Gourmet Food, Gambling, Phishing & Skin Products Have in Common? — We have a crazy story to tell that, in our opinion, exemplifies why the Internet favors criminals over the public. This story began on May 24 when one of our readers forwarded an obvious phishing email to us he received from a website called StrawPropellerGourmetFoods[.]com. This email claimed to be a bitcoin purchase made through his PayPal account. This scam email was lame because the email also claimed that he had paid with his Visa card ending in “x-XXXX.” If the recipient had a problem with his purchase, he was invited to call PayPal at 866-944-3815. (This is not the phone number for PayPal, of course.) But we were really interested in the senders website StrawPropellerGourmetFoods[.]com and started to investigate it. That’s where we fell into a rabbit hole and landed somewhere in a Wonderland of sketchy content that made NO SENSE AT ALL! Join us and be prepared for some surprises.
We easily found the email address for one of the owners of the gourmet food business, a woman named Patricia. She also owned the domain strawpropellergourmetfoods[.]com, but when we emailed her, we received a bounce-back saying that her email no longer existed. Hmmmmm. We then conducted a deeper Google search for this gourmet food website to see what Google might tells us. There were LOTS of links about this business and it’s delicious food, but those links were from 2020 and earlier. However, when we looked closely at Google’s listing for the actual website strawpropellergourmetfoods[.]com, we couldn’t help but notice two site references for Casino Gambling! We followed this by pointing Screenshotmachine to strawpropellergourmetfoods[.]com, just in case the site had been hacked and was hosting malware. We discovered that this gourmet food website, in business since 2011, now suddenly seemed to have advice about casino gambling AND a “skin tightening and lifting device!” We were now CONVINCED that this website had been hacked and taken over by cybercriminals. And these cybercriminals had also used the email service associated with this domain to send out that original Paypal Bitcoin phishing fraud! Check out a screenshot below of the top portion of their home page!
The domain strawpropellergourmetfoods[.]com was first registered in 2011. What happened to this website and it’s business, and why? Even the online YellowPages.com confirmed that this gourmet food website had been around for years! We noted that this business was physically located in the State of Oregon and visited the business registry website for Oregon. We found Straw Propeller Gourmet Foods (Inc & LLC) and Patricia listed. But, sadly, we also learned that their business had closed its doors in May, 2020 and this “dissolution” had been filed with the State of Oregon. (Were they a victim of the pandemic?) And then we remembered seeing LOTS of posts on their website by someone name Mario starting in May, 2020 and about casino gambling! These and the other recent links (April, 2023) to the “Skin Tightening” device felt like they were abuse of this domain name and the original business that folded in 2020. (More recent screenshots below from their website.)
Keep in mind that this crazy exploration began when one of our readers received a poorly created phishing scam email sent from the domain strawpropellergourmetfoods[.]com. We decided to report this site, and the phishing email to GoDaddy, the original Registrar of the domain strawpropellergourmetfoods[.]com. We sent a detailed email to firstname.lastname@example.org and received a reply a few minutes later saying….
Everything you need to know about your Abuse Report:
This email inbox isn’t monitored. To finish your report, please go to the Abuse Reporting Form.
We’ll review your complaint and process in accordance with our policies, and will contact you only if necessary and at our discretion.
If the Registrar named GoDaddy isn’t monitoring their “email@example.com” email, which can be found in EVERY WHOIS look up for domains registered with them (see screenshot below), WHY DON’T THEY MONITOR IT?
Fine! Whatever! We clicked the link to visit their “Abuse Reporting Form” and landed on a list of choices, none of which fit the circumstances for reporting this website. NOT EVEN the phishing email shared with us fit the circumstances they offered because GoDaddy ONLY offered 2 choices if you selected “Phishing” as the reason for reporting a website! The choices were “I have received an email requesting personal information” – Not true. And “I wish to report a website that is posting as another website.” – Also, not true. There are many variations of phishing scams! We selected the first choice anyway and were then greeted with more questions that didn’t apply, such as this required question… “Please enter a full URL including Protocol, Domain, TLD, and path to content (if there is a path) and please do not modify or sanitize the URL in any way.” We filled out the information as best we could given the circumstances and then when we finally clicked to submit it, GoDaddy gave us an error message and it wasn’t submitted. We tried this twice! No luck.
