Select Page

We would love to hear your feedback

THE DAILY SCAM NEWSLETTER  |  MARCH 20, 2024

Co-Founder/Content: Doug Fodeman  |  Co-Founder/Creative: David Deutsch  |  V04N06

Talking with a Scammer Who Doesn’t Know She is a Scammer

Last Thursday I received a text from an unknown woman named Alice, using the number 740-807-1155. Her text began with a simple “How are you?” Once I responded, she told me that she represented the recruitment department of a company called VACO and asked if I was interested in an online job opportunity. I knew immediately that this was a scam because random texts are not the way that legitimate recruitment services, like Vaco, or HR departments operate. However, I was eager to see if I could engage the scammer in a heart-to-heart conversation about their chosen profession as a Scammer! I was in for quite a surprise by the conversation that followed. Would you have predicted these results?

The texts from “Alice” were interesting because they included a couple of graphics to help their scam move along. I hadn’t seen that before.  After 10 minutes of back and forth with Alice, I decided to call her out as a scammer. “Alice” never replied and I thought she simply deleted the conversation and moved on to the next victim, but that is NOT what happened!

About 15 minutes after my last comment to Alice I got a Whatsapp message from a woman named Amelia!  Amelia, texted me on Whatsapp from 213-791-3676. She told me that Alice from Vaco Recruitment Agency had given her my contact information. This was especially interesting because it suggested to me that “Alice” had immediately handed off my information to another scammer to continue with this fraud. This turned out to be somewhat true! But it also suggests that these two people are likely part of a larger cybercriminal gang carrying out this fraud. Amelia said that she wanted to talk to me about a job with Marriott Hotels as a “Hotel Data Uploader.” (Seriously?) When I Googled “Hotel Data Uploader” I got only 2 returns and the first pointed to a question posted on Reddit by someone asking if this was a job scam that came to him via a random Whatsapp message.  How appropriate! But check out Amelia’s Whatsapp profile photo…

Amelia’s profile contained a photo of a beautiful, young, blonde woman in the passenger seat of a car. Though the photo was slightly blurred, I had no problem finding that exact photo in a reverse Google image search!  It was found on several sketchy websites in Poland, as well as a couple of Instagram accounts, including one linked to Azerbiajan. For example….

   https://www.instagram.com/qemer__masajistt/p/CzvcE8vocip/

   https://www.instagram.com/qemer__masajistt/

(Warning: We do not recommend visiting any of the websites shown in the screenshot below!)

Remember that this experience started last week when I was randomly contacted by Alice, who claimed to be from the recruitment office of VACO. I called the Boston office of Vaco LLC last Friday. They are, indeed, a worldwide recruitment company. The woman I spoke with in the Boston office informed me that Vaco LLC (worldwide) does not use text, Whatsapp, or Skype to contact potential clients who may be interested in a new job opportunity. She also informed me that Vaco’s Security Team had recently told Vaco employees of several fraudulent texts targeting the public and pretending to be from Vaco employees. These bogus texts had contacted people about job opportunities! Most of these recruitment scams were targeting Canadians, I was told. (Vaco.com also has a resource page for visitors with information about fraud alerts related to job offers and such.)

However, I was determined to engage with “Amelia” and, hopefully turn the conversation around to her real profession as a scammer! (I was finally able to do that, but the conversation didn’t go as I expected!) Below is the transcript of our chat that took place last Thursday over the course of about 75 minutes. I called myself “Chris.” It is important to notice that I asked both Alice and Amelia if we could video chat instead of having our interview via text alone. Both ignored my question! That is a serious red flag warning that this “job interview” was not real! I also asked Amelia if I could call her in a few minutes to talk about this by phone, but she ignored that request as well. Please note the red bold text below. These are the suspicious points to consider in a conversation like this.  (If you wish to jump directly to the part of the conversation where I am frank with Amelia, drop down to where the name Chris is blue/bold.)

Amelia: Have a nice day, hello, I’m Amelia from Marriott, I hope you’re doing well. Alice from Vaco Recruitment Agency gave me your phone number, Marriott is looking for a Hotel Data Uploader, an online position that pays well. And say you are interested in the work I am doing, can I discuss the work details here via text message? Very much looking forward to your reply, thank you!

Chris: Yes, I am interested! What is your name?

Amelia: Hello, my name is Amelia. Thank you very much for your reply. may i know your name

Chris: Amelia, can we do a video chat for this interview? I think it is easier that way.  My name is Chris. Can you wait until I have time to call you?

