Weekly Alert  |  May 25, 2022

Recognizing & Honoring the Best…Or is it? On Saturday evening, May 7, at 8:25 PM, an administrative employee of a Middle school in Manchester received an unsigned email that appeared to come from someone named “Arthur West” through the domain SelectedTown[.]com. Apparently, congratulations were in order because the school had just been selected as the “Winner of the 2022 Best of Manchester Awards in the Category of Middle School.”  The email, copied below, shows the details of the award, including a photo showing the award with the school’s name engraved on it. The purpose of the Manchester Award Program is to “support and offer public recognition of the contributions of businesses and organizations in and around Manchester.”  Being the curious fellows we are, we looked into this lovely recognition and discovered many organizations and services across the United States who have received this same award and are displaying it on their websites.  Also, at the end of this story, we’ll share a surprise with you about this significant honor.  So, is this legitimate, or is it a scam?  We’ll break it down and let you decide…

We hope you noticed in Mr. West’s email that “no membership obligation” is expected. But he does ask “each Award recipient to pay the cost of their awards,” whatever that is. When we first clicked the link in this email to visit the award website SelectedTown[.]com, our security software blocked the site and informed us SelectedTown[.]com “might contain malware, phishing, fraud attempt or other forms of criminal content that can infect your computer…” We evaluated the website using other tools and found no identifiable threats. And so we by-passed our security software and landed on the web pages shown below as screenshots. (We entered the Award code sent to the school in order to view their award page.) By the way, we had no problem discovering that the photo of the man in the warehouse of this first screenshot is a stock image used on hundreds of websites across the Internet.  We also did our due-diligence and asked our favorite WHOIS tool about the age and ownership of the domain SelectedTown[.]com.  We learned that this domain was registered in Iceland, using NameCheap, about 5 months earlier, on December 22, 2021. The site was being hosted on a server in Ontario, Canada.

Our long-time readers will know that cybercriminals love to register their domains in Iceland using NameCheap. It is THE MOST USED REGISTRAR, and LOCATION used by cybercriminals, in the world! However, it wouldn’t be fair to pull a “guilty by association” card, just yet.  Is this award legitimate? Is this business, SelectedTown[.]com, legitimate? Remember that our security service blocked this site and gave us a warning.  We checked with two other security services and similarly found warnings that this website was “risky,” including from our good friends at ScamAdviser.com.  

When we searched for the name of this company who gives out these honors, SelectedTown[.]com, (for a fee), we couldn’t find anything about them. Nothing. We think it is important to note that the school that received this recognition and honor, is ONE OF JUST TWO Middle Schools in the town of Manchester. Tough competition, right? We then conducted a reverse image search using the image of that spectacular award being offered to the school and had no problem finding hundreds of other identical images across the Internet, such as…

WrestlingWithCharacter (see bottom of their web page)

The Athletic Center at Hamden Hall School, which claimed this award for 3 consecutive years. (see right side half way down page.)

Texas Premier Youth Sports

Our search results also included a somewhat sarcastic announcement by Anthony B. of the Boston Web Group, informing their clients that they had been recognized by SelectedTown[.]com for this honor.  

So is this a scam? What do you think? Are organizations and businesses simply paying a fee in order to have a “stamped” honor/recognition given to them that has no merit whatsoever? We sure think it is possible. The school that contacted us didn’t bother pursuing their award. We have no idea what the cost of the award would have been, but we can tell you that this award and the awarding company, SelectedTown[.]com is HIGHLY suspicious for many reasons…

  1. Several trusted security services find their website as suspicious or risky. 
  2. Their domain was registered anonymously about 5 months earlier in Iceland, using Namecheap.
  3. Being selected as 1 of only 2 Middle Schools in a small town isn’t such a big honor.
  4. The email and webpage honoring and recognizing the school is so generically written that it could apply to any organization or business.  There isn’t a single personal shred of information in any of it.  
  5. SelectedTown[.]com is a big black hole, without history or information. What proof do they offer that they’ve supported “local business and partnership programs” using the money paid for the awards? They mention NONE. And what makes them such an award-honoring authority?

And now the big surprise about this honorable and lovely recognition…

The school that received this honor above also received TWO IDENTICAL honors back in 2016, just seconds apart! One email came from a website named LocalAwardi[.]com and the other came from System-Award[.]com.  We wrote about that experience as well and published our findings in this article called Dubious Awards. Clicking links in either of those emails redirected people to the same website THAT WILL LOOK VERY FAMILIAR TO YOU but, in 2016 it was called LocalAwardsCenter[.]org. In 2016, the awards cost $150 – $230 each. This means that this sketchy award program has been making money and going on for at least 6 and 1/2 years.