So we next tried to click on “Other” tab on the “report abuse” page and the choices presented to us were worthless and unrelated! They were about copyright infringement, abuse/harassment, email bounces, domain issues (with YOUR domain, not someone else’s domain. This choice then offered a link to tech support.), invalid WHOIS information and even more obscure issues that didn’t apply. We poked around for 15 minutes trying to find ANYTHING that would fit why we were reporting strawpropellergourmetfoods[.]com to GoDaddy for abuse, starting with a type of phishing email meant to trick someone into calling scammers over the phone, and possible misuse of the website with the sleazy content since the gourmet business folded. NOTHING else on the GoDaddy “Report Abuse” web site fit what we wanted to report. It was frustrating, to say the least. Especially when the choices to report a phishing fraud were SO severely limited and then didn’t work!
Keep in mind that we had already detailed everything in an email sent to firstname.lastname@example.org, only to receive a reply back that this email was not monitored. After about 30 frustrating minutes, we finally gave up. Sadly, we felt that the fraudulent email, likely misuse of a former business website and the ridiculous inability to report this problem to GoDaddy epitomized how the Internet favors criminal behavior and makes it so hard for the public to report online fraud. We don’t often give up on something, but we’re sorry to report that when it came to contacting GoDaddy about this abuse, we did.
Scam Disguised as the Women’s Clothing Site Shein! — Have you seen the latest Shein-based scam? Check out for more details and protect yourself with this FREE, all-in-one tool.
60 Minutes, Financial Hardship Dept., Rest in Peace and more… If any of our readers watch the American Television News Show called “60 MInutes” we hope you saw the piece that aired on May 21 about scammers who use AI to target grandparents. It was eye-opening and also very sad. Some cybercriminals are now using AI to sound like a grandchild, who calls the grandparent to ask for financial help due to a crisis. If you missed the show, here are two related links to watch it online:
Speaking of AI, cybercriminals are using AI more and more in their effort to target the public. One of our readers sent us this voice message below that she received from “Noah” from the “Financial Hardship Department.” The phone number, 336-436-9084, can’t be trace to any business. There is no such department and Noah doesn’t even name a business or agency! This is a well documented scam, easily uncovered if you Google the words “Financial Hardship Department.” However, what surprised us was when we learned that “Noah” is very likely NOT a real person. According to Vice News, the entire message was generated by AI.
Last week’s Top Story was about how photos and voice messages are used to target you. In response, readers sent us more examples, including this lovely email (said dripping in sarcasm) claiming to be from Microsoft and saying “You have an important message.” The link in this clickbait points to a short-named website called mjt[.]lu (hosted in Luxembourg “.lu”) But that website will redirect visitors to a malware trap lying in wait at a website called cooperhunter[.]ge (In the country of Georgia.). After being hit with malware on CooperHunter[.]ge, visitors are then sent on to Google.com, as if nothing happened besides wondering what happened to your 2-minute voice message!
On May 19, a Reddit member who uses the name PurpleNurple555 posted a very interesting scam that had targeted him/her. We’ve heard of this scam before but not in a few years. Here’s what happened…. “My Stepmom got a call from someone who claimed go be a Process Server and stating that I missed a court date. I don’t have any debt/tickets/lawsuits/criminal history? She didn’t give out my number but clearly said she knew me and took down their number for me and it was an 855 number. By the way, my Stepmom lives in a county I haven’t lived in for 8 years so I feel like she would be an unlikely person to reach out to if looking for me? I think its a scam but don’t want to ignore, of course, if it isn’t.”
Yes, this was 100% a scam. The victim is told that he/she has to pay a fine or “settlement” to make this all go away and it can be paid immediately over the phone. But REAL COURTS and Court Officers don’t operate like this. Reddit members were asked for their advice. We’ve gathered a few of the best responses…
From someone who works in the legal field but is not an attorney: If you’re in the US, process servers will try to serve you multiple times (subpoena, complaint issued in the court, etc.). If they don’t reach you, they will sometimes “serve by abode” i.e. leaving it at your place of residence. Process servers usually only “serve” the court documents, and really don’t care about your court date or anything like that (in my experience). The point is that they probably would not call you to let you know you missed a court date as they are busy serving other people.
I’m from Germany and not the US…but if the state or court or my bank or etc want something from me, they normally send a letter and don’t call. I think this is in the US same…and also it is a court. They will get your current address information, if they need to contact you…via mail.
That’s not how process servers work. They stalk you until they can hand you the summons.
We’ve written several times in the past about a couple of schools whose business offices are repeatedly targeted by spear-phishermen pretending to be employees. They create bogus emails in the name of the employee and request a change in their bank account for direct deposit. Both schools have informed us that they NEVER accept an email request for this. The employee must do this in person! That’s SOUND ADVICE for any business or organization. We mention this because, once again, we’ve been shown another attempt that targeted one of these schools last week….
