Select Page
Weekly Alert  |  May 24, 2023

Photos & Voice Messages are Used to Target You There is a commonly used tool in the cybercriminal toolbox that’s been very effective at manipulating YOUR clicking behavior for years! It’s a direct message (DM), email, or text referring to photos, videos or voice messages for you or about you. We’ve written about these threats before, including the Top Story of our March 30, 2022 newsletter. It included the screenshot below that was a DM to lots of Facebook members. Apparently, when people are led to believe that a video, photo or voice message is for them or includes them, it is a very persuasive method to manipulate them. We’ve seen a recent increase in this manipulative strategy. Would YOU fall for these tricks?  Let’s take a look….

(To learn the details about this malicious DM above, visit our March 30, 2022 newsletter.)

One of our readers last week sent us this email he had received from Amanda. But the man told us that he didn’t know anyone by the name of Amanda and he recognized several things about this email that strongly suggested it was a threat! Imagine that you had received this email and Amanda said “Hopefully you still remember them – probably I should have forward them way sooner – these 5 pictures.”  Would that make you curious? What five photos? Might you have clicked?

However, the warning signs in this fraudulent email are SCREAMING out to us DO NOT CLICK! This email was sent from a server in India. (Notice the “.in” at the very end of the email address. “.in” = India) The link in the email clearly contains a crap domain that makes no sense and is unrecognizable. (ssoscw[.]com) This fact led us to look up that domain in our favorite WHOIS tool and discovered that it was registered just hours earlier in Iceland using the service called Namecheap. This fact is all the proof we need to know this link is 100% malicious! (By the way, Namecheap, though a “legitimate” seller of domain names, has a HORRIBLE reputation of turning a blind eye and selling domain names by the hundreds of thousands to cybercriminals!)

In April we learned about a threat repeatedly targeting a small group of parents whose children attend the same fifth grade class at a school. The parents were receiving emails that appeared to come from a former employee of the school, named Kacey. This threat occurred again in May. Look at the content from two of these emails sent in April. ALL of these manipulative emails use photos as the behavioral engineering trick to elicit a click. The links in all of these emails have been 100% malicious, of course and the email addresses were never that of the real person named Kacey. It is extremely important to be able to recognize 2-letter country codes in an email address and identify the countries they represent. A 2-letter country code is ALWAYS found at the very end of an email address, if it is present at all. Below you can see that Kacey’s email addresses are ending in “.ar” and “.cl.”  Wikipedia has an excellent “decoding table” of 2-letter country codes. If you find and click the 2-letter code you are searching for in the Wikipedia decoding table, you’ll immediately discover the countries. “.ar” is Argentina and “.cl” is Chile!

Another very manipulative trick cybercriminals routinely use to engineer a click is to tell the recipient that she/he has a voice mail message waiting for them. Check out this recent email sent to us by a reader. The email appears to have been sent by a legitimate company but the text in the name field says “Voice Mail System From [NAME REDACTED].” The recipient was provided a link to listen to his voice message. Thankfully, he too, can recognize fraudulent emails!  Mousing over the link showed that it pointed to another crap domain called urlzs[.]com. Virustotal.com tells us that 5 online security services identified that link as a threat!

Videos? Photos? Voice messages? How vulnerable are you to being manipulated into clicking a malicious link? If not you, what about other family members? For example, we think most teens would immediately click this type of fraudulent link if they received it in a social media DM and telling them they are in a particular photo. The same may also be true for seniors who are not aware of these threats. Do yourself, and your family a favor…. Show them this article and ask them about their experiences with these manipulative hand grenades that land in their inboxes, phones and social media accounts. 

Phishing Scams of the Week Phishing scams of the week: GroupMe iPad giveaway, Costco, Walmart, and Tinder. Can you spot all these scams? Protect yourself with this FREE, all-in-one tool.

Where Your Donation Counts The Least, Targeted by a Relative, and a Remarkable Piece of Fiction —

Every once in a while we’ve written about legitimate companies using sleazy techniques that, in our opinion, are completely 100% like scams and fraud. (Check out our January 4 article titled How Legitimate Companies Can Scam You.) We recently read an outstanding article published recently in the New York Times called How to Raise $89 Million in Small Donations, and Make It Disappear. This article details deception on a scale that most people would never believe! Would you donate money to a good cause if you knew that 90% of your donation was spent on the company soliciting you and only 10% was given to the actual cause of the donation? Of course, that is a rhetorical question! No one would make such donation! 