This “recognition and honor” reminds us of a wide variety of vanity scams. According to this excellent article about vanity scams from the Better Business Bureau, vanity scams are a “scheme to capitalize on a company’s excitement for an award that essentially holds no value other than the purpose of making money on the offer.”  These come in many forms and can also be malicious clickbait such as the DANGEROUS email below that was sent to one of our long-time readers just last week.  It claims to have nominated the gentleman into the “Who’s Who in America” directory. But this clickbait came from the domain SagePetsCare[.]com and links point to ZenGameHub[.]info!  That “pet care” domain was registered anonymously in mid-March and is being hosted on a server in France!

If you want to check out many more examples of vanity scams over the last 8 years on our website, visit these former articles:

https://www.thedailyscam.com/recognizing-vanity-scams/

https://www.thedailyscam.com/worldwide-association-of-professionals/

Phish Nets column: June 12, 2019 (pdf file)

Crypto Scams of the Week Cryptocurrencies are certainly getting a lot of attention recently.  Especially as several have lost significant value!  Crypto currencies are also heavily favored by cybercriminals and scammers.  Check out the latest news on Crypto scams by reading this week’s Trend Micro Blog on Scamadviser, titled: Crypto Scams of the Week: Blockchain[.]com, Trust Wallet

James Greening from Scamadviser.com had previously written an excellent article titled “Can Cryptocurrency Be Recovered From Scammers?” about dubious “chargeback” companies that operate legally but provide dubious services such as crypto recovery. Scamadviser is hoping to get real feedback from people who have hired the services of such companies to understand the extent to which these companies are successful in recovering crypto, or if they are just giving false hope.  If you know someone who has used a company to try to recover lost cryptocurrencies, please ask them to contact ScamAdviser at report@scamadviser.com.

More

Baby Formula and Gift Cards We suspect readers from all over the world have heard about the baby formula shortage in the United States after suspected contamination led to a recall of forumua and the shuttering of a large manufacturing plant in Michigan. (On May 19, NPR published this 4 minute podcast report by Scott Horsley for consumers to better understand the reasons behind this shortage.) In the wake of this serious shortage, it shouldn’t surprise anyone that cybercriminals are using it to victimize people again in order to make money. Colleen Tressler, at the Federal Trade Commission, published an article on May 18 about these scams, titled Not Enough Baby Formula Means Plenty of Scammers. Like we always say, before you make any online purchase… VERIFY, VERIFY, VERIFY!

Something else that caught our eyes last week was this photo posted on a Reddit group called “face palm.” Apparently, so many people in the area of this retail store selling gift cards had been manipulated by scammers to purchase gift cards as payment methods to scams that the store posted a hand-written warning sign! If you want to know why scammers often ask for gift cards from their victims, James at Scamadviser breaks it down for you in his recent article Why Do Scammers Ask for Gift Cards?

Unrelated but important, we want to remind readers to sometimes be skeptical of emails from people they know, as well as calls from Police associations who are trying to raise money.  Periodically, we get malicious clickbait from people we know through their real email accounts or spoofed accounts. When we ask the person if they had sent that email, the response is always “my account got hacked.” Think about it… you are more likely to trust a link coming from someone you know than a stranger.  Check out this email to Doug at TDS. It came through a server in India. The link may SAY “google.com” but a mouseover reveals a shortened link through bit.ly.

We saw a post recently from the Salem, Massachusetts Police Department responding to many questions from residents about phone calls claiming to represent the Salem Police and soliciting for donations.  One man said that his elderly mother fell for the scam and even gave the scammer her bank account information to make a withdrawal! Police departments are funded by state and local governments. They DO NOT solicit money from residents!  The scammers contacting Salem residents said they represented the “Police Defense Committee.” 

Netflix and AOL According to our first rotten phish, your Netflix account is locked until you update your payment details!  Yikes! But this email didn’t come from netflix.com, it came from teksom[.]net and links point to Twitter’s link-shortening service. Sucuri.net tells us this link will redirect people to a crazy-domain called AprilEnd-225742[.]info which was registered on April 26th, about 3 weeks earlier. Deeeeleeeete!

We have two nasty phish with sharp teeth targeting AOL users.  Both oddball emails confuse AOL with Yahoo. What’s up with that?  The first points to a website that was registered in India and claims that there was an attempt to log into your account.  The second is just plain old stupid and asks you to update your mailbox to a newer version.  The only clever thing about phish #2 is the fact that it appears to have come from an AOL account, but not certainly not AOL account support!   They’re both trash!  Delete!

