Select Page
Weekly Alert  |  May 17, 2023

Sextortion on the Rise, Especially Against Teens Threatening to publish naked or sexually explicit photos of someone unless she/he pays the extortionist money or provides even more naked photos is sextortion. It is a brutal scam and unfortunately it is on the rise, especially targeting teens aged 14 – 17. According to this investigative report published last week  on NBC News 10 in Boston, teens are targeted across a variety of platforms, including gaming communities. We have two stories to share with our readers from recent adult victims along with words of caution that you can share with your teens and young adults. Sextortion comes in several forms but it doesn’t matter which one targets a victim. It is a brutal threat and victims can be terribly frightened and deeply traumatized, as you’ll read below. Terribly sad, too, is the fact that a small percent of victims have committed suicide because they were unable to cope with the threats made by the extortionist, even when the entire extortion is itself a complete fraud. 

We were contacted on May 9 by a 25-year old young man who was targeted by a variation of this scam called the “underage girl sext scam.” He said…

“First of all, I am extremely grateful for the research your people have done to bring me peace of mind in your article. I was extremely scarred by this situation. Today I was a victim of the sextortion scam involving me matching with a 23-year old woman on the dating app Plenty of Fish. I was then contacted by a South Carolina phone number, an extremely common trope that I had read in one of your articles on your website. I was threatened by a man claiming that I was in contact with his daughter who was a minor. He claimed she was 15. He then was demanding money to make this all go away. I was also contacted by another man claiming to be an investigator at a Rhode Island Sheriffs Department. I discussed this situation with my parents, who assured me it was a scam. We then went to my local police department and filed a police report. Again I thank you for the article you have written as it has helped ease my anxiety.”

This young man agreed to speak to us if we protected his identity. We’ll call him Alex. We spoke to him several days after his experiences and had time to calm down. But the first thing he told us was that he was still very shaken by the events that happened over a span about about 7 hours on Tuesday, May 9. Even though this young man now understood that he was the victim of a scam, he told us that “the fear was scarring and I kept thinking ‘what if…’”

On Saturday May 6 Alex installed the dating app Plenty of Fish on his phone and paid for a subscription. On Tuesday morning he was swiping and noticed that a 23-year old woman named “Amber” had “liked” his profile and so he matched her like. Their conversation began with small talk as you might expect. But after a few minutes she asked Alex for his phone number. This encouraged him to think that someone was interested in him!  She then continued to text him with small talk but shortly thereafter she turned the conversation to sexual innuendo. Not much later, and without Alex asking for it, Amber sent him a video that she claimed to have made that morning. The video was of a woman masturbating and was extremely graphic. He hadn’t asked for this, not even hinted, and said that it made him feel uncomfortable. Afterall, he had only been texting with this woman over a couple of hours. She then asked Alex for similar photos from him in return but he wasn’t comfortable doing that and told her so. Amber was upset that Alex wouldn’t send any but she moved past it. Indirectly, she told Alex that she would like to meet him after work and said she was in Rhode Island.  (He lives in a nearby state.). The speed of this friendship actually bothered Alex so much that he decided to end the conversation.  Our impression from talking with Alex is that he is a young man with integrity and this experience felt very uncomfortable to him. By 12 noon, Alex had blocked Amber’s number from ever contacting him again. But that wasn’t the end of it.

At around 6 pm Alex got a LONG text from an unknown number.  It was from a man named Mr. Baker, who claimed to be Amber’s father. His texting rant began by saying that his daughter was underage and after Alex ended his conversation all hell happened at his home. He said his wife walked in on their 15-year old daughter making sexual videos to send to Alex. That confrontation descended into a fight that resulted in his daughter having a serious accident that sent her to the hospital. Mr. Baker’s family was now facing a crisis and he blamed Alex for a lot of it. He even claimed that Child Protective Services were now talking to his family about taking away their daughter as a result of everything that happened. Mr. Baker kept saying that Alex needed to do the right thing to help make this better. Alex quickly understood that the father was asking him to send money to him to help cover some of the expenses they faced, which included a $6000 hospital bill!. Alex was almost in shock hearing all this. The call ended with Mr. Baker saying that Alex was going to get a call from a Rhode Island Detective.  Sure enough, a few minutes later, a man called claiming to be from the RI Sheriff’s office. He asked if the name “Amber” rang a bell, and did he know her. This Detective said that Alex was in a lot of trouble and had “a lot of explaining to do.” Alex, thinking that he was talking to a real Police Detective, explained everything that had happened to him.  The officer said that Alex should call the father again and try to make this better because the likely consequences if he had to get involved would be more severe.