The NY Times article details this deception, including the use of overseas call centers that can click on AI responses to make it sound like YOU are speaking to a New Yorker, or someone from Wisconsin based on the AI voice selected and your location. These questionable fund-raising organizations included the “American Police Officers Alliance” and “American Veterans Honor Fund.”  One former treasurer of the American Veterans Honor Fund who was dismissed after questioning expenditures told the NY Times that he warns people not to “donate over the phone” to any organization calling you. Ironically, while writing this draft on Saturday morning, May 20, Doug received a phone call and the called ID showed his home town. When he answered he heard the voice of a local man saying that he was calling for a Police Charity organization! But the number the call came from was NOT a local area code. It was 339-345-2909. NoMoRobo.com informs us that this number has been identified as a fake police charity. (Amazing timing, right?)

Before we make donations to charities, we always visit CharityNavigator.org to see how well the charity is rated, including what percent of our donation will go to the cause we wish to donate to, rather than the pockets of the people collecting the money. We recommend you do the same thing!

Earlier in May we heard from a woman (we’ll call her “Cecilia”) who was targeted by a relative, or so it seemed. The relative, named Rebecca, first contacted Cecilia through Rebecca’s known and legitimate email account that Cecilia recognized. Rebecca asked if Cecilia had an Amazon account.  HOWEVER, after Cecilia responded with a “yes,” Cecilia noticed that Rebecca’s follow-up email did NOT come from the same expected email account. Instead, Rebecca replied from a nearly identically named email account at Yahoo! “Rebecca’s” second email, and the fact that it came from an unfamiliar account identified it as a fraud! Cecilia notified the REAL Rebecca that her personal email account had been compromised. Check out what “Rebecca” asked Cecilia to do….

Do you enjoy reading great fictional love stories?  Even if you don’t, you MUST read this amazing email below that Irina sent to our friend Rob. Irina first contacted Rob around April 11, (1 month before this email was sent) saying that she is a 33 year old Elementary School English teacher of 5th and 6th graders in Kazakhstan. After meeting over email, they’ve exchanged about 20-25 more emails but that’s it!. No video chat, no voice phone call. Now, look how far they’ve come! We’re speechless! (NOTE: To maintain our standard to keep our content readable by people of all ages, we’ve removed several sentences from Irina’s email due to the very graphic description they contained.)

Date: Thu, May 11, 2023 at 4:15 AM

Subject: My dream today is for you..

Hi my Rob! I’m glad to receive your new letter and it’s like I haven’t read your letters for several days. You can’t imagine how happy it is to see your letter. I want to hug you as soon as possible, kiss you and have you whisper to me – I’m so glad that you’re finally here. I hope we’ll have a great time when we’re together. This morning, before going to work, I went to the agency to find out if I had brought all the documents. I have a few copies of my passport left to bring, so tomorrow I will have to return to the agency again in the morning and after that I will have a visa interview. I will pray that everything goes well and I get all the documents without any problems.

I had a dream about you today and it was an unusual dream. I hope we can talk openly and you won’t judge me harshly for my words. I dreamed that you were visiting me, it was a warm summer evening outside and we were walking around some beautiful city. We walk through the streets at night, looking at the stars, which are poorly visible because of the street lights. You saw a high-rise building and offered to climb to the roof, and I agreed to this adventure. You pulled my hand and we went to the nearest high-rise building to check if the entrance was open. The door was open and we were very lucky. You pull my hand, we go into the entrance and take the elevator to the top floor and tell me: “Look, the door is not locked, the lock is hanging, but it is not closed” . We quietly opened the door and went up to the roof. And here they are, the stars… I go to the edge of the roof, you grab my hand worrying about me. Houses are visible below, lights are still on in some of them,

some people are not sleeping. And the cars from this height are so small. At this time, you wrap your arms around me and press against my back. You are nearby, the stars, the night air. And nothing else is needed!! I turn around to you, trying to see you, but it’s dark and only the shine of your eyes is visible. My face came close to your neck, I inhaled your scent mixed with the night air. You grabbed me sharply by the waist and hugged me hard. You covered my lips with your kiss. With her soft and tender lips. Now I begin to kiss you passionately, my arms wrap around your neck. Your hands… [CONTENT REMOVED]. At this interesting moment, my sleep was interrupted by the alarm clock, but I woke up so happy.

This is one of the first photos that Irina sent to Rob in April. By the way, did we tell you that Rob is in his 60’s?

We’re happy to report that James Greening at FakeWebsiteBuster.com has published an article that helps guide people who’ve lost money to scams how they might be able to get their money back! Check out his article if you or someone you know has been victimized.

Featured Advertiser – Incogni

Data brokers make money off your personal information every day.