Seller Targeted on Craigslist Someone we know decided to sell a small wooden table and 4 chairs for $175. Like many people selling used items, they posted it on Craigslist. Within hours they were contacted by someone named Zachery Carter who claimed to be interested in the set. However, Mr. Carter’s email set off so many red flags to our friend that she contacted us to ask if we thought this could be a scam.  Hell yes! Let’s break it down for you…

  1. Mr. Carter claims to be “out of town” and unable to pick up or even see the item for sale.
  2. DESPITE being out of town and seeing only a photo of it on Craig’s List, Mr. Carter asks if he can send a “cashier’s check” to the owner, INCLUDING an extra $50 to hold it for him! (Just to be clear, that extra $50 represents a payment that is 29% more than the asking price!  People, we’re not talking about buying a home in today’s market! It’s just a used table and chairs.)

So what’s the scam? Scammers will often “accidentally” overpay for items and then ask the recipient to deposit the check and wire the overage back to the scammer. Of course, the check will bounce, sometimes taking 5-7 business days before it bounces because the fake check is so well crafted. Some bogus checks even use real account information stolen from a business or person. However, the money you’ll have wired to the scammer will be unreturnable and untraceable.

A few hours later, we heard from the woman again! This time she received a communication over Instagram (where she also posted the table and chairs). A man named “Shabzy Marney” said he was interested in the set and asked if it was still available. Once again, the woman spotted some “red flags” that made her feel that this was another scammer.  For example…

  1. Mr. Marney’s Instagram account had ZERO posts and just 28 followers.
  2. Mr. Marney’s Instagram account also has another name listed below his: Johnson Mavies.
  3. Mr. Marney said he would take it after asking only 1 question and not seeing any more pictures of it or seeing it in person.
  4. Mr. Marney offered to pay for it in advance “while my brother come over to pick it up tomorrow evening by 5;00.” 

PAYING FOR ANYTHING IN ADVANCE IS A MAJOR RED FLAG! The woman asked us how this could possibly be a scam if Mr. Marney offered to pay her via Zelle or Venmo?  Scammers have learned that they can use stolen credit cards or other stolen information to make a payment to someone for MORE than the cost of the item.  The scammer then claims it was a mistake and ask that they refund the money. But what they don’t know is that the scammer also files a claim against the person with Zelle or Venmo and requests a refund.  The money is refunded to an account the scammers control and empty.  It’s a crazy scam but WCVB.com in Boston documented it quite well when it hit a woman selling a mirror for $30 and was offered a payment via Venmo. The scammer sent the woman $900 instead of $30! Also, scammers sometimes use a stolen credit card or other stolen account information. When they ask for a refund, the money you send goes back to a different account.

Also, did you know that according to Venmo’s User Agreement, you CANNOT use Venmo to accept payment for merchandise that you sell!  Other scams have happened when the scammer pays for merchandise that is shipped.  Then the scammer reports the sale to Venmo and the transaction is reversed because it violates the Agreement, but the seller has already shipped the item!  These and other scams perpetrated over Zelle and Venmo are reported in these articles:

https://help.venmo.com/hc/en-us/articles/360048404533-Common-Scams-on-Venmo

https://us.norton.com/internetsecurity-online-scams-venmo-scams.html

BOTTOM LINE: We told the woman to accept CASH ONLY in hand for her table and chairs.  After telling Mr. Marney that this was a cash only transaction, she never heard from him again!

Someone Tried to Log Into Your Facebook Account – One of our readers sent us this very malicious email claiming that someone had tried to log into her Facebook account through a new device.  She was asked to report this event if it wasn’t her.  But this email came from candination[.]com and the links pointed to centernatively[.]com!  That certainly isn’t Facebook.com!  We have reason to believe that the link led to a malware site because of the redirect associated with it.  In any case, we know it isn’t safe to click! Step away from that ledge!

Lose Weight / Burn Weight –During the last few months, one of our readers has been receiving LOTS of bogus texts from oddball email accounts, all addressing her by first name and telling her she can lose or burn weight. 33 to 50 pounds! She thinks these are especially odd because, she tells us, she doesn’t need to lose weight.  Her weight is healthy. However, we told her that each of these texts contain malicious links pointing to malware and NOT to CLICK! Here are 4 of about a dozen malicious texts she’s received. We’re certain that they are all coming from the same cybercriminals.  Also, most of these malicious texts are delivered at about 6:20 am. 

    Until next week, surf safely!

    Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
    have subscribed to it via Scamadviser.com or thedailyscam.com

    Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

    Contact Webmaster