Select Page

We would love to hear your feedback

THE DAILY SCAM NEWSLETTER  |  MAY 8, 2024

Co-Founder/Content: Doug Fodeman  |  Co-Founder/Creative: David Deutsch  |  V04N13

Celebrating Scammer Stupidity!

Scammers come in all sizes, shapes and abilities. That means that some scammers are brainless blockheads who are clearly dumb as doornails. We wanted to take a moment to put a smile on your face by sharing their dunderheaded efforts to scam people. We hope you’ll agree that the creators of these scams are as sharp as  marbles. We could say that they are “a few fries short of a happy meal,” “one sandwich short of a picnic” or a “few cards short of a full deck.” However, we’ll let you come up with your own assessments. (We’re grateful to our friend and professional scambaiter, Rob, for sending us these laughable interactions.)

Early in January, Rob randomly received the bogus email below from someone claiming to represent Allied Irish Banks (AIB), a real Bank of Ireland. However, the real AIB uses the domain AIB.ie. The email he received was sent from a free Gmail account called “Anytime Contact AIB.” (How appropriate!)  Apparently, Allied Irish Banks (AIB) was contacting Rob regarding the inheritance due to him from a distant deceased relative. So sad, right? But not too sad after Rob was informed that the unnamed distant relative had left Rob more than $149 Million dollars! This surprisingly stupid email contained TEN English errors, by our count. Also, the email “To” field is empty. That means that this email was sent using the “BCC” (Blind Carbon Copy) field. Using the BCC field to send an email by scammers always means that this hysterical email was sent to lots of people at the same time.

What makes this scammer’s effort even funnier concerns one of the attached files he sent to Rob. Attached to the AIB email were two pdf forms. The “Notification fo Customer’s Death” pdf appears to be legitimate and is available as an easy download from the real AIB’s bank website:

https://aib.ie/content/dam/aib/personal/docs/help-and-guidance/deceased/notification-of-customers-death.pdf

However, the other pdf document, called the “Indemnity Form” appears to have been created and/or modified by someone named Asika Chinedu in July, 2022.

This information was found in the behind-the-scene information that can be found if you know where to look in a pdf file.  According to multiple sources found through a Google search, the name Asika Chinedu is a Nigerian name!  Big surprise, right? In the Igbo language, which is primarily spoken in Southern Nigeria (according to multiple sources found via Google), the name “chinedu” means God leads or God is leading.  If we close our eyes, and imagine the Dubliners singing “Molly Malone” we can almost imagine “Asika Chinedu” sounding like an Irish name.

Sometimes, scammers need to weave a deeply moving story in their sincere effort to separate you from your money. We’ve given out awards for some of these fictional stories. (In our 13+ year history, we have given out a John Newbery National Hugo Pulitzer Scam Email Award only five times! The last one was reported in our May 4, 2022 newsletter and awarded to Mrs. Melinda Boateng for her dramatically written piece called “Wicked Conspiracy.”) Below is another contender that deserves reading! The email was sent to Rob from Behrooz Zolfaghar, a self-described “senior citizen of the United States of America(USA).” Mr. Zolfaghar claims to be a “committed Christian,” although we have doubts about this claim because he later spells God with a lower case “g” even though he later tells you to “Have a Happy Life” using caps incorrectly. How can he place his wish for you to have a happy life before his commitment to God?!

Behrooz asked Rob to contact Gary Savage, a “Principal Financial Advisor” of CAPTRUST. The email provided for Mr. Savage clearly shows his business domain as globalsdfa.org and NOT captrust.com, a REAL financial service in Boston, Massachusetts. For us, such an oversight is critically important and deserves attention. And, of course, what we discovered about this fraud puts a big smile on our collective faces!

Finally, we wanted to celebrate an amazing scam that Rob sent to us at the end of April. It was so incredible that we voted it as the winner of the Most Lame Stupid Scam Award! This email came from Mr. Christopher Wray, Director of the FBI, according to the sender. It must be real because “Mr. Christopher” included a photo of himself and a photo of his FBI ID.  And, you know, you can always trust a photo that someone sends you online, right? Rob is a very lucky man because, according to the FBI Director, he is being awarded a “competition fund” (Seriously?) for the amount of $70.5 Billion dollars!  That’s right, $70.5 Billion dollars! (According to WorldMeters.info, that’s more money than the Gross Domestic Product produced by about 100 countries in the world in a year!)

We’re also happy to let you know that there was a runner-up for the Most Lame Stupid Scam Award. It is also below and it came from Mr. Tom Kaloza, CEO of Winston Oil Company. But rather than use his company email from the domain winstonoil.com, Mr. Kaloza contacted Rob via a free Yahoo email account called Tom_Kloza.oilcompany.  Mr. Kaloza wants to hire Rob to work for his company. What a nice surprise, especially since Rob was NOT looking for employment! However, tipping this crazy email OFF THE CHARTS, was that Mr. Kaloza told Rob that he will pay him $150,000 EVERY MONTH, plus a $100,000.00 bonus if he agrees to come on board! WOW!  We certainly value Rob’s expertise and assistance, but the most we can pay him is  a lunch date or a drink at a bar. We’ve advised him to accept Mr. Kloza’s offer.  (By the way, to prove that Mr. Kloza is whom he claims to be, he’s attached 3 photos of his business. Pictures don’t lie, right?)

