Stolen Identity? 33+ IDENTICAL Photos with Different Names — A few days ago, our friend Rob told us about a scam email he received, encouraging him to invest money through a website called Global-Trades[.]world. This investment site offered several plans, including a “Silver Plan” promising returns of 10% in 24 hours for investments up to $999, a “Ruby Plan” promising returns of 20% in 72 hours for investments between $1000 – $4999, and a “Gold Plan” promising returns of 30% in 120 hours for investments between $5000 – $9999. But this obvious fraudulent website is not the focus of this week’s Top Story. Rob told us that he discovered that a photo of an investor, identified on this bogus site as “Alex J,” could be found on lots of other websites around the Internet. We decided to investigate the photo and found ourselves hurling down a deep rabbit hole of fraud across dozens of websites, including legitimate and very well known websites! We finally had to stop, scramble up for air, and ask the question…..Who is this man, represented by at least 33 different names across the internet? What we found had us shaking our head in disbelief. Can you trust anything online anymore?
This crazy investigation began when Rob told us about the fake investment website called “Global-Trades[.]world.” The site is an obvious fraud, offering impossibly high rates of return. For example, it claims to have been founded in 2019 but its domain name wasn’t registered until August, 2022. “Alex J” gave this fake company a 5-star review and is quoted as saying the company is “Legit, and is legit.” (Well THAT quote inspires confidence, doesn’t it!)
Based on Rob’s findings, we conducted a reverse image search of Alex J’s photo. This is where our story exploded into the surreal world of more than 33 identical photos identified by different names. Some of these listings were on more scam websites, but many others were on websites likely to be legitimate or are very legitimate sites. For example, this man’s photo appears as the CEO of different companies, three different authors of different books on Amazon, six different names on LinkedIn, and MULTIPLE testimonials on different types of business and educational websites across the Internet. This list is absurd! Clearly, this is just one photo of a man with with one identity. That means that more than 33 other websites are lying in some way about this person on their website. If true, what else are they lying about? Can we trust what this man says on any website or trust the websites themselves? Take a walk with us down crazy lane…
After locating this man’s same photo on so many websites, but with different names, we finally gave up counting when we hit 33! For example, on the James Madison University website, he is listed as “Brandon” from Mutual of Omaha. He is “Ryan Kelly,” a Partner on the website for Rokings[.]club, but then he is Thomson D. on LeadingBull.com (a digital marketing agency), and “P K Bhatt,” the founder of an engineering firm called Krishna Engineers in India.
In addition, we found six LinkedIn accounts of different names that all used this man’s same image. Apparently, he is also… (You may need to have a LinkedIn account to view some of these profiles.)
- Carlos Danger, from Baltimore, MD
- Tilden Katz, from Toronto Canada, CEO/Founder of Artemis Technologies
- John Walters, CTO of JCot.io, in Malta
- Robert Clark, Financial Planner, London, England
- Balaji Gutte, Director at Kumaarakalpa Staffing And Services Private Limited, Pune, Maharashtra, India
- Otto Schustermann, Key-Account-Manager with UX Vienna, Vienna, Austria
But the craziness didn’t end there! This man is several different authors with books published on Amazon! For example, he is both Ralph Cybulski, author and an “internationally recognized speaker,” and Dr. Thor Templar, Author of “Occult Gym: Develop the Muscle to Manifest Anything” and other books. This photo was also used to represent more than a dozen men who gave “testimonials” about businesses of all kinds across the Internet.
At this time in our crazy exploration, It didn’t surprise us one bit to find this photo listed as different names on Yelp Reviews, Quora Posts, and as the CEO or Founder of several different companies!
- Michael J. or Michael H. – January 11, 2020 on a Yelp review of a flower shop in Marion, Illinois called Etcetera Flowers & Gifts.
- Josh F. – June 19, 2019 Yelp review of Encore Fence in Temple, Texas
- William T. – wrote multiple reviews in 2019 of Andy’s Auto Collision on Yelp
- Jary Mark, Internet Marketer/Entrepreneur posting reviews on Quora since April, 2020.
