Weekly Alert  |  March 1, 2023

I Got Your Dog! (PIN Scam) Last week Reddit user Darwally informed the Reddit community of a terrible scam that targeted her after a heartbreaking loss. This lead her to reach out to the greater online community for help. On February 20, their lovely family dog managed to escape his enclosure while they were traveling cross-country, and has been lost since then. Darwally said that their family is devastated. So, of course, a low-life scammer saw an opportunity to take advantage of this families suffering and fear about their missing pet.  Check out what this sub-human tried to do and the possible consequences and pain it might have caused. You’ll also learn what a “pin scam” is and why it can be seriously impactful if it’s successful.

On February 21, Reddit user Darwally shared this scam experience with the Reddit community. Her family was moving to Iowa and they made a stop in Ohio. During that stop in Ohio her dog escaped his enclosure and was still lost the next day. The family posted flyers around the area about her missing pet and how to contact her, and since they weren’t from the area, they also posted notices online at LostMyDoggie.com. The next day she got a message from a man claiming to have found her dog.  Here is the opening of their text exchange she posted…

Fortunately, the woman recognized that this was a scam.  She said  “It was heartbreaking to realize I was being scammed and our dog is still lost.” The scammer was targeting her with a “pin scam,” which is a VERY serious scam than can have very serious consequences for people, including deep financial loss, credit card loss, identity theft, and a ripple impact that can spread to friends and family! All of this is possible because, in desperation, the woman published her email address and phone number as contact points for anyone who may have found her dog. 

Notice that the man who claimed to have her dog, asked her to verify that she was the correct person claiming to have lost the dog he found.  He told her that she was going to receive a “verification code” via text and asked her to share it with him to authenticate her identity. THIS IS A SERIOUS RISK!  Lots of services use a security feature in which an authentication code can be sent to your phone if you forget your password or get locked out of your account. Anyone who knows your account ID (such as an email address) and has that authentication code can gain access to the account and you may not know it.  They could LOCK YOU OUT by turning off this authentication feature, or they could change the password, or they could set up email forwarding within your account without your knowledge. They can ransack your account, looking for information to monetize including bank and credit card accounts. Never, ever give a verification code to anyone for any reason!  These codes are for your protection!

Another Reddit member, named Big-Abbreviations-50, said “…the [expletive redacted] who messaged me stating that he had my lost dog and that he needed to “confirm she was mine” by downloading Google Voice and sending him a code, while I pleaded with him to just take her to the shelter so they could scan her microchip. I’m much more savvy now, but the number of people who genuinely don’t give a [expletive redacted]  that they are devastating desperate people out there is horrifying.”  How do these low-lifes sleep at night, knowing that they are targeting people who are already in such pain?

In January, 2020 a gentleman told us that his father received a call from “Wells Fargo,” telling him that someone was trying to use the father’s ATM card but didn’t have the correct pin. This was followed by a text saying that a transaction had been rejected by Wells Fargo.  The scammer, pretending to be a Wells Fargo customer support rep, said she was going to send a code to the man’s phone so that “he could verify who he was.”  In actuality, the scammer triggered the sending of a password reset code by Wells Fargo to the man’s phone.  But sadly, this man was fooled and he gave the reset code to the scammer. 

Once she had access to his Wells Fargo bank account, she reset his pin. During the call she had also asked him for the last four digits of his social security number.  And later during the call she asked him for the first five digits.  After having all his information, she told him that he needed to turn off his phone to complete the reset on his Wells Fargo card.  During the time that his phone was restarting, the thieves withdrew the balance from his Wells Fargo account!  After turning his phone back on, the father called his son to tell him what had happened.  While they were talking the father got a text confirming the withdrawal of his funds, but did not see it until he hung up with his son.

Of course the father soon called Wells Fargo to explain what had happened.  They sent him a new ATM card, and a new PIN, but we don’t know if they ever refunded the stolen money to his account because of any fraud insurance on his account.  What makes this story even sadder is that he received a call from the scammers a few days later asking him if he had received the new card. The son thinks these criminals were going to run the scam on him again. Fortunately, he was a lot wiser that second time around.

Here are two other articles on the web describing the pin scam and showing some examples…

https://computertutorflorida.com/2019/01/the-verification-code-scam/

https://www.usatoday.com/story/tech/talkingtech/2019/04/01/new-scam-targets-cell-phone-accounts-pretending-your-carrier/3331376002/

Turkey Earthquake Charity Scams Beware if you want to donate to a charity and stay alerted about these Turkey earthquake charity scams. You can protect yourself with this FREE, all-in-one tool.

More

Newly Released Data About 2022 Scams — Before we move into the crazy statistics reported about online fraud for 2022, we wanted to invite you to read about several fake investment firms and financial advisers brought to our attention by our friend and scambaiter, Rob.  His tips also helped us find an additional 24 fake online banks, raising our total number of fake banks to 94! Thanks Rob, and keep up the good work in baiting scammers and letting us know what you learn!

Consumer Sentinel, through the Federal Trade Commission, just recently published new statistics about fraud reported for the year 2022. Some of this reporting may surprise you, and much of it is shocking from our perspective. For example, who do you think loses money to online fraud more often? Young people (age 20 – 29) or old people (age 70 – 79)?  The answer is young people, by a margin that is nearly double the number for old people (43% of victims are young people versus 23% of victims are old people). However, as you might guess, the median financial loss suffered by older people was nearly double the median loss suffered by younger people. ($1000 on average, versus $548 on average.)