They buy your data – SSNs, DOB, home addresses, health information, contact details – and sell it to the highest bidder

  • Incogni is a personal data removal service that scrubs your personal information from the web
  • It contacts and follows up with data brokers all over the world on your behalf. For an individual to do that, it can take hundreds of hours
  • With Incogni, you can kick back and worry less about identity theft, health insurers raising your rates based on info from data brokers, robo calls, scammers taking out loans in your name, and all the other terrible things bad actors do with personal data

Amazon Phishing Scams, Geek Squad in Russia and McAfee Mimics Your payment for Amazon Prime has been declined, says this email from a crazy, nonsensical, crap domain! It sure as heck didn’t come from amazon.com! If you mouse-over the link in this phish, you’ll see that it points to a website in Columbia (“.co”) called osini[.]co. Hmmmmm….that doesn’t sound like Amazon to us!

Amazon members are heavily targeted by phishermen. What a surprise! Check out this next phish pretending to be from Amazon. This time you’re sent an invoice from a personal Gmail account and it’s made to look like it’s from Amazon. The invoice contains a scammer’s phone number to call in case you didn’t order that $931 Apple iPhone, being sent to the wrong address in Florida!  If you feel inclined to fight back, we invite you to purchase an air horn, such as this personal safety horn for $14 (How appropriate is that name!), cover your ears to protect them and then call back the phone number found in these fake phishing emails you receive. When the scammer comes on the phone, set off the horn into the phone, and then hang up! Sit back, smile and be proud for hitting back against these scumbags!

Isn’t it nice to see that Russia is helping to keep us all safe? At least that’s what this email implies! The email came from a server located in Russia. (“.ru”) It tells that our GeekSquad subscription for 2 devices has renewed for the price of nearly $400. But wait, you didn’t place that order? Oh no…. Reach for your new Safety Air Horn and your protective headphones, then call these scammers at 810-215-8425 and let ‘em have it!

And while you’ve got your new Air Horn handy, call these phishing scumbags pretending to be from McAfee and let them hear from you as well! This smelly phish came from a Comcast email account, not any legitimate business. So, grab your air horn and have at it! Call 833-687-1975.

Answer & Win Malware! Many of our readers have had their email inboxes flooded with malicious clickbait that reuses the same design, over and over. It claims that you’ve been invited to participate in a survey and win a prize at a well-known hardware store. These emails have most frequently pretended to be from Ace Hardware, Harbor Freight, and Home Depot. Trust us when we say you haven’t won anything, other than a malware infection, followed by a nightmare of costly circumstances! The sample screenshot below actually shows that it came from a University email account in Brazil! (“.br”) The link in this clickbait misuses the link-shortening service offered by Twitter. (t.co) Step away from this ledge!

Fixing a Chromebook Hack — We were recently contacted by a young woman who owned a Chromebook. She told us that for the past week she had periodically been getting pop-ups on her Chromebook telling her that her Google account had been stolen and scammers had stolen her passwords and data. She knew this was a fraud and that it was INTENDED to steal her login information, but she didn’t know how it started or how to get rid of it. We consulted with an expert and here’s what he said….

The popup is most likely caused by the installation of a malicious extension when the young woman visited a hacked website. To remove a suspicious extension from a Chromebook, try these steps…

  1. Open your Chromebook and click the 3 vertical dots in the upper right corner of the screen
  2. Mouse down to “More tools”
  3. Mouse over and click the word “Extensions”

  1. Once you have your Extensions open look for oddball extensions or extensions you know you’ve never installed.
  2. On the extension you want to remove, click Remove. Confirm by clicking Remove.
  3. Restart your Chromebook, visit the extension section again and confirm that it is gone.

If the steps above do not solve the pop-up problem, or you find NO suspicious extensions, try this next….

  1. Open Chrome and click on the three dots in the upper right corner.
  2. Go to Settings >> Advanced >> Reset and clean up.
  3. Click on “clean up computer” and select “Find harmful software”
  4. If any malicious programs are found, remove them.

Amazon Texts & Shipping Problems — Check out this text a reader sent to us. It came from an bogus email account that starts with the name talangair936.  Apparently, Mr. Talangair thinks your Amazon account has been flagged and he’s sent you a supposed “pdf” file as a result. Don’t believe this for a moment! This didn’t come from Amazon and anyone who tries to send you a supposed pdf file as a result is a liar! (Also, the pdf file name is messed up in this text, which is another reason to be suspicious.)

Our friend Rob told us last week that he had been getting a few more spam texts to his phone than usual. Here’s one of them saying that a shipment was unable to reach him. Poor Rob. But that’s OK. He can reschedule delivery of his package by clicking on the malicious link to adomain called swipepages[.]net, and NOT the “UPS Depot.” (We never knew that the United Postal Service had a “depot” anyway.)

And Doug received this real beauty of a text from dsixsfe[.]beauty. Unfortunately, his package also can’t be delivered and he’s been asked to click a link to a great ups store at grtups[.]cc. (“.cc” means this website is hosted in the Cocos Islands!)  Ahhhhh….. No thanks, he’s going to let that package rot in the warehouse.

Until next week, surf safely!

Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com

Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

Contact Webmaster