Our friend Rob shared a very funny 419 advance fee scam email with us a couple of weeks ago that should put a smile on your face! The subject line is “REST IN PEACE!” and it claims to come from JPMorgan Chase Bank, but came from a free Gmail account called chasebank188. We weren’t aware that it’s possible to send email to dead people. Enjoy!
Featured Advertiser – Incogni
Data brokers make money off your personal information every day.
They buy your data – SSNs, DOB, home addresses, health information, contact details – and sell it to the highest bidder
- Incogni is a personal data removal service that scrubs your personal information from the web
- It contacts and follows up with data brokers all over the world on your behalf. For an individual to do that, it can take hundreds of hours
- With Incogni, you can kick back and worry less about identity theft, health insurers raising your rates based on info from data brokers, robo calls, scammers taking out loans in your name, and all the other terrible things bad actors do with personal data
You Have a Secure Message, Your Email Will Close and You Have a Voice Message — We imagine that lots of businesses get bogus phishing emails that look like the next couple of emails. We get them nearly EVERY WEEK! ( But at least we enjoy getting them and showing them to our readers!) Some, like the one below, has a feature built into the design that will take whatever email address appears in the malicious link and create a phishing webpage that posts your business domain onto the fake website. This may seem clever, but it also means you can modify the email’s domain to be anything you want. (This coding trick used by these scammer lead us to believe that all of these particular phishing scams all come from the same cybercriminal gang.) Our readers know we always replace our hidden email address found in the link with our favorite made-up domain “Scam-You-Now.” However, we invite you to suggest other email addresses and domain names you would like us to insert instead. For example, like I-Cant-Live-Without-You@MARRY-ME-NOW.com. Please send your suggestions to email@example.com.
Here’s another one of these wonderful phishing threats that will build a unique phishing login page for you based on your email address and domain name. It landed in our inbox and is a “final warning” that “your e-mail will close within 24 hours.” Fortunately, these threats are easy to see through!
Finally, check out this wonderful email that came from a server in Japan (“.jp”) and contains a link pointing to a server in Columbia. (“.co”) It looks like a Comcast voice mail message. The graphic on the actual phishing webpage in Columbia was VERY blurry and lame, as you can see!
Southwest Airlines Gift Card and Free Trump Car Flag! — With summer travel plans now in full gear, it didn’t surprise us to see this malicious clickbait disguised as an email from Southwest Airlines. You DID NOT win a $500 gift card! This email did not come from southwest.com, nor do the links point to it! The links point to the ridiculous domain named LifeTimeHealth[.]shop. This bogus domain was registered in Iceland using Namecheap back in February! Lunge for the delete key!
Here in the US, we’re also gearing up for another Presidential election. (Oh boy.) There are already more than a half-dozen Presidential candidates for the Republican Party. The front-runner, according to many sources, continues to be former President Donald Trump. Therefore, it should come as no surprise that international cybercriminal gangs are using politics to target groups of American voters. Check out this malicious clickbait offer for a free “Trump Car Flag.” The links point to a VERY MALICIOUS website called shiptourists[.]shop. This crap domain was found to be a phishing website AND registered through Namecheap on the same day that the email was sent! Delete! (We’re CERTAIN that this crap domain was registered by the same cybercriminal gang who registered the DOT-shop domain used in the Southwest Airlines clickbait above.)
Remember that Lady, Clear Clustered Emails, and Your Package Delivered — Remember that lady? Do you? That’s what this behavioral engineering trick used to manipulate the clicking behavior of a group of people who know a woman named “Monika.” Except that this is NOT Monika’s email address, we’re told. Of course, the link that “Monika” wants you to click is VERY MALICIOUS!
This next email is too funny NOT to share! We received a “server security alert” from a school in India. Apparently, we have emails pending that can’t be delivered. We’ve been asked to “clear clustered mails!” WOW! We’ve NEVER been asked to do that before!
Just because an email has the logo of the United States Postal Service, it doesn’t mean it came from usps.com! This email actually came from a server in Thailand and was sent to “undisclosed-recipients.” Oh no! Your package will be sent back unless you click this link! The link points to another DOT-shop crap domain which is hosted on a server in Great Britain. But that’s not your final “resting place.” You’ll be redirected to another website called Zincatetumpil[.]com which is malicious. What a surprise. Safe travels!
Take Our Quick Survey — “Steph” with “OR Research” sent a text from 833-293-7969 to one of our readers who DOES NOT live in Oregon. By the way, that polling domain, or-poll[.]net, was registered just hours before this text was sent. Hmmmm…..don’t you think that a polling service would be a little more organized and prepared?
Until next week, surf safely!
Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com
Keurenplein 41, UNIT A6311 | 1069CD Amsterdam, The Netherlands