Amelia: Chris, I think we can talk about this remote part-time job now. I think you might be interested. I hope I haven’t disturbed you. If you have time now, please give me a few minutes to introduce you to this remote online part-time job. I have been doing this part-time job for 6 months. I think it is great.

Chris: Can we video chat?

Amelia: I think now we can talk about this remote online part-time job, what do you think?

Chris: Sure!  May I ask what time it is where you are located?

Amelia: My time zone is 16:59. [NOTE: This is not a time zone. It was the time at that moment but expressed in the non-American format using the the 24 hour time clock.] OK, I will share with you the details about the job and the base salary and commission! Nowadays, traveling has become very convenient. Whether you are in the United States or traveling abroad for business or work, you can order hotels with good rankings and reputations on your mobile phone or computer at any time. Marriott is an American travel agency that provides hotel and accommodation reservation services. In addition to this, the company also helps hotels improve their star ratings and rankings. You will be responsible for hotel data optimization like me. You only need to click to optimize the hotels that cooperate with our company and increase their visibility so as to obtain better rankings on major travel search platforms, such as TripAdvisor, Expedia, Hotwire… This is a promotional marketing method designed to help hotels attract more tourists and increase customers

Amelia: If there is anything I don’t understand during the introduction, please tell me in time.

Chris: Yes, of course

Amelia:  OK, let’s continue. You will only need to spend a maximum of one hour per day doing this remote work and it will not interfere with your normal activities. Please remember that the workstation is only open from 10 am to 22 pm. You can try this in your own setup using your phone or laptop. In this job role, you will use the company’s work platform to rate and review hotels from your device, designed to make it easy for us to help hotels increase their visibility and rankings, and help hotels increase occupancy rates. Do you understand or have any questions? I’ll give you more information on wages and commissions if it’s clear enough.

Chris: All clear so far

Amelia: OK, you’re great

Chris: Thanks! You make it easy to understand 

Amelia:  Thank you for your appreciation. Let me introduce you to your basic salary and commission! Base pay: $100 for 2 days of work. Pay $500 for work completed in 5 days. Pays $2,000 for 15 days of work. Maximum 2 days/$400. Salary ($6,000+ per month). Daily task commission: 0.5%-1% rebate for each task, up to 180 tasks can be completed per day. Are you satisfied with the pay for this job?

Chris: Nice! I like that pay structure

Amelia: I like it too. Do you have time for training now? There will be a 30 minute training session. Help you better understand the workflow and become familiar with daily operations. During the training, you will receive a company training subsidy of approximately 75-200 USDT. This is the company’s reward for your time and effort. [NOTE: “USDT” is a cryptocurrency launched by a company called Tether in 2014. It is NOT the norm or routine for employers in the US to pay their employees in cryptocurrency!]

Chris: Really? May I ask how that will be paid to me?

Amelia: Salaries and commissions are paid into your workbench account, which you can convert and withdraw to your bank account. [NOTE: The scammer’s website shown below has the “workbench account” into which my cryptocurrency will be paid. NOT into a legitimate bank!]

Chris: Don’t I need to sign some type of contract or hiring agreement first?

Amelia: There is no contract for this job because it is an online part-time job, but we will sign a user agreement when registering our account on the workbench, which also has legal effects. Do you have any questions about the job content and salary package I described above?

Chris: No, thanks!

Amelia: I will give you 30 minutes of training. Do you have enough time now? I hope you can stay online. Before starting training, you will need to sign up for a Marriott work account

Chris: how do I sign up?

Amelia: After registration is completed, the workbench will automatically distribute 10 US dollars to your account as a reward.

Amelia: Please click www.marriottan[.]com to create a Marriott work account. This is my invitation code: 4YAZ6U  After registration, send me a screenshot for confirmation. If you have any questions during the registration process, please ask me in time and I will help you. [IMPORTANT NOTE: Marriottan[.]com is NOT a domain registered to the REAL Marriott Hotel company! See notes below about this malicious domain, set up just 3 days earlier.]

Chris: Great! Amelia, before we go further may I ask you a personal question?

Amelia: of course can. If you have any questions or don’t understand, you can ask me and I will be happy to answer you.

Chris: Are you being forced to scam people or are you doing this by choice? [NOTE: Doug asked this question about an hour into this text conversation.]

