Select Page

We would love to hear your feedback

THE DAILY SCAM NEWSLETTER  |  MARCH 6, 2024

Co-Founder/Content: Doug Fodeman  |  Co-Founder/Creative: David Deutsch  |  V04N04

Using Reverse Image Search to Reveal Fraud

Have you ever used Google to search for an image you already had to see what else you can find out about that image on the Internet? This exercise can sometimes be extremely eye opening when used to detect possible fraud! We have a few recent examples to show you. We hope that after reading this article, you’ll use this important trick often to verify truth from fiction online about images. However, please keep in mind that this search technique is not always effective as an investigative tool. But when it does work, the results can be EYE-OPENING, as you’ll soon see!

When you visit Google.com, you may have noticed a small icon for a colorful camera on the right side of the Google search field. This is the image-search button. If you click it you’ll be presented with an image search window that offers 3 different ways of adding an image you want Google to search for….

Here’s one way we recently exposed fraud using a reverse image search. Our good friend and professional scambaiter, Rob, received an email asking if he would agree to be the beneficiary of $5.5 Million dollars. If he accepted it, he was asked to use it to fund charities in the U.S. Of course he agreed, being a man with such a big heart who loves to mess with scammers!  Bong Ja, a Korean woman (according to Google searches) told Rob to contact Dr. Noble H. Macmillan, the “Dir. of Claims/Remittance” for Sagacity Bank PLC because that is where the money was put in Rob’s name. Sagacity Bank’s website says they are a US Bank and have been in business for more than 10 years. This is especially funny because their domain was registered on June 8, 2023 in Nigeria! (And just for some added support, VirusTotal also shows a security service has found the Sagacity Bank website to be malicious.)

    Following his instructions dutifully, Rob contacted Dr. Macmillan by email to inquire about the funds set up for him to administer. In his response, Dr. Noble H. Macmillan sent Rob a photo of his bank ID to prove he was, indeed, the Director of Claims and Remittances at the Sagacity Bank Plc. If you were to upload the complete picture of Dr. Macmillan’s ID, you would only locate other IDs, somewhat similar and somewhat different, but proving nothing at all about Mr. Macmillan’s ID. However, when we enlarged Dr. Macmillan’s ID by about 50% and took a square screenshot of JUST his photo and asked Google image search to search for only this man’s photo, the results were amazing and immediate!

    It turns out that scammers had stolen a photo from a man named Julian Francis, President and CEO of a company called Beacon. This exact photo was found on the website for the Center of Economic Development because Mr. Francis is a Trustee and listed on the CED.org website

    A second example of exposing online fraud through a reverse image search happened just last week when we discovered another set of nearly identical fake shipping businesses! During the last few years, we’ve exposed more than 90 fake shipping companies that trick US citizens into being “mules” who are sent stolen merchandise. They think they are hired as “package inspectors” and are told to inspect, repackage, and reship the merchandise, not knowing it was purchased with stolen credit cards. (You are can read more about this fraud here on our site.) This latest scammer’s website we found is called Uprows.com. On the Uprows.com website, they have ten testimonials by people who give this company very high praise! This is especially fascinating since we were also able to show that 9 out of these 10 people are extremely likely NOT to be real human beings at all!  We feel pretty confident that these 9 photos were generated by an AI photo generator at the website Generated.photos. (To learn more about how artificial intelligence is being used by fraudsters in a wide variety of scams including this one, listen to Doug’s upcoming podcast, episode #3! It will be released on March 15 on the SecureWon website.) 

    But one of the ten Testimonials given on Uprows.com was by a woman named Svetlana Piotr. We opened up a larger, original photo of Svetlana on the Uprows website by using a trick described in the screenshot below. This trick also provided us with the following link for Svetlana’s photo: https://uprows.com/front/img/testimonials/1.jpg

        When we asked Google to conduct a reverse image search for the photo of Svetlana, Google showed us that this IDENTICAL photo used for Svetlana can be found at the top of the Staff webpage at ParentsInc.org:

        https://parentsinc.org/staff/staff.html   The photo is of a contributor to the Parents Inc website and her real name is Jenny Weaver. Uprows obviously stole this photo and gave Jenny Weaver a new name!