Elder Fraud Report, Fake Banks, Personal Data Leaks and More

Last week the FBI’s IC3.gov website released their 2023 Elder Fraud Report.  The data presented is terribly sad to read about. For example, the average dollar loss by more than 100,000 seniors (age 60 or older) who reported fraud to the FBI was almost $40,000 per report! The total loss of those reporting in 2023 was more than $3.4 Billion dollars, an 11% increase over 2022!  Far ahead as the #1 type of fraud successfully targeting seniors is the “tech support fraud” that we hear about over and over again.  The report also shows that seniors located in California, Florida and Texas were the top 3 states to report being victimized. (In that order.) If you have seniors in your family, we strongly recommend that you share our newsletter with them. Ask them if they want to sign up and receive it themselves by visiting our sign up page. And most importantly, teach them WHY they should never answer phone calls from numbers that are not on their contact list and that CallerID cannot be trusted anymore!

Clearly, scammers are low-life, scum opportunists. They don’t care who they target or how much pain they cause. That’s why the FTC has put out a warning to Americans about how to tell if aid regarding the recent spate of hurricanes is a scam or legitimate request.  Check out: https://consumer.ftc.gov/consumer-alerts/2024/04/spot-scammers-looking-profit-midwest-tornadoes

Last week we reported on a fake specialty liquor store’s website used to scam consumers. Rob informed us of a fake bank used by 419 scammers called Faestak Bank at faestak[.]com. This bogus bank was registered less than 3 months before he reported it to us. It was registered through a service in Turkey and is hosted on a server in Helsinki, Finland.  What makes this fraud hysterical is the fact that they report having a thousand bank branches and more than 143 BILLION DOLLARS deposited in less than 3 months!

Seriously though, if people don’t take the time and effort to verify a business, or know HOW to verify a business, it is easy to understand why they might believe in this fraud.  Using information on this fake bank’s website, we were able to locate another five fake banks! (For example, both Availance Trust Capital Bank using domain online.atcbk[.]com and Morgan Crest Bank using domain morgan-crest[.]com are phony-baloney.)  The Faestak[.]com fake bank website claims to offer loans for approval in one day.  Just enter your personal information…

According to this article on CNN, nearly a third of all Americans might have had personal data stolen during a ransomware attack against UnitedHealth Group this past February.  According to the article, it may take months for UnitedHealth Group to determine exactly what information was stolen, and to notify consumers.  https://www.cnn.com/2024/05/01/politics/data-stolen-healthcare-hack/index.html

Do you use the password manager application called LastPass?  Well, heads up…. Lots of LastPass users were spearphished by scammers to reveal their master password through the use of a malicious mimic domain called help-lastpass[.]com.  You can read more about this fraud here in TechReport….

https://techreport.com/news/lastpass-phishing-scam-master-passwords-breached/

Kudos to “Jazz Emu” for creating this awesome “email funk opera” based on scam emails he received! We loved it! Also, we recommend that you check out this great Podcast by “Search Engine” titled “Who’s behind these scammy text messages that we’ve all been getting?” It was released on March 8, 2024. An investigative reporter explains what happened when he knowingly began a friendship with a pig-butchering scammer after receiving a random text from the woman. This was followed by visiting her country and investigating the cybercrminal group behind this fraud.

Fraudulent texts pretending to be from state Toll Services continue to pour in!  Now it is the EZ Pass toll system warning consumers. Check out this article on ConsumerAffairs.com:

https://www.consumeraffairs.com/news/drive-on-a-toll-road-or-a-bridge-scammers-are-looking-for-you-050224.html

Also, Chase Bank has a worthwhile resource page on how to spot fraud/scams:

https://www.chase.com/digital/resources/privacy-security/security/how-to-spot-scams#fakelisting

And finally this week, we wanted to show you a very legitimate email sent by JetBlue, point out several critically important points why this email is legitimate, and not just another piece of malicious clickbait!

  1. The email was actually sent from the domain jetblue.com! Within the < > symbols you can see that the email was sent from “email.jetblue.com.” Text that appears before the < > symbols is meaningless, as is text that appears in front of the @ symbol! Within the important domain information is “email.jetblue.com.” The use of “email” is a subdomain and is separated from the fully qualified domain name (FQDN), jetblue.com, by a period, as it should be.  All good! 