Amelia: I don’t understand what you mean. Why do you ask that?

Chris: We both know that this job interview is not real. I read that many people are held by criminal gangs and forced to scam others. Is that what is happening to you?

Amelia: No. Why do you think this is a scam? I’ve been doing this job myself for 6 months and I wouldn’t recommend it to anyone if it was a scam. And in this job, we don’t need to invest any money

Chris: Prove it by having a video chat with me. And your website, marriottan.com, was registered 3 days ago in Singapore  It is not owned by Marriot! I dare you to be honest with me

Amelia: The nature of this job is special and will directly affect the real ranking of the APP in the App Store, so it is not open to the public. No one will admit the existence of this job. Once you publish the information, it means that all the data we make are false. Then the reputation of the merchant will be seriously damaged. [AMELIA’s REPLY MAKES NO SENSE AT ALL!] There is also recruitment, because the demand in the industry is huge, but it is not saturated yet, and the platform uses internal recruitment to recruit people. Can you understand my explanation like this? The company will set up independent sites for different national markets. Because the nature of its work is relatively special and requires a certain degree of confidentiality, in order to prevent information leakage, the domain name of the work system will be updated from time to time.

Chris: Amelia, you are lying to me. Please stop and be honest. The job is not real just like your name and photo are not real

Amelia: The domain name of our company’s work system will be changed from time to time. The purpose is to maintain the normal operation of the work system and prevent others from maliciously stealing work secrets and business models.

Chris: Lies. Be honest, are you ok?

Amelia: I’m fine, please don’t worry, everything I say is confirmed by me, please believe me. If this was a scam I wouldn’t have been in this job for 6 months

Chris: Sorry my dear but you are a scammer.  Based on how you keep pushing these lies and stay in this chat with me, I think you are being forced to do this scam. I’ve already found your photo online and it is not of a woman named Amelia

Amelia: Maybe nothing I say now can change your opinion, but when you get your first commission after training, you will know that this is not a scam, and you will feel lucky because of it.

Chris: Did you know that the photo of you is actually a Polish woman? What is your real name please?

Amelia:You can start and finish the training, and in between, you can choose to stop at any time if you need any fees or investment. You will feel that I am not cheating you when you get your commission and withdraw it to your bank account! I understand it’s hard for me to gain your trust now, and you don’t have to do this job, but please don’t question me, okay?

Chris: I’m sorry you can’t be honest with me. I hope you are safe.  If you have to choose, I hope you choose a life that does not cheat other people. I guess we’re done. Best wishes

Amelia: I don’t think you will believe anything I say now. I can only say that this is my personal experience and I have a clear conscience. I hope it doesn’t leave a bad image in your heart. Goodbye

 

EXPOSING THE FRAUD: Marriottan[.]com

For the record, the domain Amelia gave me for Marriott Bonvoy Hotels and to use for my “workbench” account is a fraud.  Marriottan[.]com was registered through a registrar in Singapore just three days before I was contacted by Alice and Amelia. Marriottan[.]com has been flagged as suspicious, a phishing site, and given a low trust rating by the following websites already:

   https://webparanoid.com/en/check-website/www.marriottam.com#/

   https://www.scamadviser.com/check-website/marriottan.com

   VirusTotal has identified Marriottam[.]com as a phishing scam!

By contrast, if you were to look up a WHOIS record for the REAL Marriott.com, you would see that it was registered TO Marriott International in 1993!

The bogus website marriottan[.]com also has a Whatsapp phone number on their “Contact” page. (The REAL Marriott website doesn’t do that.) The number on the fake site is shown as “Chat on WhatsApp with +1 332-254-6445”  Check out this screenshot of the “wallet” in my account on Marriottan[.]com…

What surprised me so much about this fraud was how much “Amelia” continued to push her fake narrative after I made it clear that I knew she was a scammer and lying to me. (I hope you noticed toward the end of our conversation above that some of her push-back was absolute nonsense!) Given the things that “Amelia” said to me, it is obvious that she is given a script to follow and the nonsense suggests that my questions threw her off her script. But the more I talked with her, the more she seemed to me like a pawn being pushed, rather than a scammer.  I reached out to her again last Saturday, saying “Hi Amelia, or whatever your name is. Do you think you can be honest with me now? Are you being forced to scam people?”  This led to a conversation that continued off/on for a few hours. She was adamant that her job was not to scam people. And it turned out that my accusations upset her. She said that she has been getting paid for 6 months to do this job of interviewing candidates and she has successfully withdrawn money from her account. To her, this was not a scam but a real job! She also told me that she is lucky to have this job. She implied that it is hard for people to find work where she lives. BUT she never revealed where in the world she is from. Nor did she ever say that she lives in the US or is a US citizen! 

