Select Page

We would love to hear your feedback

THE DAILY SCAM NEWSLETTER  |  MARCH 13, 2024

Co-Founder/Content: Doug Fodeman  |  Co-Founder/Creative: David Deutsch  |  V04N05

Cybercriminals Recently Poisoned Google to Target You!

Last week we received a very interesting warning from Justin Armstrong, founder of Armstrong Risk Management LLC. He found evidence of search engine poisoning happening on Google that is very dangerous to the public! We further investigated what he shared with us and discovered that it is just the proverbial tip of the search engine iceberg! This poisoning of Google searches goes quite deep. It is about tricking YOU into believing that scammer phone numbers returned by Google are actually legitimate customer service numbers of well known businesses. Join us and we’ll show you examples of this poison and how to avoid it! 

Justin showed us that cybercriminals were poisoning Google search phrases such as “how do I talk to a live Facebook person.”  We tried this search and, once again, were shaking our heads in disbelief by the results. Our disbelief wasn’t about finding the fraud. It was the deep disappointment that Google cannot prevent this obvious fraud from targeting the public! To start, check out the first and ONLY legitimate link that was returned in the first few pages of a Google search last week. It’s important to notice the DOMAIN name in the link that is provided. We’ve underlined it in this screenshot and you can see that it points to Facebook.com, as it should. (But sadly, if you were to click this legitimate link, you would be terribly disappointed by Facebook’s (i.e. Meta’s) response, or lack thereof. They don’t provide any phone numbers to call, only more links to help you answer your questions online. Very disappointing. Good luck trying to reach customer support!)  HOWEVER, now look closely at what followed in the “People also ask” section and the next link after that!…..

Google was so terribly poisoned that they displayed a scammer’s post to answer our search question! Two phone numbers are offered, one is described as the “official helpline number” (It IS NOT!) and the other as the “quickest way” to reach support at Facebook and is also a fraud! Notice the recent date in their UNhelpful  response.  Neither 844-457-0351, nor 650-543-4800 are real Facebook customer support numbers! They are scammer’s phone numbers! While searching for 844-457-0351 we found it listed 27 times on about 21 different websites, including LinkedIn accounts and Google Groups. Scampulse had 2 reports regarding 844-457-0351. One of the reports, posted on February 24 by J. Towne says it all…

“I wanted to talk to customer service at FaceBook to report identity theft. I found 844-457-0351 on a Google search that looked legitimate. When I called, the person who answered claimed to find false FB sign-ins in my name from three states, plus attempts to buy bitcoin from FaceBook Marketplace. She had me download a remote control app, then asked me to open my bank accounts on my phone. At that point I balked and hung up, then deleted the remote control app and changed passwords on FaceBook, PayPal and my bank accounts. The person was quite competent and believable until I refused to open my bank accounts. She became belligerent and argumentative. I believe I got out of the entanglement in time to protect my assets. Warn people AGAINST that phone number. It still shows up in “reliable” Google searches for FaceBook customer service.”

It’s important to point out that about 2 years ago 650-543-4800 was reported as a scammer’s robocall number on Nomorobo.com. You can hear the recorded scam message here. When we investigated 650-543-4800 look what came up in our Google search….

    Many websites posted this fake information and claimed that 650-543-4800 was a legitimate phone number. That’s how Google was poisoned! So many links were found across the Internet pointing to this bogus number as the Customer Support Number for Facebook. But here is the most critically important thing to notice…. NONE of these websites is facebook.com’s help or contact page!  Many of these bogus sites were from recent scammer’s Linkedin accounts. Some poisoned information was posted on other sites by scammers such as powerapps[.]com. Another poison pill was actually posted on Facebook itself, but it was a Facebook Group created BY A SCAMMER!  Some sites also claimed that 844-457-0755 was also the legitimate Facebook Help Center phone number, but this, too, is a lie!  It is another scammer phone number!

    When we visited this Facebook group titled “Facebook’s Phone number is: (650) 543-4800” we found a group of 336 members that was started by someone named “Rebekah Rivkah Godrey.” Of course this group was open to the public but it had NO INFORMATION WHATSOEVER! And who is Rebekah Rivkah Godfrey?  She’s a ghost!  She has no personal information, no photos, no friends….NOTHING showing up in her FB account! That’s because “she” is just an alias used by a scammer. Don’t believe these lies that turn up in a Google search! (Check out this link on Scampulse about 650-543-4800. Many people have reported calling this number and being victimized or almost victimized!)

