Weekly Alert  |  June 8, 2022

Can an Address Change Service Be a Scam? Recently, a reader contacted us to ask if we had heard about a website advertising rapid address changes for people when they move from one place to another. We had not.The woman paid nearly $30 to enter a change of address and RapidAddressChange.com promised to make sure that all her mail would be forwarded to her new address. However, nearly a week after changing addresses, her mail was still not being forwarded to the new address.  When she investigated more deeply, she discovered that she had paid $30 for a service that the United States Postal Service charges $1.10 for and it didn’t work as advertised.  When she tried to contact the RapidAddressChange.com service she couldn’t reach anyone even though the site advertizes 24/7 support.  She finally complained to her credit card company and had the charge reversed. Then she registered her address change online here at the US Postal Service. We looked into this service and found some surprising information! Check it out...

Apparently, the Better Business Bureau has had a LOT of complaints about this company which is available online at both RapidAddressChange.com and RapidAddressChange.org.  The reader who contacted us had a similar story to many of those posted on BBB.org as well as other websites like OnlineThreatAlerts.com and ScamGuard.com.    RapidAddressChange.com (and we would add “.org”) has 30 complaints against them and an “F” rating at BBB.org.  Apparently, as of May 29, the domain RapidAddressChange.com has expired but there is still a website there and at the top, in bright green, it says they offer 24/7 support.  NOT SO, according to many complaints online and the woman we spoke to! No one picks up the phone or responds to email or a chat window, according to complaints.

The website located at RapidAddressChange.org is IDENTICAL to the one at the DOT-com.  RapidAddressChange.org also says it was founded in 2020, though the domain rapidaddresschange.org was registered in February, 2022.  Also worth noting is that a Google search for the physical address displayed on the RapidAddressChange.org or DOT-com website, turns up another business with the same address but called “Address Change Easy LLC.”  This other domain had similar complaints against it as far back as 2013 and reported in this CNBC News article

We asked the woman how she found this website to begin with and she told us that she ran a Google search for two words: address change.  We tried that search and were very surprised by what we saw.  The top four links were for Advertisements. (No surprise there.)  But, what caught our suspicious eyes were both the domain names associated with those Ads AND the descriptive meta text provided to Google that appears in the top blue-linked line. (A “meta description” is text that a visitor doesn’t see on the website but is meant for search engines to find and display to people searching for relative content.)  Notice that 3 out of these 4 Ads say the same thing… “US Move – Temporary or Permanent Change”  This is not a coincidence.  It STRONGLY suggests that those 3 websites were created by the same people. The fourth Ad is also very suspicious because it shows “U5PS – Change of Addrs Online.”  Notice that “U5PS” is meant to LOOK LIKE USPS!  Moreover, the oldest of these domains displayed in these ads is less than 7 months in age, while two of these domains are little more than 2 months old.

We visited some of the websites in the above Ads and found them to have incorrect English and NO CONTACT information whatsoever.  No address. No phone number.  One of them, in fact, offered nothing at all including how to hire their service!  It was usemovemail[.]com

So what’s going here? Clearly, there are multiple websites charging a lot more money for a service that is practically free and is available through the United States Postal Service.  And, according to this woman’s experience and the many complaints online, some of these services don’t live up to their promises.  Are these address changing websites scams? We’ll let you, our readers and the many complainants we found online, answer that question for us. In the meantime, CAVEAT EMPTOR!

Blocking Spam Texts Every week we hear from readers who receive spam texts, most of which are malicious clickbait trying to trick you into infecting your phone with malware. Sometimes they are overwhelming! Scamadviser has recently posted an article with several valuable tips on how to block or reduce these annoying messages. The tips include a free resource from Micro Trend to help!  Check out…

More

Congrats! Online Deception is So Easy! We wish we had a dollar or euro for every time we’ve said how easy it is to deceive people online!  We would be rich! Here is a perfect example of this.  One of our readers forwarded this email to us that she received from “Courtney Goldson” at the domain cogoldson[.]com.  Courtney was writing to invite the recipient to join a “long-standing tradition in our company” called “The LegalShield Profiles of Success.”  The recipient was invited to join the company’s team!  How exciting, right?  Except that it didn’t pass the recipient’s “smell test” and she asked us to take a look.  Our first step was to check out the age of Ms. Goldson’s website, especially since she referenced a “long-standing tradition.”  Guess what? Her website was 11 days old!  Some “tradition,” huh? Of course, cogoldson[.]com was registered anonymously in Iceland!