I apologized for calling her a scammer, but tried to help her understand WHY her work was part of a scam. She didn’t like hearing it and continued to say that she never saw evidence of it. Though we continued our conversation for a while longer, it was very clear to me that she was reluctant to be completely honest with me. For example, she didn’t answer me when I asked if her bosses told her to use the name “Amelia” along with that profile photo. I asked for her real name, the country she lived in and even her age. She never revealed these answers. But, she also never lied to me saying that her name was indeed Amelia, a beautiful blonde woman living somewhere in the US! She did admit that her job was completely online and that was how she communicated with her boss and accessed her wages. Finally, late in the afternoon I messaged her one more time to say that my expertise was in identifying online fraud. I told her I would leave her alone now but that I hoped she would understand that she was also being tricked into being part of this scam! She was helping to victimize people in some way.  I got no response to my last post.

FOOTNOTE: Coincidentally, I received yet ANOTHER text from +1 (236) 702-4467 the day after first meeting  Amelia. This one said “Hello,I’m Amelia from Snagajob Recruitment Company US.I have a high-paying job I’d like to recommend, are you interested in a remote position?” I didn’t bother to reply…

Privacy Issue on iPhones, Factory Warranty Expired, and More!

We wanted to raise awareness about a new app that is automatically installed on iPhones when they are updated to iOS 17.2. If you have made this upgrade, you may have noticed a new app called Journal. This app, as Apple describes, is designed to let you record your daily activities, along with photos/videos you take with your phone. HOWEVER, there appears to be a lot of concern and confusion about the privacy of information you enter into your Journal app. These concerns are primarily related to the setting that is automatically turned ON when the app is installed.  The setting is “Discoverable by Others.” Below is a copy of an ALERT that has been spreading across various social media, urging iPhone owners to turn off “Discoverable by Others” in the Journal App. Sites like Cybernews.com and TheStreet.com refute this problem and say there is no security issue and it is all a misunderstanding. Our perspective about privacy concerns like this are much broader, however. Over the years, we have seen many instances where private information on smartphones has been collected, legally and illegally, by legitimate companies, scammers and sleezy businesses. NOTHING seems to be private on smartphones from our perspective. Our advice? Turn OFF “discoverable by others” and then delete the app! Do you really want to write personal/private details in a digital journal on your phone for someone else to steal or discover? (Remember, these journals are also likely to be backed up to cloud accounts too.)

Imagine getting the “time sensitive” notice below in your mailbox, telling you that your new Honda’s factory warranty has expired! For the record, we are not saying that this paper letter is a scam. It  was sent to us by one of our readers who received it. But, in our opinion, the marketing tactics used in this letter are scam-like because they are very deceptive!  Look at the image of the letter and envelope, and ask yourself “who sent it?” Was this from Honda, the manufacturer of the reader’s new car?

How did that letter make you feel? We felt angry at the deception and called the phone number in the letter. A man answered and the first question we asked was “what company do you represent?” He said the Eleras Automotive Group. It took us less than a minute to discover that the Eleras Automotive Group has an “F” rating on bbb.org. When we checked last week, there were more than 130 reviews with an average of 1.4 star rating out of 5 stars, and nearly 200 customer complaints against this company. BBB.org posted a warning about the pattern of complaints submitted by people. This company also has a 1-star rating on Yelp accompanied by some awful comments. We found many other links calling this company’s advertising tactics a scam! The lesson here is simple….READ carefully and consider not only what is in front of your eyes, but also what is missing or misleading from an advertisement! (Check out this short YouTube video posted by Scamadviser about Eleras Automotive Group.)