Of nearly 2.4 million fraud reports in 2022, the number one and two most reported types of fraud were imposter scams and online shopping scams, respectively. More interesting infographics about online fraud can be found on the FTC website here, and includes a very interesting international fraud report. The figures for 2022 are incredibly high! It’s estimated that people reported losing a total of $8.8 BILLION dollars to fraud!  Also interesting, though sad, the biggest losses to consumer were scams that targeted them by phone or social media. More details can be seen on this FTC webpage titled The Top Scams of 2022.

We are seeing a rise in the number of scams related to both the war in Ukraine and the earthquake that struck Turkey and Syria a couple of weeks ago.  These horrible catastrophes are another reminder what awful creatures scammers are who prey upon the pain and suffering of others. Take this recent email from a woman identifying herself as “Jennifer Smith.”  The opening two sentences should set off alarm bells… “Greetings dear. I write this message with tears rolling down my eyes.”  Seriously?  Read her message and you’ll see how insane it is and so unrealistic.  This is nothing more than another advance-fee 419 scam. We like to think there is a very special place in hell for scammers like this one….

Bank of America, Wells Fargo, and Discover Card We don’t believe in coincidences when they turn up in our investigations. Agree or not, we see them as breadcrumbs connecting cybercriminals and the way they operate. Take these first two smelly phishing emails as our examples.  The first wants you to think it came from Bank of America. It was actually sent from a crazy domain name “dancokersmemek23[.]online” This domain was registered on the very day the email was sent.  And for the record, REAL businesses don’t send you warnings as attached pdf files!  The link in that pdf file didn’t point to Bank of America, of course.  It pointed to phishing site at camelsecure[.]online. This nonsensical domain name was also registered on the same day the email was sent.

    We hope readers noticed the DOT-online at the end of both of those fully qualified domain names.  The “online” represents the global top level domain (gTLD). We’ve noticed that cybercriminal gangs often buy domain names in bulk for a variety of scams, all using the same global top level domain, in this case “online.” And so it was no surprise when another reader sent us this phishing scam pretending to be from Wells Fargo Bank and also containing an “online” gTLD! The email actually came from another crazy domain called 5onsup[.]online.  We didn’t even bother opening the pdf. We can already predict what we would find. Another phishing link pointing to a DOT-online global top level domain. This is important because it is one more piece of evidence that these scams are related and point back to the same cybercriminal gang. This is their career job, and one they invest a lot of time and effort into! Given the statistic that consumers lost more than $8 BILLION dollars to online fraud in 2022 alone, it appears that the fraudster low-lifes are winning, sorry to say.

    This smelly phish wants you to think that your Discover card account has been frozen. But this didn’t come from Discover card! And the link, once again, misuses a service called sendgrid[.]net.

    25 Free Meals and Comcast Gift Card Reward Yes, Hello Fresh is a real business that makes and sells meal kits. But they use the domain MealFresh.com. This malicious clickbait came from the domain fishingpraslin[.]com. Don’t be fooled by seeing the word “Affiliate” in the name field!  The links in this clickbait all point to a website that was registered back in 2017 by someone names Priti Desai from Maharashtra, India. There is no website that can be found on it, adaptivelearninglabs[.]com, which likely means that malware is just sitting at the end of this link and waiting for your arrival. 

    Deeeeleeeete!

    Comcast users get targeted a LOT lately by cybercriminals and here’s another example. This email from “Angela” was sent from a crazy-letter domain name. If you look at the Subject line, it makes it clear that this is not from any legitimate website, either.  All links point to a website in the Netherlands (“.nl” = 2-letter country code) called healknak[.]nl. It was registered in early November, 2022. Lunge for the delete key!

    Amazon Malware Link, Verify Your Email Address and Get Your Files — When one of our readers first sent us this email poorly disguised as an Amazon message, we were certain it was another phishing scam. But we were wrong! “Your account has been disabled” is a complete lie. The links point to a website named hdudo[.]com, and not amazon.com. However, when we used tools to investigate the website at hdudo we discovered that users will automatically be forwarded to the real Amazon.com!  This means only one thing….BAM! You’ve been hit with malware and then forwarded so you have no idea what just happened to you!  Hdudo[.]com was registered just 5 days before this malicious clickbait landed in our reader’s inbox. Step away from the ledge!

    Here are more tricks used by cybercriminals to try to gain access to email and website accounts held by people who own or control websites. This first one, asked us at TDS to approve or refuse ownership of our email address!  Now that’s just absurd! Fortunately, three security services agreed with us and saw the threats waiting at the end of that link to dweb[.]link.

    This next email was disguised to look like it came from the file transfer service called “WeTransfer.”  But We Transfer uses the domain wetransfer.com, not our own domain! Take a close look at this email. We want you to notice that it contains a download link for 3 files that appears as though it points to wetransfer.com. However, when we moused-over that link, without clicking, we can clearly see that this link actually points to the SAME MALICIOUS website as in the email above!  It points to dweb[.]link!  This tells us that the same group of cybercriminals is hard at work to target us! Hmmmm… this must mean that our work to educate the public is pissing them off.  Hey scammers, we’ll make a deal with you…. You STOP scamming people and we’ll STOP educating them! Deal? Let us know. You obviously know how to reach us. 

    Reschedule Your Delivery — Texts pretending to be delivery services like UPS, continue to be popular strategies with cybercriminals. Check out this text that came from an email address that also used “ups.com” in the name field.  The email’s domain is actually mail-ups[.]com.  This clever domain was registered less than 2 weeks earlier in Singapore!  The link used in this text is very “cow-centric.”  Don’t moooooove your finger too close to it. You could be UDDERLY disappointed by what happens next.

    Until next week, surf safely!

    Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
    have subscribed to it via Scamadviser.com or thedailyscam.com

    Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

    Contact Webmaster