’t need to resend.  “John” had already tried to click and enlarge the images multiple times.  But each time he did, he clicked a tracking link that identified where he was located in the world! He was in a district of Lagos, Nigeria, near the water. Notice that on the next day, the scammer used a VPN service to log into a server in Bayou Cane, Louisiana, USA and then clicked the email link again. He must have thought that he was somehow blocked in Nigeria from seeing the enlarged images of the scratch codes.

Doug then decided to call out the scammer for his fraud…

Doug.     6:20 PM (27 minutes ago) to John

Hey John, imagine how YOU would feel if I scammed your mother in Lagos, Nigeria.

You’re a lowlife scammer. I hope you rot in hell

John [REDACTED]     6:23 PM (25 minutes ago) to me

I don’t understand you ?

Doug.    6:29 PM (19 minutes ago). to John

Hey [EXPLETIVE REDACTED], I know you are a scammer located in Lagos, Nigeria.

I don’t think I can make this any more clear. EVERY employee at this school knows about your scams! 

John [REDACTED]      6:31 PM (18 minutes ago) to me

Never I can never do that you will be sack on Monday. you Dong 

NOTE: Fortunately, Doug didn’t get “sacked” on Monday! But he did get a big thank you from the school employees!

Guinness Beer Father’s Day Giveaway Scams Have you received messages on WhatsApp that claim that Guinness is hosting a Father’s Day giveaway campaign? Don’t click (though it sounds attempting) — it’s a SCAM! Check out and protect yourself with this 100% FREE, all-in-one tool.

More

Can You Believe HP Collects This Info About You? Recently, Doug purchased a new HP Printer. Unlike the installation of his previous 8-year old HP Printer, he couldn’t help but notice that this new printer strongly encouraged consumers to install an HP Printer App to complete the installation and set up of the new printer. Reluctantly, he downloaded the app and began to install it. However, as with nearly all apps, he was asked to review and accept the personal information that HP collected from people who installed this app. Doug decided to read the details of “information collected” before accepting it. Upon reading what HP collected, he immediately deleted the APP and all data related to it from his phone! What do you think is reasonable data for HP to collect about the people who purchase and use their printers? What do you think is unreasonable?  We were shocked by what they asked for permission to collect! 

Regarding the PRIVACY of your information, below is just some of what HP asked for permission to collect through their app (and website and other 3rd parties. The content below was found in their document titled… INFORMATION COLLECTED ABOUT YOU.  (Words appearing BOLD RED below are done by us to bring them to your attention!

Contact Data – We collect personal and/or business contact information including your first name, last name, mailing address, telephone number, fax number, email address and other similar data and identifiers.

Payment Data – We collect information necessary for processing payments and preventing fraud, including credit/debit card numbers, security code numbers and other related billing information.

Location Data – We collect geolocation data when you enable location-based services or when you choose to provide location-related information during product registration or when interacting with our website.

Security Credentials Data – We collect user IDs, passwords, password hints, and similar security information required for authentication and access to HP accounts. (TDS NOTE: This is another good reason WHY it is so important NOT to use critical passwords for services like this that you use for your email, banking, credit card accounts, etc.!)

Demographic Data – We collect, or obtain from third parties, certain demographic data including, for example, country, gender, age, preferred language, and general interest data.

Preferences – We collect information about your preferences and interests as they relate to HP Services (both when you tell us what they are or when we deduce them from what we know about you) and how you prefer to receive communications from us.

Social Media Data – We provide social media features that enable you to share information with your social networks and to interact with us on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites you use to make sure you understand the information that is collected, used, and shared by those sites.

Body and biometric Data – When you use our products, you might provide us with information about your body, such as your height or weight, or gait to create personalized objects with our 3D Print technology. With your permission, some of our products may collect biometric information (such as a fingerprint) to perform functions on the device.

Other Unique Identifying Information – Examples of other unique information that we collect from you include product serial numbers, information you provide when you interact in-person, online or by phone or mail with our services centers, help desks or other customer support channels, your written, voice or video responses to customer surveys or contests or additional information you have provided to us to facilitate delivery of HP Services and to respond to your inquiries. 