    The number of times and places we found scammer listings of bogus phone numbers was shocking! They have completely manipulated Google to show their scam phone numbers when you search for a variety of customer service numbers!  We found many of these poisoned references on both LinkedIn and Twitter (X) accounts set up by scammers using names like “John Smith,” “Steven Brian,” and “David Smith.”  They all claimed that 844-457-0755 was the correct Facebook help phone number. But it is a scammer’s phone number! We also noticed something else very interesting about these malicious accounts. Obviously, people report these malicious accounts to LinkedIn and Twitter once they are victimized.  We found that LinkedIn did the right thing and took these malicious accounts down soon after they were reported. But look at the malicious Twitter accounts in the screenshot below.  They were posted back in December, 2023 and, as of last week, these accounts were still available and providing malicious information!  We have read articles how Twitter has completely disregarded user’s safety since Elon Musk bought the company. (According to an article posted on Forbes.com in January, 2024, Elon Musk fired abut 80% of X’s safety team!)   We feel this is one small bit of evidence that demonstrates Musk’s lack of concern for his community’s safety and the entire Internet!

        The serious level of Google poisoning was not restricted to customer service phone numbers for just Facebook. We found the same kind of tricks posting misleading information to scam phone numbers for services like Netflix and Paypal as well. No doubt, there are likely other services misrepresented. Check out this small sidebar that came up on a Google search, telling us what “others also viewed” for our search.  Each led to a bogus account created by a scammer and offering a scammer’s phone number instead of the real phone number for the service!  Notice that someone named “Hammy Dhillon” created 4 of these 5 accounts and “Shivani Pal” created the last one.  (We can’t help but wonder if the name “Shivani Pal” is a clue that cybercriminals in India are behind this fraud? They are notorious for this type of phone fraud, in general.)

        Don’t be fooled by this search engine poisoning trick!  NEVER believe a phone number is the correct customer service number UNLESS it is found in the HELP or CONTACT pages of the service itself! LOOK AT THE DOMAIN name of the website that is associated with the Google search information! The information posted by scammers can seem legitimate and extensive. Check out what “Hammy Dhillon” tells us in the screenshot below when we clicked his link in response to our question “how can I speak to someone at Netflix.” The LinkedIn account has a long list of details about contacting Netflix customer service and they are all a lie! Hammy has been very busy.  Here are 4 links to completely fraudulent information posted by Hammy on LinkedIn and active as of last week:

        DON’T BELIEVE EVERYTHING THAT TURNS UP IN A GOOGLE SEARCH, ESPECIALLY CUSTOMER SERVICE PHONE NUMBERS!

        **Many thanks to Justin Armstrong for bringing this to our attention!

        Lame Scammer Tricks, American News Sites Built by Russia, & More…

        Just a few days ago, two of our readers sent us two emails that employ some of the same stupid scammer tricks. To be clear, these are very likely “Nigerian 419” advance fee scams. The first trick is that the name in the beginning of a FROM email text field is typically different than the name that appears in the actual email address found between the < > symbols.  Lame trick #2 is that these scammers often claim to represent legitimate government agencies, organizations or banks but they send their emails from domains all over the world that are NOT the business, agency or organization they claim to represent!  Our examples below came from servers in Hungary and Argentina, respectively. Finally, we show a third lame trick that is sometimes used by scammers to save them time when sending out hundreds, or even thousands of scam emails!  Check it out…

        US Citizens are well aware that we are now deeply in an election year and all the attention that this brings, both good and bad. Lots of this attention originates with news websites writing about the candidates, their policies, their quotes, and politics in general. Without opening a can of worms, it is reasonable to say that some of these websites are highly biased and even publish misinformation or lies as news. But would you believe that there are scam “American news websites” that have been created and run by Russia! These scam sites are given very American-sounding names like D.C. Weekly, the New York News Daily, the Chicago Chronicle and the Miami Chronicle. On March 3, the New York Times published an excellent article about the appearance of these scam sites pushing disinformation to Americans:
        https://www.nytimes.com/2024/03/07/business/media/russia-us-news-sites.html

        We urge Americans to think very carefully about where they get their news from online, especially social media! Sites like Facebook and Instagram are heavily littered with false information about politics!

        We want to remind our readers that scammers/cybercriminal gangs often use romance, sex and relationships to lure victims into the jaws of their bear traps. We are working on a feature article with many details about a romance scammer who uses multiple aliases such “Dino” and “Chanson Louis.” We’ll provide the link to this feature article later this month. But for now, beware of the face used by this scammer. (It has been reported to us that the real man in this photo is from Latvia. If you have been contacted by the scammer using this man’s photos, please contact us at: romance-scam@thedailyscam.com )

        And when it comes to these types of scams, don’t be fooled by a beautiful face or a sexy woman’s invitation! They are often used by cybercriminals to set traps. Check out this recent email sent to one of our readers. The email came from, and link points to an 8 month old website called flicks[.]site. It was registered by Namecheap in Russia and is hosted on a server in Russia. The recipient had no prior contact with this woman who presumably sent the email. 

        “Pig butchering” scams have been in the media quite a bit in the last few months. They are brutal for a variety of reasons, including the fact that cybercriminal gangs in places like Cambodia and China, have enslaved innocent people and force them to run their scams. About two weeks ago, the comedian John Oliver released a video where he talks about Pig Butchering scams that is excellent! However….Warning: It contains adult language.