- Edward Shivs, CryptoTrader and Investment Analyst (self-employed) posting reviews on Quora since November, 2018
- Johan Kilmer, CEO of Kepco Energy Resources LTD, an engineering firm headquartered in Tortola, BVI
- Bhor Bansal, Founder of LearnInCollege, an Educational Institution that provides lectureships relating to various courses recognized by different Universities in India
- Alex Joe, CEO of Max Coins brokerage firm (This firm had similar scam returns as the above site that led us on this witch hunt)
However, two findings were unexpected. The first was finding this photo used to represent a man named “Brad Williams” from a company called “The Big Shoe Studio. Brad posted testimonials on at least three websites:
- Web App Verticals, a digital consulting company (Testimonials page)
- Nova Design Agency, a company that says they “ship you with technology” (Testimonials page)
- Wright Branding Solutions, a company that claims to “help brands thrive” (Testimonials page)
All three of these websites look very similar in design. However, the most important finding for us is that we could not find any business by the name of “The Big Shoe Studio!” Neither Google nor Bing could find anything about this business. It’s as if it simply didn’t exist. We don’t believe it is a legitimate business anywhere in the world!
The second unexpected finding was the fact that we also found this man’s photo listed by the name “Sallie Grant” on a FAKE BANK website called Vertaplc Bank (biosmortgage[.]com). We’re certain that the name “Sallie” is only used for females, based on a our “extensive” research of the name “Sallie.” But, nonetheless, this man is Sallie Grant, an Expert Agent for a fake online bank.
So WHO exactly is this man? What is his real name and which, if any, of these websites is to be believed? Sadly, we cannot answer the question with confidence, but we have two finalists. This image was used to represent an author on Amazon for the cover photo of a series of books about investing. His name is Danilo Schiavone, and he is the author of the book collection called “Trading” published in September, 2019, as well as many other books about investing and trading. (Here is his book series on Amazon.com and Goodreads.com)
It is also quite possible that this man’s photo was a stock image, for sale on one of dozens of stock image websites. We say this because in all of our investigation we found a couple of websites in which this photo was used a part of the website design, but with no name. (For example, om SteerUS.io, a New Jersey company that conducts management training.) However, we crawled through hundreds of photos looking for a “professional older man” on Adobe Stock Images, iStockPhoto.com, and Shutterstock.com and were disappointed not to find our guy. Admittedly, this foray into stock images was just a drop in the bucket of the tens of thousands of photos available in all the stock image sites across the Internet.
In the end, we were disappointed. However, a critical point we’ve always known about the Internet was blazingly clear in our minds. You cannot believe or trust anything you find online! Obviously, the more credible a source is, the more believable it is likely to be, but we recommend keeping a healthy dose of “skeptical” no matter what the source!
Fake Crypto Websites — This week we’ve identified two confirmed fake crypto websites that were impersonating legitimate platforms. Have you come across any of them? Check out and protect yourself with this 100% FREE, all-in-one tool.
Targeting Kids with Disinformation and Why Can’t We Do Better? — As we so often address lies, misinformation and deceit online, we want to bring some attention to the deeply troubling impact this can have on children’s education. We recommend listening to this 10 minute video from the BBC World Service, published about 5 weeks ago. It is titled Bad science: AI used to target kids with disinformation on YouTube. (I am a former science teacher and life-long educator. This video makes me sad. Why can’t these platforms and our governments set better standards?)
Speaking of misinformation and “why can’t companies do better” concerns a 419-scam email Rob sent us last week. The email he received on October 26 came from “presidency.com” and pretended to be from the United Nations. It even included an application and two fake IDs of UN staff. The REAL website for the UN is un.org. Notice that this scammer dropped un.org into the name field IN FRONT OF the @ symbol. The free email service at Presidency.com has a low reputation because it is often used by scammers! (Check out this listing at IPQualityScore: https://www.ipqualityscore.com/domain-reputation/presidency.com )
Our point is that the companies who produce web browsers and provide Internet services, including email, should be held to higher standards by our governments! For example, EVERY email that is sent from the domain presidency.com, should have a disclaimer immediately following the domain name that “this domain is a free email service and not associated with any government agency of any country.”
Here is another example of how poorly consumers are protected by the organizations that run the Internet. ICANN.org is the leader of our global Internet domain system. This organization, and their licensed Registrars, fail us miserably! On October 19, Rob received an email from FederalMaxGrant.com, completely unsolicited,saying “Great news! You are eligible to receive a government grant.” But in order to apply for this grant, Rob would have to pay a fee up front. (You can see this fraud in our “Your Money” column below.) According to this very legitimate US Government website, two things stand out…
- The US government does not contact individuals to award grants for which there has been no application. An individual who makes this claim is not from the government and could be trying to collect private personal data from you, such as your Social Security number, bank account number or other such information.
- The US government does not charge a fee for individuals or entities applying for a federal grant. While financial information may be required as part of the application process, it should be submitted through a government website, such as Grants.gov, and there should never be a cost to you.
