Select Page
Weekly Alert  |  May 18, 2022

Both Love & Sex Online Are Risky in Many Ways It is fundamental human nature that we seek out relationships with others and that we are also sexual creatures. And thus online dating or using the Internet to build relationships is nothing new. Nor is it new for some people to use the Internet for a sexual encounter or to view pornography. However, during the last few years, we’ve noticed a significant increase in the number of online threats and scams that target these fundamental aspects of human nature. Some of them are surprisingly creative, and also horrific because of the unbelievable impact they can have on people’s lives.  And all for the sole purpose so that someone else can make money while causing tremendous harm, emotional and financial, to another human being.  We have four recent blood-sucking examples to show you. 

Imagine, for a moment, the significant impact a paternity test result can have on the life of a woman, man or child. DNA Paternity tests have LIFE-CHANGING consequences.  The very fact that a couple needs to confirm that a man is, or is not, the biological father of a child is significant! Now, thanks to the Internet, DNA Paternity tests are available through companies around the world. But can they all be trusted? James Greening from ScamAdviser.com has learned that there are bogus businesses online that will purposely sell you FAKE paternity tests! Check out his recent article titled “Fake DNA Paternity Test Reports: A Scam with Serious Consequences.”

We personally know of many wonderful relationships that began online, including some that have led to marriages. However, we’ve also seen an overwhelming number of scams disguised as new online relationships such as this new relationship, sent to us by a very experienced scam-baiter. We are protecting the scam-baiter’s identity and will call him Don. On April 16, Don randomly received an email from a woman who identified herself as “Natalya.” Natalya included the photo below and uses a Russian Internet service called Yandex, though her particular Yandex email server is in Belarus. (“.by” = Belarus) In later emails Natalya said that she was 28 years old. 

How could Don resist!  He replied to her email and so their online relationship began. On April 19, Natalya told Don that his emails made her smile.  With each of her emails she included photos of her, and sometimes with another female friend. Four days after receiving Natalya’s first email, she was telling Don that his emails “brought heat throughout the body.” (Hmmm…. Sounds to us like Google translate was treating her Russian a bit too literal!) She asked Don what he liked to do and what, perhaps, he might like to do with her when they are together. Don resisted suggesting anything sexual and decided to see where “Natalya” would take the conversation…

Natalya kept asking Don for photos, about his interests and where he lived, to which he always responded minimally. She began to talk about coming to the United States to visit Don. After only 11 days, exchanging a total of 10 emails from Natalya and 9 emails from Don, Natalya professed her love for Don! She sent him this rambling email on May 6th. It is hard to make sense of some of the things she says, besides “I love you!” About halfway through their “voluminous” exchange of emails, we suggested to Don that he ask for a photo of Natalya holding up the photo that Don sent to her.  He asked her 3 times for this.  She never even acknowledged his request. And, as Don told us on May 15, “Since I asked her to send me a picture of her holding my picture, she stopped writing me.”

We think that most of our readers can connect the dots and see this as a likely scam attempt. After an exchange of 19 emails over 11 days, Natalya is ready to hop on an airplane from Russia to visit a man in the U.S. she claims to love, seeing only 1 photo of him. As Don told us, he fully expected “her” to ask for financial help to buy a plane ticket.  He also told us that her emails never addressed anything he asked about in particular, besides his question about the Russian war against Ukraine. (She said she felt badly for the Ukranians but didn’t want to discuss politics.) All her emails were meaningless and generic. Online love scams from Russian women have actually been documented for many years now.  Check out this 2018 article titled How Not to Get Scammed by ‘Russian Women’ Online found on the news service “Russia Beyond the Headlines” (rbth.com).

Also in 2018 we first published an article called “My Malware Recorded You!” The article documented many examples of bogus emails claiming to have captured videos of people “pleasuring themselves” while watching pornography online. The sender tries to extort money by threatening to release the video to publicly shame the victim. There have been many variations of this threat over the years but each and every one of these emails is a fake.  There is simply no malware capturing a video of the person.  We, at TheDailyScam, get these extortion threats at least once every few months. Here is just one of 4 of these phony threats that we received in early May…

But adding insult to injury in the human landscape of love and sex is the fact that cybercriminals ROUTINELY use online dating as malicious clickbait to infect our devices with malware! Below are several examples, beginning with this supposed notification from Tinder saying “Someone matched with you on Tinder!” But of course the email didn’t come from tinder.com and the malicious link points to a domain (droide[.]website) that was registered anonymously in Brazil in late 2020. (“urbicula” found in the link is a subdomain of droide[.]website.)

In the last six weeks, we’ve seen lots of malicious clickbait hit our honeypot email accounts disguised as dating invitations. Most pretend to be “Silver Singles” or variations of “Meet Asian Ladies” such as the three screenshots below. In each case, the email wasn’t sent from the service it claimed to represent and the domain used in the links was registered just 1-3 days before the email was sent. 