  2. Mousing over the links in this email show that they all point to a secure link (“https” s=secure) that also points to “email.jetblue.com.” The subdomain “email” isn’t important. What IS IMPORTANT is that the FQDN (jetblue.com) appears up against the first single forward slash of a link

  3. It’s important to mention that this email also contained the TrueBlue ID number of the recipient. (We blurred it out in the upper right corner.)

Finally, it’s worth mentioning that only the BUTTONS were clickable and linked in this email. The text in the white space, and the white space itself, WERE NOT clickable! Nor should they be. However, cybercriminals turn text and lots of white space in an email into a clickable graphic. Last November, we published a top story called “Fear the White Space” pointing out how some cybercriminal gangs incorporate white space, and text that shouldn’t be clickable, to malicious links.

Remember to check out our monthly Podcast series in our partnership with SecureWon!  New episodes are released on the 15th of the month!  Visit: https://www.securewon.com/resources/podcasts/

New Share File Received and Online Storage Docs

One of our longtime readers, an accountant, forwarded this rotten phish that dropped into his work email inbox. It came from an odd Verizon.com account but claims to be from Sharefile.com.  If you look closely, you’ll notice that the sender misspelled the business name that supposedly used ShareFile to send this file. “Sharefile By Athem” when it should be “Anthem.”  When the recipient moused over “View Your Message” he immediately noticed that the link pointed to Twitter’s (X) link-shortening service, t.co.   When we unshortened that Twitter (X) link, we saw that you’ll be redirectly to a very newly registered construction website called eoconstruction[.]com.  Check out the phishing webpage found at that construction website…

Another long-time reader sent us this nasty phish that came from a server in Japan. She wasn’t expecting an email from Japan!  It asked her to “please open the scanned attachment” and then named her company’s business.  The attached pdf file simply contained another link. But this link pointed to a marketing email service for “MaineHeatingSolutions.” We discovered that this link will forward anyone who clicks it to another website called naturalelementsagro[.]com, which has been identified as a phishing site!  Now lunge for the delete key!

Xero.com is an accounting software service. But just because you get an invoice from them doesn’t mean that it is legitimate! Check out this fake email and invoice. Notice that it doesn’t hold a shred of information that identifies the recipient in any way.  The recipients email was hidden in the BCC field! Unlike most phishing scams, this one contained two bogus phone numbers.  Time to delete!

Remember to report your smelly phish to us and Google! https://safebrowsing.google.com/safebrowsing/report_phish/

CVS Survey and Natural Pain Relief

A malicious staple frequently used by cybercriminal gangs is to send out emails disguised as well-known companies and offer money in exchange for a survey on behalf of the company. We’ve seen this fraud used thousands of times in the last ten years. Here’s a reminder. This malicious email claims to represent the drugstore chain CVS and offers $50 in exchange for a 30-second survey. Nothing could be further from the truth! Look carefully at the sender’s domain following the @ symbol and withing the < > symbols. This email came from the domain violetobservation[.]com, and not from cvs.com! The links in this email point to a silly-named website called jackpotoutages[.]com but that’s not your final destination!  Jack’s Pot Outages will forward you to a long numerical domain name where malware likely awaits. Deeeeeleeeete!

Often, cybercriminals create malicious clickbait that is disguised as health-related information, such as this email about “Nature’s Morphine” for dealing with pain. EXERCISE EXTREME CAUTION when opening such randomly-received emails! This one came from a server in France, which makes no sense to the American who received it.  ALL of the white space and text was clickable, a sure sign of malicious intentions! The links in this clickbait point to a website called journeytripper[.]com.  Trust us when we say…. If you clicked this link you would absolutely need morphine to deal with the pain your click would cause! You know what to do!

My Malicious Spam Cup Runneth Over!

Yikes! One of our honeypot email accounts is suddenly getting overwhelmed by malicious spam!  Fortunately, Gmail is skilled enough to throw more than 99% into the spam folder. Perhaps 1 in 150 drop into the honeypot inbox. In the last week, the spam folder has filled up with more than 600 of these emails.  This screenshot of a small section of the inbox should give you an idea of some of the tricks scammers use to target us all!  Enjoy….

We Offer Great Remote Jobs!

Lots of people don’t understand how a job offer can be a scam.  In most instances, it is a form of advance check scam in which the victim is tricked into depositing a sizeable check that appears to be very legitimate. The victim is instructed to use most of it to pay for the items needed to start the new job (ie. computer, software, tablet, etc.) and to keep several hundred as a starting bonus or first week’s pay. The problem is that you deposit a well-crafted phony check that will bounce in 5-7 business days (or longer!) and you then wire $2000 – $3000 of your real money to the new employers “vendor” to purchase the equipment before the check bounces. The Vendor is also the scammer!  Check out this job offer that arrived unsolicited via text onto one man’s phone. REAL EMPLOYERS DO NOT DO THIS!

Until next week, surf safely!

Copyright © 2024 The Daily Scam. All rights reserved.
You are receiving this email because you have subscribed to thedailyscam.com

Marblehead, MA 01945

Contact Webmaster