Select Page
Weekly Alert  |  March 16, 2022

Rotary clubs around the world have taken swift action to provide food, water, medical equipment and shelter for Ukrainian refugees. Click on the image above to donate.

    However, the young man was concerned that his new job offer wasn’t legitimate. Everything seemed OK, including the fact that his new boss said that they would fly him to the UK at their expense.  But he needed to purchase a UK Visa in advance in order to leave India and enter the UK.

    We hope our readers noticed the multiple errors in English grammar and awkward sentences in the email above! It certainly didn’t seem very professional or from anyone in the UK!  Also, the new boss was willing to cover cost of the flight and accommodations BUT NOT pay for the man’s visa struck us as odd.  We asked the young man to forward the email to us from the UK Visa office and that’s when we were able to say definitively that his new “boss” was a liar and this was all a scam.  Below is the email from the “UK Immigration” office, which include the visa requirements and described the 375 Pound visa fee.  But the email was sent from the domain called post.com.  Post.com is a FREE domain offered to anyone from services like GetMailSpring.com.  If this were a real email from the UK visa office, the domain should be Gov.UK!

      The next day a single woman contacted us to say that she had been in a relationship online for about 5 weeks with a lovely man. His name was Jason Lindvig and he was an Engineer and owned a company called Detron Engineering & Construction. Besides his business website, he also had a website in his own name, JasonLindvig.com.  Very recently, Jason Lindvig had been pressuring the woman to help him with a problem. Jason had been a victim of credit card fraud, he said, and therefore could not make any large charges to his card.  He needed the woman to charge about $10,000 worth of Apple MacBooks for him on her credit card and ship them to his office in Cyprus where he was away on business.  The primary reason Jason said that the woman could trust him is because he sent her a check for $825,000, though made out to him. The woman was to hold onto the check until he returned from Cyprus and Jason thought this was his “good faith” exchange for asking her to buy/ship computers to him. This felt completely wrong to the woman and she contacted us. We easily exposed this man’s fraud be showing her that the man she had been in a relationship with had stolen online images of a man named Andrew Nicolls!  You can read more details about this fraud at the bottom of our article A Professional Love Scammer From Zimbabwe.

      Last week we also heard from another single woman who uses dating apps. She received this lovely message from a handsome man named Kristoffer. His message to her seemed too good to be true. More importantly, we couldn’t help but notice that the REPLY-TO address for Kristoffer was different than the FROM email address.  This is classic 419 Scammer behavior! So we decided to dig into this email a bit more and conducted a reverse image search of the photo that Kristoffer sent.  That photo was posted on many dating sites around the world…

      On CloudRomance.com, Kristoffer’s profile showed that he created it in 2016, at age 46, and hasn’t had any friends connect with him. His account had only the one photo.  He also says “looking for a woman between 20 and 80 years…” Given what we found, we advised the woman to cut off contact with Kristoffer, or whomever this liar is!  Hmmmm…. Between 20 and 80 years old?

      Dodging Machine Gun Fire While we are deeply saddened by what is happening to Ukraine, and to the Ukrainian people, our headline “Dodging Machine Gun Fire” is not a reference to this unprovoked and insane war inflicted by Vladamir Putin.

      Between March 1 – 7, Doug (TheDailyScam.com) received 594 malicious spam emails disguised as dozens of topics. This deluge has also included 93 emails from women requesting a sexual encounter or pushing sex-enhancing drugs. This number means that Doug is getting, on average, as many as 13 requests per day to have sex with women across the Internet. It’s actually very funny!  Below are just a few of the subject lines from these “women” who are eager to meet him. We have purposely blurred some of the more extreme language. We share this with our readers because we want them to know several things about emails like this…

      1. Many of these emails include tracking links that inform the sender information such as time of day, date and number of times the email was opened.  Some trackers can even identify the general location of the person opening the email.

      2. Malicious clickbait comes in many forms and strategies. We have heard from several men, for example, who think they are engaging in online sex with a willing partner, only to learn that the woman has recorded their time together. Extortion is then her next move!