Also, rather oddly, a visit to cogoldson[.]com will redirect visitors to another website called “ls-info[.]com” where you’ll find a short video, form to submit questions, image of “Courtney Goldson” along with an email and phone number.  We stopped at that point.  Afterall, what was the point? “Courtney” lost us at “long-standing tradition!”

Deception is so easy, with so little risk that the perpetrators will be caught!  Take this short, but sweet offer from “Cecilia Papa” to earn $650/week to display an advertisement on our car.  Talk about easy money?!?  Except that Cecilia’s email clearly came from a server in Argentina AND we are asked to reply to a completely different address than the email came from. No thanks, we’ll pass!

Our good friend Rob, Pro Scam-Baiter, sent us this screenshot of a Google Chat Message that popped up in his inbox not long ago.  “Judith anderson,” a complete stranger, said “Hello dear” “How are you.”  Rob is smart enough to recognize online deception and didn’t take the bait.  Would you?  Remember….it is sooooo easy to deceive others online! (Hoorah! Another $1 for us.) 

Costco is an American wholesale company selling lots of goods and services. They have published a webpage showing all currently known scams targeting Costco customers to check out.  It’s a pretty impressive list! Visit:

https://customerservice.costco.com/app/answers/detail/c/10/a_id/9770#9

\Wearing a Disguise, Changing Banking Details and American Express Once again, we heard from a school that was targeted by a cybercriminal phisherman from Africa. This scammer created a fake email account using the name and image of the school Principal, named Jon. When this was brought to our attention, Doug immediately pretended to represent the school and reached out to the scammer.  Enjoy the conversation….

On Tue, May 31, 2022 at 7:32 PM Jon [NAME REDACTED] <[REDACTED].edu@gmail.com> wrote:

Can i take some of your time through email?

On Thu, Jun 2, 2022, 5:11 PM Doug wrote:

Hi Jon, Sorry I didn’t see this sooner.  What’s up?  What do you need?

Doug

On Fri, Jun 3, 2022 at 7:08 PM Jon [NAME REDACTED] <[REDACTED].edu@gmail.com> wrote:

Please I’m in a meeting right now that’s why i’m contacting you through here. I should have call you instead of mailing you but phones are not

 allowed to be use during the meeting. I don’t know when the meeting will be rounding up and i want you to help me out on something very important right away can you? 

 

On Sat, Jun 4, 2022, 9:00 AM Doug wrote:

Yes, of course!  I’m always happy to help you. What can I do?

Doug

 

On Sat Jun 4, 2022, at 9:21 AM, Jon [NAME REDACTED] <[REDACTED].edu@gmail.com> wrote:

Can you help me get an Ebay  gift card from the store right now? for some staff members for a job well done, I will surely REIMBURSE you back today once I’m done with the meeting.

 

On Sat, Jun 4, 2022, 10:00 AM Doug wrote:

Jon, 

Normally I would be happy to help  But we both know that you are just a low-life scammer who would rather try to lie and cheat than get a real job and treat other people with dignity.

How does it feel to be such a low-life? Is it really that hard to find a real job?

By the way, ALL the school employees know about your lame tricks.

Have a nice day.  

Doug

 

On Sat Jun 4, 2022, at 10:44 AM, Jon [NAME REDACTED] <[REDACTED].edu@gmail.com> wrote:

What do you mean?

On Sat, Jun 4, 2022, 11:07 AM Doug wrote:

Is it really that hard to find a real and honest job in your area of Africa?

 

On Sat Jun 4, 2022, at 1:18 PM, Jon [NAME REDACTED] <[REDACTED].edu@gmail.com> wrote:

Yes, it is.