Our point is this, considering the overwhelming amount of fraud on the Internet associated with web domains, why doesn’t ICANN (and its Registrars) have a higher set of standards to police and monitor the domain names they sell? A name such as “Federal Max Grant” seems like a pretty low bar that deserves attention considering the incredibly high amount of fraud online. Afterall, “federal” means “relating to a system of government.” Should ICANN, and the Registrars they license, have fraud departments to investigate newly registered domain names? We think so!
By the way, two good articles related to government grant scams can be found here…
iCloud Storage and Password Expiration Notice — We’ve seen an increasing number of these bogus phishing emails targeting iCloud users. They claim to offer 50GB of free storage. But of course none of them come from apple.com or icloud.com and the links don’t point back to these legitimate domains. We want readers to see that the links in this phishing scam points to a link-shortening service called tinyurl.com. In that long link, the only thing that matters after the first single forward slash is ysa2yzt9. Everything after that 2nd single forward slash is just a distraction. When we used Unshorten.it to unshorten that link, we discovered that victims will be sent to a phishing website at the domain called imaginio[.]live.
The following email was sent to an employee at an Educational Institution. (.edu) It is a phishing scam sent from a server in Romania. (Notice the FROM address ends in “.ro”) Also notice that the green login button doesn’t point to the user’s school, but to a website called “backblazeb2[.]com.” (The domain name is up against the first single forward slash. All the junk in front of that, such as “us-east-005,” are subdomains and separated from each other by a period.) Once clicked, the phishing site had a lovely black/white image of a hand on a laptop, along with another button to begin collecting your personal information. Deeeeleeeete!
Approved for a Federal Grant and Sell Your Home for Cash — As we described above in “The Week in Review,” Rob received an unsolicited email from FederalMaxGrant[.]com that he had been approved to receive a federal grant. Free money! Except that Rob was required to pay an application fee of $99 AND provide a LOT of personal information to these scammers! It turns out that this “federal grant” program was hosted on a server in Luxembourg. Not exactly what you might expect for a US federal grant program. When we investigated this fraud, we also discovered that the scammers behind it had also likely registered another nearly identical domain called FederalMaxGrant[.]online about 6 weeks before the other domain. It was hosted in Hessen, Germany and has already been taken down! Gee, we wonder why? (**said dripping with sarcasm**)
A few days ago, one of our readers forwarded an email offer he received to “sell your home fast for cash.” Several things got our attention about this email. The first was small light blue strip at the top made to look like it came from some email authority, quietly stating that the email was sent from a “trusted sender.” NOOOOOOOOO! It was not! Do not believe these statements! Email services can never guarantee this and they ALL get abused. Secondly, and MOST importantly, we want to point out patterns that are worth noticing about a large number of malicious emails. This email came from someone’s email address that ONLY uses the letter “a” in front of the @ symbol. For almost a year, we’ve been collecting evidence about a particular cybercriminal gang’s methods of operation. We have often seen patterns in groups of malicious emails. Also, when mousing over a suspicious link, we’ve been noticing that the cybercriminal gang responsible for this malicious clickbait OFTEN creates a first directory (folder) that follows the domain and simply named “rd.” In the link below, you’ll see this after .com/
The links in this clickbait all point to a malicious domain called frequentl[.]us[.]com, that was registered 2 weeks earlier using Namecheap, that HORROR of a Registrar! This domain is hosted in Riga, Latvia.
Processed Payment Attached — In case you hadn’t noticed, Halloween was celebrated yesterday in more than 20 countries around the world. In honor of that scary holiday, we have another email with a scary attached htm file sent to one of our readers. What peaked our interest about this attachment was that it contained VERY LITTLE code, as evidenced by the “1K” size. We cracked it open, cue “creaking door sound,” and discovered just 5 short lines of code. The scariest line was the one that said “go visit a webpage at the domain called lagabi[.]com.” Virustotal.com says that this site is not to be trusted! Lunge for the delete key! Cue sound of screaming witch!
Your Package Notice from Taiwan —If you’ve been reading our newsletters in the last few weeks, then you’ve seen these texts MANY times before! But this time, we want you to notice that this bogus text, pretending to be from the United States Postal Service, came from a domain registered in Taiwan! “Usps[.]tw” This obviously fraudulent domain was registered on October 10. The link you are asked to click, usps-helpcios[.]com, was registered just a few days before this text was received, on October 24.
Swipe left and delete!
Until next week, surf safely!
Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com
Keurenplein 41, UNIT A6311 | 1069CD Amsterdam, The Netherlands