        We have two more examples to show you on the scammer’s shipping site Uprows.com. Both are about the completely fabricated faces listed as other testimonials and created by the AI generator Generated.photos.  The first is the face of a man identified as Victoriano Georgiy. When we conducted a reverse image search for this photo, we actually found the identical photo being used on a university website in Czech. HOWEVER, the photo clearly has something important written in white letters in the lower left corner! It says “Made by Generated Photos.”

        And the final example from Uprows.com concerns a testimonial of a woman named Nina Maryana. When we conducted a reverse image search of her photo from Uprows.com, we discovered that this identical photo was also used to create a Facebook account for a woman named Mary Holford.  What makes this Facebook account so interesting is the fact that it contained NOTHING but the face and name! No posts, no likes, no followers, no personal information, no friends!  This doesn’t exactly add any credibility that the photo of Mary, or Nina, is a real person!

        We want to leave you with a find word of caution. Unfortunately, Google reverse image searches actually got less reliable in late 2022. It has been reported that Google was sued too many times by those using Google image searches and so they restructured their reverse image search tool and called the new tools Google Lens. Don’t be too discouraged if Google lens doesn’t find the photo you are asking it to find, even if you click “Find Source” at the top of the results page of Google Lens. (It can be valuable to have Google Lens look at the ENTIRE photo you wish to search for by clicking and dragging the bars that appear on your photo to the edges of the photo you’ve uploaded. Don’t leave the Google Lens bars on just a portion of your photo. You can also then try to click “Find Image Sources” which appears at the top of the results page.) Another resource that is sometimes helpful for reverse image searches is Tineye.comThough not 100% reliable, when a reverse image search result DOES WORK, it can make all the difference in the world to help you spot fraud!

        Justice Has Its Day, Increasing Use of AI for Fraud, and More

        Remember the AI-generated phone call that pretended to be President Biden in the New Hampshire Primary in January?  The AI-generated voice of President Biden urged voters in the New Hampshire Primary NOT to vote! The men responsible for making and sending it have been caught and will now face justice!  Check out the article about this crime and catching them in the New York Times!  Sometimes justice moves fast! Speaking of Artificial Intelligence, cybercriminals appear to be adopting these tools much more quickly than we would have liked. More and more articles are appearing about how AI tools are being used by cybercriminals and also some unexpected consequences of the increased use of AI tools. Here are a few we think are worth reading….

        From CNBC: Scammers can use AI tools to clone the voices of you and your family—how to protect yourself

        https://www.cnbc.com/2024/01/24/how-to-protect-yourself-against-ai-voice-cloning-scams.html

        From the BBC’s Podcast series called The Artificial Human: Can AI Swing an Election?

        https://www.bbc.co.uk/programmes/m001wq3g

        From MSN: Why Google Searches Are Turning Up Some Wrong Answers:

        https://www.msn.com/en-us/money/other/why-google-searches-are-turning-up-some-wrong-answers/ar-BB1isU01

        From Seacoast Bank: How Scammers Are Using AI: https://www.seacoastbank.com/resource-center/blog/ai-a-new-tool-for-scammers

        From The Guardian: Human or Fake? How AI is Distorting Beauty Standards: https://www.youtube.com/watch?v=e1WfxWh2t3U

        Did you know that security services have discovered people’s passwords for sale on the Dark Web, along with lots of other personal information? Hackers have acquired this data in hacking instances from all kinds of businesses and services. Hundreds of them have been hacked over the last few years and personal account data has been stolen! To get a better understanding of the type of information about YOU that has been found on the Dark Web and might be for sale online, visit this excellent website called HaveIBeenPwnd.comOnce on this site, enter your email address and click search. (If you have more than one email address, enter each in turn.) You may be very surprised by the results and the information can be extremely helpful in understanding your risks.  If a website or service that you’ve used was hacked and passwords stolen, be sure to change that password on ALL OF THE WEBSITES/ACCOUNTS on which you use that password.  We mention this because last week one of our readers sent us the images below. Apparently, someone in Russia tried to gain access to the person’s Amazon account. This triggered a security code to be sent to the person. To be honest, we’re not sure if this was triggered as simply a security level 2-factor authentication (2FA) or because a hacker had their password, got into the account and was trying to change the password. In either case, it is critically important for our readers to know that these codes SHOULD NEVER be shared with anyone! Scammers will sometimes follow up with a phone call, text or email to the person and craft some crazy story why YOU were sent a passcode and why you should share it with them. For example, they may tell you that they are tech support for Amazon and an issue has come up with your account. The scammers may say that hackers have used your account for nefarious purposes and they are asking you to confirm that you are the real account owner by giving them the passcode you received. NONSENSE!  Hang up! Then send us an email and tell us what happened so we can share your experience with our readers!