Following “Jon’s admission that it was hard to find a real job, we asked him if he tried to ask friends or relatives to help him in this effort.  We asked when he last tried?  It was at that point that “Jon” started asking for our WhatsApp phone number, presumably to continue with a text chat.  We ended the conversation there.  NOT COINCIDENTALLY, the school’s Director of Finance (DFO) ALSO received a spoofed email from a school employee, asking to change her bank details for direct deposit.  This wasn’t the DFO’s first exposure to this kind of scam!  She’s seen this movie before and contacted us.  We looked at the code used to create that employee email and found that the email address was spoofed.  The email actually came from a parked (unused) domain called torontomotorcars.com AND a reply to that email would have been delivered to davidpalmer23401 @ gmail.com, NOT the employee shown in the email!

Another reader sent us this lovely email telling her “we have paused your card” and about her American Express Card.  But she didn’t have an American Express card!  Though the link in the email appears to be americanexpress.com, it actually was coded to point to a subdomain at davegoldenestate[.]com. Deeeeeeleeeeete!

Kitchen Aid Mixer for Free! We all know that lots of legitimate consumer products and services are used as malicious clickbait by cybercriminals trying to infect your devices with nasty malware.  But did you know that cybercriminals gangs have “insurance policies” to keep their malicious efforts up and running as long as possible? One way they do that is to send out their malicious clickbait from multiple different sources AND use malicious links that point to multiple different bear traps! Here’s a recent example of exactly what we mean.  Both of these emails were sent to one of our readers 69 minutes apart. Both emails employ a similar type of mimicry that also confirms to us that they were sent from the scam criminal gang.

This first email, disguised as a KitchenAid promotion, came from a domain called xndiewire[.]com. There is a REAL email service called indiewire.com but xndiewire is not the same! The REPLY-TO address offered, however, points to the real service indiewire.com!

The second identical malicious clickbait came from the domain grontgate-email[.]com.  This is NOT the same as the very legitimate Frontgate.com!  Also, the reply-to email points to frontgate-email.com.  It is critically important to look at details carefully before believing or clicking links!

Payment Fully Made. – Sometimes we feel like we have a BIG RED TARGET on our backs because of how often we are targeted by cybercriminals. It warms our heart to know that our work bothers them AND it gives us content to share with our readers!  Like this lovely effort to send us a payment for goods or services we never provided, from a business and domain name that we knew not! “Brenda” (or Nadd Al Hamar) sent us a payment scam as a PDF file. However, if you look closely, we see that the attached file doesn’t END with DOT-PDF. The DOT appears after PDF followed by an i and other characters.  This was no pdf file!  And why does this email show so many different domain names in different locations?  Hmmmm…. We’ll just leave that little ol’ payment alone.

Oh NO! Our email inbox is nearly full!!!  We’ve nearly reached our quota and MUST click the link in order to receive any more emails from readers, or scammers wanting to pay us money, says an email from a Hotmail account called “admin.”  Though we knew not to click, we were pleased that the security service CRDF was able to identify the malicious software laying in wait for us at the end of that link.

    Finally, we apologize to all those people contacting us and to whom we didn’t reply!  Apparently, this recent delivery report said that we had 18 messages being held for review by our email system. We were asked to click a link to review them to be released.  That’s OK.  We’ll just let them sit a while longer while we enjoy the episodes of Stranger Things!

      $500 Gift Certificate, Join the Bitc0in Analysis Group, and Here’s a $5K Offer! – One of our readers received a wonderful “in-store_G1FT._CERT.” for $500!  The way this text was written was quite comical, and easily revealed that this was malicious clickbait!  Swipe to delete!

        We at TDS received this lovely offer in late April from 829-325-6424 to join a “Bitc0in” analysis group!  This lovely invitation says we’ll earn $500 to $5000 per day.  Tough to turn this offer down, right? We did.

          And finally, we’ve received MULTIPLE offers like these via text to borrow up to $5000.  That’s exciting!  What should we do with that money?  So much to think about….  (Never reply to these texts with “STOP” because it will only encourage more of this junk!)

            Until next week, surf safely!

            Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
            have subscribed to it via Scamadviser.com or thedailyscam.com

            Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

            Contact Webmaster