[Alex was in such a panic he didn’t pick up on a contradiction that the Detective made until a couple of days later, as he replayed this story in his mind. The Detective first said “I have some serious charges that just came across my desk” but a few minutes later he said “I’m talking to the Baker family to see if they want to press charges.”  These statements were contradictory but Alex didn’t catch that until later.] After getting off the phone with the Detective, Alex called the father back. Mr. Baker rattled off all the things that his family had to pay for.  The father said “you need to step up and be a man” insinuating that Alex needed to pay for things. But Alex said he couldn’t pay anything, over and over. He had no money, he explained. Mr. Baker finally hung up on him. This was about 7 hours after he blocked Amber’s phone number. Later that evening Alex was overwhelmed and broke down to his parents and told them everything that had happened.  

Within minutes, both of his parents saw inconsistencies to this story and told Alex this was a scam. For example, they pointed out, what father is going to be focused on money when his daughter is in the hospital. How did all of this happen in a matter of hours, including the hospital bill and Child Protective Services? His parents urged him to go to the Police station the next morning. On Wednesday, the Police also agreed that this was a scam extortion scheme. Alex turned over the three phone numbers (Amber, Father, Detective) to the Police. The father’s phone number had a South Carolina area code which is important because there were a group of men already in jail in South Carolina who were charged with perpetrating this scam in 2018. Most of these men were African American and Alex told us that Mr. Baker (and the Detective) sounded like Black men, though Amber was caucasian based on her profile photo. It’s important to know that “Amber” never said she was underage and that “she” had created an account on a website requiring users to be age 18 or older.

After speaking with the police and having the support of his parents, Alex started Googling this scam and found our article called Plenty of Fish Has Plenty of Sharks. Since September, 2016 we’ve heard from nearly 950 men who’ve been targeted by this horrible scam. The victim thought he had been communicating with a 23-year old woman but it was never the case.  The victim was communicating with scammers pretending to be a woman (girl), her father and a Sheriff/Detective. The story these scammers used is one of the most common that we’ve documented in our article. Even the name “Amber” has been the most commonly used girl’s name selected by a group of these scammers! But sadly, Alex’s story is not the only sextortion story we’ve recently heard about.

On May 8, a Reddit member using the handle CaterpillarDue46, posted another sextortion experience that had targeted a friend of his on the dating app Tinder and he was looking for advice.  Here is an edited version of what he said. “My friend lives in Germany and got scammed recently on Tinder. So he matched with a girl. They chatted for a few minutes and she added him on instagram. Then she said she is horny and wants to do a video call. So they went on discord and they stripped. Later she said she recorded everything and, on screen share, showed him that she is sending it to all his instagram friends [unless he pays her.] He has already lost about 1500 Euros and she is asking for 100 Euros per week for 3 months to get rid of the video. I suggested he delete all [social media] accounts on internet so he is not on any social platform now and go to the police to report. What do you guys suggest?”

This Reddit member also said “He is not on Reddit and doesn’t know the power of it.” The Reddit community can be incredibly helpful if you consider overall responses to questions like this.  In this case, nearly everyone agreed! The victim should immediately delete all of his social media accounts, then STOP paying the scammer, and report this scam to the police and FBI (and Tinder).  We would add that it would be wise for the victim to also inform a close family member what happened to help support him if, in fact, the scammer follows through with the threat.  If he deletes his social media accounts first, it will be harder for the scammer to follow through, though not impossible. Years ago we once spoke to a man who also fell victim to this scam and paid the scammer about $1800 and thought that was the end of it. But the scammer kept coming back for more. Ultimately, the man paid the scammer more than $6000 until finally the man stopped paying!