Below are a few recent articles of interest about scams and cybercriminals. The saddest article is this first one about a Public School that suffered a serious security breach resulting in an extortion attempt by the criminals. The school refused to pay and the criminals released personal and detailed information about the children online for the world to find. We hope that the hurt, suffering, and embarrassment that these bastards have caused some of these children and their families happens to the bastards who released this information!

https://www.npr.org/2024/03/12/1237497833/students-schools-cybersecurity-hackers-credit

https://www.yahoo.com/news/hundreds-rescued-love-scam-centre-094252739.html

https://consumer.ftc.gov/consumer-alerts/2024/03/sure-ways-spot-scammer

Remember to check out our newest Podcast about AI-generate fraud! It posted last week on the SecureWon website: https://www.securewon.com/resources/podcasts/

PayPal and Norton LifeLock

We see you rolling your eyes! Nooooooo, not another smelly phish disguised as PayPal, Norton LifeLock or Mcafee!  Forgive us, but these rotten carp are still pouring into people’s inboxes! For this to continue, they must still be effective at tricking some people! Please show these rotten phish samples below to a friend and ask them if they’ve ever seen emails like these! Do they recognize that these are completely fraudulent? This first phish was sent to more than 80 people and the scammers didn’t bother using the ‘BCC’ field. (This is a HUGE red flag and means you should lunge for the delete key! We removed many of the victim’s emails before blurring them.) As you know, this is just manipulative clickbait to get you to pick up the phone and call the scammers. That’s when they do serious damage because many callers believe their narrative lies! 

Here’s another opportunity to roll your eyes again as we state these warnings for the umpteenth time. Check out this bogus email about your Norton Lifelock purchase and…

  • BEWARE of emails with mismatched names! (The name in the text field in front of the name in the actual email address are different: “Althea Melvin” vs. “pauletta schwebachyiey”

  • BEWARE of emails with invoices that come from free email services like Gmail!

  • BEWARE of emails with awkward or incorrect English!

We’ll now step off our soap box….. Remember to report your smelly phish to us and Google!

https://safebrowsing.google.com/safebrowsing/report_phish/

Southwest Airlines Gift Card and Netflix Limited Offer

Wow! You think you lucked out with a $100 gift card from Southwest Airlines for your opinion? Think again! This HIGHLY-malicious clickbait was sent from a seriously abused website, tangismedia[.]net, that we’ve written about multiple times! (Delete all email from tangismedia[.]net) Also, the link in this clickbait doesn’t point to southwest.com, it points to a 12-digit IP address. That’s a sure sign of fraud! LUNGE for the delete key!

Can we just say that any email offer from a business that begins with “hey there” immediately makes us suspicious! And notice how these scammers spell Netflix in the subject line! (Like that’s going to build confidence in the authenticity of this email?) This limited offer for Netflix is identical to so many other scam emails we’ve seen recently. They must be successful because they haven’t slowed down! Don’t believe this junk! $2 dollars per year is too good to be true!

Fedex Delivery Notice and Your Email is Due for Validation

Several readers sent us some seriously malicious clickbait recently. Check out this email pretending to be an “eFax” with a pdf file waiting for you. The email claims that your eFax contains documents to be signed at JSign but the link doesn’t point to JSign! It actually points to a downloadable, executable file at ScreenConnect. This file will enable a scammer to take control of your computer!  LUNGE for the delete key!

This next nasty email of “high” importance tells you that you have a voicemail waiting. But from what service exactly?  The voicemail service isn’t identified! The link is VERY malicious and points to the website called club-os[.]com.

Deeeeeeleeeeeete!

And one more threatening email that was sent from a random collection of characters DOT-net. We checked and that oddball domain name doesn’t exist, meaning that the FROM address was spoofed and isn’t real. The word “Dropbox” with < > symbols is actually part of the text field! This email did NOT come from dropbox.com!  By the way, never, ever click unsubscribe if you consider an email to be suspicious or malicious!  Doing so is like stepping into a bear trap.

Job Interview

Apparently, job interview scams are on the rise as you’ll see below. One of our readers sent us these screenshots last week about a bogus job interview she was invited to by someone texting from 628-227-2184. The interview was all text-based. THAT’S NOT NORMAL! This is most likely an advance-check scam that we’ve reported on more than 200 times! Check out:

https://www.thedailyscam.com/job-interviews-in-google-hangouts/

Again, another reader sent us this text thread that he randomly received from 213-781-3066. Don’t believe “Mary Harvey” when she says she’s from a real recruitment agency. Notice, too, that Mary contacted you via text and then says that the HR person will follow up and contact you via Whatsapp. REAL recruitment companies do not operate like this! 

Until next week, surf safely!

Copyright © 2024 The Daily Scam. All rights reserved.
You are receiving this email because you have subscribed to thedailyscam.com

Marblehead, MA 01945

Contact Webmaster