      3. Remember the adage “If it seems too good to be true, it is.” Doug doesn’t believe that any of these dozens of women, all using different email addresses and oddball domains, want to meet him out of any real or legitimate intentions.  Anyway, he’s happily married to a wonderful woman and quite content!

      We’re certain that many of our subscribers enjoy reading a good book!  Perhaps, even an eBook! Can you tell whether an eBook subscription is legitimate or just a scam?  Let James Greening of Scamadviser uncover these fraudulent pages in his recent article Incrementum Media & Wuhuu Network, eBook Subscription Scams or Legit?

      Your Package Failed to Deliver and Your Password Will Expire… This week’s smelly phish are a bit different than our usual banking variety. Take this one sent to us by a newsletter subscriber. It claims that a shipment by the United States Postal Service is still waiting for him to pay a $3 fee before it can be sent. Of course, this is ridiculous because the USPS doesn’t operate this way!  Also, the email came from the crap domain called asmaa[.]work. And the link points to a shortening service! Though we expected these links to lead to malware, they pointed to a fake USPS website collecting personal information! Check out the screenshot below!

      The Daily Scam email inbox continues to get bogus emails telling us that our email password “will expire within 12 hours” and other nonsense.  This example was supposedly sent from us, to us! We love the scammer’s sense of humor! The links in this phish pointed to a webpage on appspot[.]com. There are many articles online for years that talk about how this web-developing platform has been misused by scammers, such as this 2019 article on Zscaler.com.

      The clever devils who sent this designed the link and the web page so that it will take an email address domain name and place it at the top of the LOGIN window, and add the email address to the login field for username.  We decided to have a little fun by changing our domain name from thedailyscam.com to SCAMUNOW and modified our email address to “I-am-a-scammer.”  Check out the results on the appspot web page.  We like what we created!

      Never Crack This Egg or Take a Shopper Survey in Russia! – With Easter coming up in just a few weeks, we wanted to let everyone know of a malicious clickbait design that lazy scammers dust off each year and reuse in anticipation of this religious holiday celebrated by many millions of people. (Read our feature article from March 2 about a Lazy Scammer who created more than 4 dozen similar fake banking websites!) It’s called “Crack the Egg.” In this malicious clickbait variation, cybercriminals call it “Shoot the egg.”  This graphic of 3 eggs, to crack or shoot, has come out every year, mostly in March and April, as a clickbait design for many years now. We first documented this design in October, 2017.  This particular email happens to be about a Costco shopper survey.  Lazy cybercriminals just dust off the old design, tweak it a bit, and send it off with links to new malicious websites.  This email clearly didn’t come from Costco, and the link begins by forwarding victims to a Russian online social media service called VK[.]com.  Step way from this ledge, Comrad!

      Speaking of scams involving Russia, here’s another malicious clickbait sent to us by a longtime subscriber. “Open.Immediately” says the subject line, pretending to be an email Shopper Survey from Sam’s Club.  But the link in this clickbait, once again, points to a service in Russia called click[.]ru! (It is easy to see that the 2-letter country code “.ru” stands for Russia.) Fortunately, several online security services see through this fraud!  Deeeeeleeeeete!

      Attachments from Germany – Last week two interesting emails dropped into our inbox at The Daily Scam that each included a large 1.2 MB attachment.  The first arrived at 1:41 AM from a “disposal and recycling” company in Germany (2-letter country code “.de” = Deutschland = Germany).  It was made to look like a SWIFT deposit for a LOT of money.  We ignored it…

      Later that evening we received a second email from Germany, but this time from a domain called “suse.”  The message from “Michela” said “here is a copy of payment” and also included a 1.2 MB attachment.  And yet, Michela claimed to represent a business with a website in Italy.  Of course, it didn’t matter what it referred to.  Both attachments were malicious!  Do you think that both emails came from the same cybercriminals? We do!

      Debit Was Made, Love Our Service, and Lose Weight! – Check out these various text messages sent to us by our readers.  Each one of them is a fraud and contains a link that is 100% malicious!  The text asking “love our service?” was sent from a domain that was registered in Spain on the day before the text was sent! Would you have been tricked to click on any of these links?

      Until next week, surf safely!

      Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
      have subscribed to it via Scamadviser.com or thedailyscam.com

      Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

      Contact Webmaster