If you ever fall victim to this type of threat, we strongly advise victims not to pay the extortionist! We remember hearing from a young man years ago who gave us the best response we’ve ever heard. When faced with this threat, the young many said that he suspected this was a scam, had recorded most of the phone call and was turning it all over to the FBI. Then he told the scammer that he didn’t give a $#i+ what he did because the scammer now had to worry about being caught by the FBI. And then he hung up on the scammer!  That “victim” never heard from the scammers again. Most importantly, people need to understand that it is remarkably easy to deceive others through the Internet or a phone! Sending naked pictures of yourself is extremely dangerous for lots of reasons! We’ve heard of people using an app that will delete your video immediately after it was sent/created. But people can use another device to record that video! Never, ever trust a stranger with images/videos that are so deeply personal.

Below are several recent articles about these horrific threats…

The FBI is reporting a significant increase in sextortion targeting teens.

17-year old Gavin Guffey’s suicide story, reported by CNN (5/13/23)

The Department of Homeland Security has recently reported on a rise of sextortion targeting teens.

Scamadviser warns victims about for-profit companies who charge huge fees and claim to be able to retrieve lost money

Phishing Scams of the Week Phishing scams of the week: GroupMe iPad giveaway, Costco, Walmart, and Tinder. Can you spot all these scams? Protect yourself with this FREE, all-in-one tool.

How Her FB Account Was Hacked and Romance Scams Continue! — Your social media account is a prime target desired by scammers as a way to make them money. Last week we spoke to a woman who fell victim to a simple trick that cost her her account, and through which the scammer targeted her friends. We’ll call her Lucy. At about 8:30 am Sunday morning May 7, Lucy got a text or private message on FB (she’s not sure which) from a guy “hey I’ve been trying to set up my account, and I’ve been asked to have 2 friends verify me. They’ll send you a 6-digit code and If you can send it to me, then it verifies me. Thanks.”  She was very busy at the time and distracted. And coincidentally, the night before, a friend of hers was helping another elderly friend set up an account on Facebook because the man wasn’t too savvy. She thought that it was this friend of a friend. It wasn’t. It was a scammer who used her email address and phone number to try to gain entry to her account, using the “account recovery” feature.

About 20 minutes later, while walking her dogs, she tapped the Facebook app and then the Messenger app but there was nothing there.  She discovered she was logged out. She stopped and tried to log in but couldn’t! She was locked out. Every time she selected “forget password” nothing happened. Finally, the last time she tried to do a password recovery, she was brought to a webpage that had a photo of “a guy in Nigeria.” And then less than 30 minutes later she heard from two relatives. (One texted, the other called her.) They each told her that “she” had asked them for money through her Facebook Messenger account. “She” said that if they would send her $100 through a cash app, that she would repay them $500. About one hour later her Facebook account was shut down and she was permanently locked out. She’s tried for days to get help from Facebook tech support to explain what happened and restore her account. But it shouldn’t surprise our readers that Facebook doesn’t support its community with this help. Our experience with Facebook is that they don’t seem to care about their members enough to help them recover their accounts, even when they are hacked by cybercriminals. (We encourage anyone who had a Facebook account between May, 2007 and December, 2022, to apply for compensation from a recent lawsuit judgment, and thereby let Facebook know you are not happy with the way they treat their community!) We also want to remind our readers that cybercriminals routinely send out phishing emails disguised as Facebook. Checkout this bogus email sent to a reader last March.

Our friend Rob continues to get emails from romance scammers located in Eastern Europe and Russia. We wrote about his lovely experiences in our April 19 Top Story. Check out this lovely email he recently received from “Olha” who claims to be from war-torn Ukraine. What caught our eye, and is funny to us, is that she appears to have misspelled her own name in her actual email address!

And speaking of Ukraine, cybercriminals continue their disgusting low-life effort of taking advantage of the poor people of Ukraine who are truly suffering from Russia’s aggression! 

Featured Advertiser – Incogni

Data brokers make money off your personal information every day.

They buy your data – SSNs, DOB, home addresses, health information, contact details – and sell it to the highest bidder

  • Incogni is a personal data removal service that scrubs your personal information from the web
  • It contacts and follows up with data brokers all over the world on your behalf. For an individual to do that, it can take hundreds of hours
  • With Incogni, you can kick back and worry less about identity theft, health insurers raising your rates based on info from data brokers, robo calls, scammers taking out loans in your name, and all the other terrible things bad actors do with personal data

Amazon, Juno Email and Xfinity Account Holders Don’t believe this “Amazon Alert.” You can easily see that this email came from a crap domain called extbancabrtyun[.]net. The link in this phish points to a server in Vietnam (“.vn” is the 2-letter country code for Vietnam.) Additionally, if you read this phish you’ll see that it contradicts itself! Is your account actually locked or is it going to be locked? 