        We’ld like to put a smile on your face with one of those Oh-My-God insane scams that has us shaking our heads in disbelief. On February 23, our friend Rob received the email (see below) telling him that he was the WINNER of the “Budweiser lottery!” We don’t make this s$!t up, people!  This bogus Budweiser promotional email came from a domain called budweiser-promo[.]coupons. According to this WHOIS tool, it was registered on August 26, 2023 in Iceland using our favorite HORRIFIC Registrar called Namecheap! Thankfully, both Virustotal and our friends at Scamadviser.com are aware of this fraud!

        Also on the list of “I can’t believe scammers tried this” is this article from WSOC TV. Apparently, scammers tried to refinance a house they didn’t own and without the owner’s knowledge! Seriously? Check out:

        https://www.wsoctv.com/news/local/scammer-tries-refinance-house-behind-owners-back-lawyer-saves-day/LACIDUU6HVAHZAQRX44WT6Y5SY/

        Finally, many of our readers have received these seemingly oddball emails asking if you want to subscribe or unsubscribe. But to what??? There is no recognizable name in the email. It doesn’t matter which button you click on.  Either way, you’ll inform about 80 email addresses around the world that you’ve clicked that link!

        Deeeeeleeeeete!

        And remember to check out our Podcast series episodes! They come out on the 15th of ever month and run about 15 – 20 minutes long:  https://www.securewon.com/resources/podcasts/

        Juno Email, Norton Lifelock

        Check out this bogus “security alert” for Juno email users. But the email came from a news website in Portugal and NOT from juno.com! The link points to a nasty phishing site in Germany that has been identified as malicious by six security services.

        Delete!

        Phisherman LOVE to send rotten phish disguised as auto-renewal notices for antivirus/antispyware and privacy protection software such as Norton Lifelock or Mcafee software. We’ve all been inundated with these scams!  Many come from free Gmail accounts instead of legitimate businesses. Check out these three examples that readers shared with us last week. The first two contain very subtle awkward English. Can you spot the odd phrases? We’ll give you a hint…. Look how they ask you to contact the “customer support team.”

        Paramount Plus and Delivery Notices

        We love a discount but come on…. “Save 95%” is too good to be true! And, of course, it isn’t true. This email did NOT come from paramountplus.com and the links in it, once again, pointed to the badly misused GoogleApis service! From our perspective, the GoogleApis service can no longer be trusted at all!

        This next email, presumably from DHL, is hysterical! Starting with the subject line! “Your parcel has been shipment” and then “HELLO DEAR….”  It sounds like Grandma sent us this email, and not DHL Services. The link clearly doesn’t point to dhl.com! And the content is absurd! DHL would NEVER write an email like this! Step away from this clickbait, and laugh heartily!

        We have another bogus delivery email to share with you. This one wants you to believe it came from Fedex but it didn’t, of course.  The malicious link points, once again, to GoogleApis!  You know what to do!

        ADP Payroll in Process and New Docs for Review

        One of our readers sent us this extremely dangerous threat pretending to be from ADP Payroll.  The attached document is an html file. Files like this contain instructions for your web browser. Cybercriminals can instruct your web browser to visit a malware-laden site or to download malware from anywhere on the Internet. NEVER click on emails with the attachments that end in DOT-htm, html, shtml, js or php!

        Someone named Jeremy sent one of our readers an email made to look like it came from an Outlook account.  There is a 2 page pdf for you to view. But the link leads to a dangerous page on a Godaddy’s website where another malicious link lies in wait! Delete!

        USPS Mail Package

        Last summer and fall, these scammy texts were all the rage and targeting millions of people. Then they disappeared at the start of 2024. It looks like they may be coming back. Notice that “usps” appears in the link as a Sub-domain and NOT the real domain!  The US Postal service domain is usps.com.  The link in this malicious clickbait is postalac[.]com!  This domain was registered in Singapore the day before this text was received by one of our readers!  That’s NEVER a good sign!

        Until next week, surf safely!

        Copyright © 2024 The Daily Scam. All rights reserved.
        You are receiving this email because you have subscribed to thedailyscam.com

        Marblehead, MA 01945

        Contact Webmaster