        Here are a few other articles of interest for our readers…

        Airbnb Scam:

        https://www.malwarebytes.com/blog/news/2024/02/airbnb-scam-sends-you-to-a-fake-tripadvisor-site-takes-your-money

        Phony IRS refund checks:

        https://www.wpxi.com/news/local/local-woman-warns-others-about-potentially-fraudulent-tax-refund-checks-us-treasury/AUCPD6CXHBAOHCPZ52JUS23NWU/

        Remember to check out our March 15 podcast to be released this Friday, March 15 about how AI is being used in fraud to target people!

        Visit: https://www.securewon.com/resources/podcasts/

        Amazon Verification, Mcafee Subscription and More!

        You have a Prime notification! OMG, according to this email, your Amazon Prime Membership is set to renew on the very day the email is sent! (Does that sound at all like the real Amazon? Hell no!) The email, which came from Brazil by the way, offers a link to update your payment information. But the link actually points to a private Google account document that starts with “Welcome to Amazon Security.” Oh no! Lunge for the delete key! (However, read the very awkward English found on that Google account phishing page.)

        As happens over and over, here is yet another smelly phish that was sent from a free Gmail account. The email wants you to believe it is for your Mcafee subscription renewal but this didn’t come from mcafee.com and the phone number provided is NOT the Mcafee support number!

        Deeeeleeeete!

        We LOVE getting these scam emails sent to us at TDS! This one came from a camera shop website in Pakistan! (“.pk” = Pakistan) Apparently, we have “pending messages” to be received. But the link points to a scammer’s website at flowcode[.]com which will then redirect us to another scam website in the Netherlands called incoming[.]nl.  This website has already been blacklisted by PhishTank!  Remember to report your smelly phish to us and Google!  https://safebrowsing.google.com/safebrowsing/report_phish/

        Peacock Membership and Free iPhone from T-Mobile!

        People are being HEAVILY targeted by malicious clickbait pretending to be from streaming services like Netflix, Peacock and Disney! Check out this one telling the recipient that his Peacock account has been suspended. But wait, they are offering a year membership for free IF ONLY you would click their malicious link! The link, once again, misuses the Googleapis service and is 100% malicious. But we so enjoyed how they ended their email!  These scammers have used this crazy phrasing before.  Read the last line in this email and have a good laugh.

        Time to celebrate! Your email from T-Mobile says you’ve won a brand new iPhone 14 Pro! If only it were true!  This email didn’t come from t-mobile.com, it came from a weird domain called vzmsleem[.]com. According to our favorite WHOIS tool, this domain has never been registered before. That means the FROM address is completely spoofed and we have no idea who sent this clickbait.  However, the Crazy capitalization Errors in this email Make it Obvious that it was NOT written by a native English speaker and certainly NOT by T-Mobile! Five security services found the Googleapis link in this email to be malicious! You know what to do.

        Fedex Delivery Notice and Your Email is Due for Validation

        Cybercriminals love using delivery services to trick victims into clicking malicious clickbait!  Here’s a bear trap disguised as Fedex. They tried to deliver your “parcel” but no one was home to sign for it. Awwww. (They haven’t yet learned that Americans don’t commonly use the word “parcel.”) To sign for it online they want you to click a link that uses Twitter’s (X’s) link-shortening service, t.co. Of course you’ll be redirected to a malicious website! After what we know about Elon Musk’s love for the safety of his community, this malicious link will likely be alive for years!

        A business in the US was targeted by this lovely clickbait. Apparently, the scammers think that the more times they use a person’s email, business name or username, the more likely that she/he will believe it is legitimate and click the link. They inserted this information eight times into this clickbait! Repeating a lie over and over doesn’t make it legitimate, even in politics. (wink, wink) The malicious link actually contains a redirect to a service that has a VERY poor reputation for protecting people. It is a tracking service at r20[.]rs6[.]net. Now delete.

        Amazon Renewal, and a Birthday Gift!

        Wow, we went from very few malicious texts during the last few months to a LOT in the last week that were reported by our readers! Let’s start with this NASTY text about renewing your Amazon Prime account. First of all, Amazon doesn’t send texts about Prime renewals! And they certainly don’t send them from Gmail accounts!  The link in this clickbait points to malware. Yikes!

        One of our readers received this lovely birthday glow text, and it wasn’t even her birthday! Apparently, one of her friends (not named) wanted to wish her a happy birthday. The friend had “birthdayglow[.]com” send her a message/link. It turns out that “birthdayglow[.]com” is nothing more than an online casino. It appears you’ve been given $20 for your birthday to use at this online casino. However, this casino was only registered about 6 months ago and it already has a VERY low trust rating from several highly regarded websites:

        You couldn’t pay us $40 to click that link to “Spin now!”

        Until next week, surf safely!

        Copyright © 2024 The Daily Scam. All rights reserved.
        You are receiving this email because you have subscribed to thedailyscam.com

        Marblehead, MA 01945

        Contact Webmaster