Every free email service has had their members targeted with phishing scams, such as the next two rotten phish. This first one claims to be about your Juno email account but the email came from a personal AOL account! The link to ‘Verify Now’ points to a phishing page on the free web service called Wix Site. CLEARLY, the awkward English in the opening sentence of this email tells us that the sender was likely not a native English speaker. The last sentence in this email is HYSTERICAL!

And here is another scam email disguised as the Comcast service called Xfinity! Check out the subdomain in the link in this email. It’s a malicious mimic trying to trick you into thinking it points to Comcast.  The subdomain is “comcxfnityserver2” and this website is sitting on a server in the Island Nation called Niue, in the South Pacific, northeast of New Zealand. (“.nu” = Niue)

Fun Phone Scams and Clever Phishing Emails! We have several short phone scam calls that are worth listening too. The first one is thanks to Rob for turning on his AI “man” to speak to this caller about credit card rates. Rob told us that he had six calls within one hour about lowering his credit card rate. They came from six different phone numbers. Does that sound like a legitimate company to you? Enjoy this short conversation between AI-man and scammer!

One of our readers told us that she received two phone messages from a “Crystal Allen” calling about her business refund of $26,000 per employee. She’s retired and has never had a business! The messages also came from two different phone numbers… 828-386-9874 and 877-350-6032.  A Google search of the former number shows a scam posted on NoMoRob.com about student loans, and a search for the latter shows two websites listing recent calls from “Crystal Allen” as scam calls. (CallerCenter.com and 800Notes.com)  We’ve put both phone calls from “Crystal Allen” together, back-to-back so you can hear her asking you to call her back at two different numbers!

Check out this call from “Dominique from Team Google Ads” that was left on the voicemail of a tech department at a school. (We’ve cut out the name of the school and email address stated by the caller.) The key problem here is that a search for the caller’s phone number, 571-685-6884, doesn’t show Google Ads. In fact, a search for this number only pulls up 3 websites in Russia (as of 5/13/23)

Last week the Scamadviser and Daily Scam Team both saw a noticeable increase in phishing scams targeting people in the US and Europe. To raise awareness about these threats, we want to share two very clever phishing emails that use “malicious mimics.” Quickbooks is accounting software used by thousands of businesses and created by a company called Intuit. The legitimate website for Intuit is intuit.com.  Look at the VERY clever websites that were created and used in these Quickbook emails and the phishing page sitting on one of these websites. 

Solar Panel Malware? — Check out this email that came from a server in Germany. (“.de” = Deutschland = Germany) The email contained no information whatsoever but included a 2.4 MB file that very likely contains malware. NEVER click on attached files like this unless you are expecting them, know the sender and the file type makes sense to you.

Venmo — It’s critically important for people to recognize malicious mimics.  This text wants you to believe it came from Venmo. You’re asked to click a link with the domain name venmo-report6[.]support. But the REAL Venmo domain is venmo.com!  This malicious mimic was registered just 3 days before this text was received by one of our readers.

LOOK BEFORE YOU CLICK!

Most “fully qualified domain names” (FQDN) consist of two parts, separated by a period.  The FQDN is the LAST thing that appears in front of the first single forward slash in a link. Now check out this bogus text that claims to be from Netflix telling you that your Netflix membership is on hold. Immediately after the “http://” we see the word netflixaccount. But that is just one of several SUBDOMAINS found in front of the real domain! The REAL domain in this phishing text is called cloudlets[.]zone and found just in front of the FIRST SINGLE FORWARD SLASH! That’s not netflix.com!  According to the WHOIS record for cloudlets[.]zone, this website is sitting on a server in Dolnoslaskie, Poland.  Deeeeleeeete!

And now for something completely different…. Doug at TDS received a bizarre text for Eric Wong from someone named “Joef” and the number 916-238-5038. It was as if it went to the wrong phone number by accident. However, Joef then asked if Doug had a house for sale. Doug replied as you might expect! Fifteen complaints have been filed online about this phone number since last Fall:  https://lookup.robokiller.com/p/916-238-5038

Until next week, surf safely!

Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com

Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

Contact Webmaster