INFORMATION AUTOMATICALLY COLLECTED 

Printer Usage Data – We collect printer usage data such as pages printed, print mode, media used, ink or toner cartridge type (in particular, whether non-original cartridges, or cartridges with a non-HP chip or electronic circuitry are used), file type printed (.pdf, .jpg, etc.), application used for printing (Word, Excel, Adobe Photoshop, etc.), file size, time stamp, and usage and status of other printer supplies. We do not scan or collect the content of any file or information that might be displayed by an application.

Device Data – We collect information about your computer, printer and/or device such as operating system, firmware, amount of memory, region, language, time zone, model number, first start date, age of device, device manufacture date, browser version, device manufacturer, connection port, warranty status, unique device identifiers, advertising identifiers and additional technical information that varies by product.

Performance Data – We collect information regarding the performance of individual device hardware components, firmware, software and applications. Examples of the data we collect include information relating to memory and processor performance, environmental conditions and systems failures, printing events, features, and alerts used such as “Low on Ink” warnings, use of photo cards, fax, scan, embedded web server, and additional technical information that varies by device.

Website Browsing Data – We collect information about your visits to and your activity on our HP websites, applications or websites “powered by” another company on our behalf including the content (and any ads) that you view and interact with, the address of the website from which you arrived and other clickstream behavior (such as the pages you view, the links you click or which items you’ve added to your shopping basket). Some of this information is collected using cookies, web beacons, embedded web links and similar technologies. To learn more, please read our Use of Cookies and other Technologies Statement.

Anonymous or Aggregated Data – We collect anonymous answers to surveys or anonymous and aggregated information about how our HP Services are used. In certain cases, we apply a process of de-identification or pseudonymisation to your data to make it reasonably unlikely to identify you through the use of that data with available technology. (TDS NOTE: While many companies anonymize and aggregate data, research has shown that other companies are able to de-anonymize some types of data and connect specific data with specific users, accounts and people.)

Please note: Some web browsers incorporate “Do Not Track” features. Currently, no industry standard exists for handling “Do Not Track” requests, therefore at this time, our websites may not respond to “Do Not Track” requests or headers from these browsers. (TDS NOTE: This is an important reminder that choices like “Do Not Track” are meaningless! E.g. Did you know that many websites have the ability to collect information you have entered into a data field even if you delete or change it, prior to clicking submit?  They can collect anything you enter even if you choose NOT to submit it!)

As you have likely noted, we’re extremely annoyed by HP’s request to collect a lot of personal data about us! And, in our opinion, HP has no right/need to collect much of it!  For example, if WE want to give HP our email address or phone number, then we will. However, we believe that this personal information shouldn’t be handed over to every business, like HP, when we purchase and set up a product from them. Doug continued the installation and set up of the HP Printer on his laptop but this also required software installation AND making choices concerning “HP Smart privacy preferences.” HOWEVER, look carefully at this screenshot of choices that HP presented to Doug! Is it clear to YOU which toggle setting turns ON or OFF the “ALLOW” or the disallow choice?

 

We believe that ambiguous settings like those shown in the screenshot above are done on purpose by companies so that fewer consumers will make the choice to hide/protect their personal data and themselves from intruding businesses trying to collect it!  Though we are not claiming that HP is being dishonest, it is COMMON to learn that companies either lie to their consumers about the information they collect/use or do a poor job of protecting the personal information they collect!  Case in point is this article on the FTC’s website about a Genetic Testing company called Vitagene. Despite their claims that they exceeded standard security practices to protect people’s genetic information and related details, they DID NOT and it was easily available online. Also, just last week, the New York Times published this opinion piece about the lack of privacy that is found in software, like Whatsapp, that claims to be encrypted from end-to-end. (The NYTimes published an excellent article last January titledEveryone wants your email address. Think twice before providing it!”)

We’ve written about the overwhelming lack of privacy that consumers face when they use technology many times, such as in the Top Story from our June 29, 2022 newsletter. It’s called She Played a Scammer Like a Skilled Musician!) Also, in February, 2019, Wired Magazine published an eye-opening article called The Wired Guide to Your Personal Data (and Who is Using It!) (We recommend reading it!)