Love and sex will always be a fundamental part of human nature. However, turning to the Internet to engage in either of these, no matter what your motivation or need, has become so much riskier than it used to be.

Crypto Scams of the Week: PancakeSwap, WalletConnect, Trust Wallet The two big players in the crypto sphere, Bitcoin and Ethereum, grew by 59.8% and 399.2% respectively — while some of the smaller cryptocurrencies such as Solana saw returns of well over 11,000%. The bad news is that it was also a profitable year for crypto scammers: a record $14 billion, to be precise.

Scammer Humor to Ease the Pain We so enjoy a good laugh at scammers to ease our united painful experiences of being targeted or victimized by them. This email from presumed Barclays Bank employee, Dr. John Rob, lifts the spirits and lightens the heart. Dr. Rob sent his email from a personal Gmail account called “CIA Intelligencegency” which doesn’t sound terribly intelligent to us. But most interesting of all was that Dr. Rob talks about the Barclays Bank Telex Department. (See 2nd red arrow.)  Is Barclays Bank still using telex machines?? We learned that Telex was very popular post-World War II but the technology became antique and no longer used by the 1990’s.  Hmmmm… should we tell Dr. Rob? Nah! (Telex history on Wikipedia.)

Amazon, Paypal, McAfee & Norton – Oh My! One of our readers sent us this lovely email with an attached pdf about tracking details for her Amazon shipment. OF COURSE, the email showed that her iPhone 12 Pro was being shipped to the wrong address in another state.  But that’s OK! You can call the scammers to correct this minor issue using their nothing-to-do-with-Amazon phone number: 808-740-0191.  At least these scammers have the courtesy of not charging you for shipping that bogus iPhone purchase you never made.

Paypal phishing emails are raging once again. We think most are sent from the same cybercriminal gang because most of these rotten phish misuse LinkedIn’s link shortening service called lnkd[.]in. Mousing over the button “Log in to PayPal” in this screenshot also shows a popup consisting of question marks in a diamond shape. However, below is another bogus Paypal email that came from a personal Gmail account that claims to be an invoice from “Torres Armory” of Orlando, Florida. But the real gun shop in Orlando has no website using the domain “thetorres-usa.com.” In fact, that domain doesn’t exist. And, of course, 805-500-4349 is NOT the phone number for Paypal.  Big surprise, right?

Speaking of scam phone numbers, below are two more recent phish that washed up onto the shores of reader’s inboxes. Ad infinitum, they were disguised as purchases for security services from McAfee and Norton.  

Same Last Name and Southwest Airlines Survey! Money is such a strong motivator of human behavior.  And yet, when you get that gnawing feeling in your gut that something isn’t right, it’s important to listen to it! A woman named Emily got this email from a stranger identified as C.T. Mallory telling her that a man with the same last name as her had died from Covid. (He didn’t even say “sadly” or extend any sympathy at the man’s passing. But why should he? Afterall, he’s just another blood-sucking leech.) The man who died left behind a bank account that needed a claimant.  Can you guess where this is going? Can you say “advance fee” scam three times fast?

This next clickbait was also sent to us by a reader and though the email didn’t contain any working link for us to investigate, we are 100% certain it is malicious clickbait!  It claims to offer $90 to the recipient if she’ll take a marketing survey for Southwest Airlines.  However, the email came from the domain withesreet[.]com, a domain with no content and registered a year ago in Iceland through Namecheap. Remember, registered domains in Iceland, using Namecheap, is an overwhelming favorite for at least one major cybercriminal gang!  Also, the only thing we see at the physical address listed at the bottom of the email, using Google, is a small strip mall.  Does this sound like Southwest Airlines to you? Deeeeleeeete!

Review Your Package and Blocking Your Contacts – It should be obvious to all that “alchemer[.]com” is NOT usps.com! But apparently, your package as arrived and if you don’t click to “review your package” it will be sent back! Hmmmmmm…. We don’t think the real postal service operates this way.  Plus, the link to review your package points to a crap domain called English-Please[.]builders. Oh yah, that sounds just like usps.com!

Item in Shopping Cart and Pending Delivery – We think the same criminal gang, who is cleverly registering domain names that seem to relate to the purpose of a text, are at it again with these next two text threats. “You have ‘1’ paid item in your chopping cart,” said this random text from 312-339-1227.  You are asked to click a link to “item is in waiting .com”  This short-sentence-disguised-as-a-domain-name was registered in France at the end of March. ‘Nuf said. Delete!

    And, from 929-614-2581, we have a text telling you that your Dyson vacuum will be delivered if only you paid the “unsettled balance of $1.75 to carry on.”  How lovely. We’re asked to click a link to makeachoicee[.]com.  We encourage readers to make the right choicee… Do NOT click! And never text back “stop” or “who is this” to these criminals because it will only encourage them to send you more malicious texts!

      Until next week, surf safely!

      Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
      have subscribed to it via Scamadviser.com or thedailyscam.com

      Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

      Contact Webmaster