James Greening at Scamadviser recently published an excellent article about the recent announcement by Google that it would begin to use some new global top level domains that have serious risks associated with them!  Check out his article to find out what the risks are….

https://www.scamadviser.com/articles/googles-new-zip-and-mov-tlds-spark-phishing-fears-by-experts

We hope this puts a smile on your face. It certainly put one on ours!  This short and sweet email is the very definition of a scam and makes no sense whatsoever! If someone TRULY knew how to earn $25,000 in a week, why wouldn’t they do it themselves rather than telling YOU how to do it?  Or are they saying earn just $25.00 in a week? Enjoy!

CashApp Payout, Intuit Account on Hold, and McAfee Cash App is another mobile payment service to install on smartphones. This email was sent to us by a reader who doesn’t have or use the Cash App! And he knew that no one had sent him $1000! This rotten phish came from a domain, bitivation[.]com, that was registered less than 2 months earlier.  NOTICE that the link in this fraud points to the GoogleApis service.  You CANNOT trust legitimate services to protect you from fraud! We see this over and over again!

Over the last couple of weeks, our friend Rob has been sharing phishing emails with us that contain malicious mimics of the service at Intuit.com.  Here’s another way and exemplifies how cybercriminals register look-alike domain names that they should NEVER BE ALLOWED TO REGISTER if ICANN.org, the Internet name governing board, truly cared about netizens around the world!  The look-alike domain in this phish is bookintuit[.]com.  There’s sort of another look-alike used in the link, though it is very poor AND misspelled! The link points to instuitprofilemerchant[.]com! Your account is definitely NOT on hold!

Everyone needs a little “indentity protection,” right? This OBVIOUS fraud is hysterical, and not just because of the domain that the email was sent from! For example, did you know your “subscription was expired?”

You Still Can’t Trust Google or Amazon Services or Twitter Links! For about 2-3 weeks, one of our readers has been hammered by malicious clickbait from a Japanese news website called asahi[.]com. It has clearly been hacked and misused by cybercriminals! Nearly all of the malicious emails are nearly identical, but claim to represent “loyalty programs” for different well-known American businesses like Verizon & T-Mobile. We’ve all seen the “Answer & Win” clickbait hundreds of times before! However, we also want to point out again that this clickbait misuses the well known services at AmazonAWS[.]com!  Once again, you cannot trust legitimate services to protect you from harm online! Two security services found this AmazonAWS[.]com link to be malicious.

Deeeeeleeeete!

Claim your gift by completing a 60-second survey is just another VERY common clickbait used by a particular cybercriminal gang to target your devices with malware. This layout and design has also been used hundreds of times! And once again, this clickbait points to the misused AmazonAWS service.

Being able to recognize 2-letter country codes in email addresses and links is helpful to recognizing fraud! It’s the first thing we spotted in this email that came from a server in Myanmar, and not the company called REI! This is another “loyalty program” clickbait that misuses the link-shortening service at Twitter. The shortened t.co link will forward visitors to a very dangerous website called quietspheres[.]com, which is hosted on a server in Russia. LUNGE for the delete key!

“Signed & Secured” —One of our readers sent us this very dangerous email that appears to come from the National Health Service Employee email service in England. The content claims to be about Geico insurance documents. But the recipient had no reason whatsoever to expect such an email or documents related to Geico insurance! If you ever receive an email like this that is suspicious and makes no sense, DO NOT CLICK THE LINK or DOWNLOAD FILES! Notice that there is no phone number to call or person to contact if there is any question about this email. Our advice is to delete!

Investment Pitch Via Text and Join BTC Discussion Group — We think that RFG is likely a legitimate investment firm, based on a Google search. But that doesn’t mean this lovely text is legitimate!  The phone number can’t be traced to RFG or any legitimate business. And before you suggest that this was just an “accidental” text to the wrong recipient, we would argue that such “accidental” texts are a common strategy for scammers to engage with people!  Delete!

This next text has been received by many of our readers over many weeks. This one came from an email sent by a crazy domain that was registered in late April, called bodhnd2[.]top.  That’s enough to identify this as a fraud! However, the promise to learn how to make $5,0000 to $50,0000 PER DAY is 100% complete crap! Flush this one down the toilet!

Until next week, surf safely!

Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com

Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

Contact Webmaster