Select Page
Weekly Alert  |  November 3, 2021

The 2nd Global Online Scam Summit will be November 3rd & 4th!Please join us for the second edition of the Global Online Scam Summit (GOSS) taking place on 3rd and 4th November 2021. The event, organized in association with APWG and the Global Cyber Alliance, is a platform for sharing knowledge and insights on how to fight online scams and fraud worldwide.  Last year more than 425 representatives joined the 1st Global Online Scam Summit virtually. This year we hope to make the event even bigger by expanding to two days and adding more inspirational speakers but also more possibilities to network and share insights one to one.

“Brushing Scams” and Increased Scam Phone CallsHave you ever heard of a “brushing scam?”  More than a million people in the UK are believed to have been made unwilling participants to this scam, but Americans are also targeted.  And the craziest thing about this scam is that these “participants” actually receive a free gift! So what are these scams? We’ll give you a hint… They are related to fake reviews. To learn more about these types of scams, check out our article on Scamadviser.com titled “Got a Parcel You Didn’t Order? It Could Be a Brushing Scam.  Also, ever wonder if reviews on Amazon are real or fake? There’s a website that uses AI to evaluate product reviews!  Copy the Amazon link to your product and then visit ReviewMeta.com.  You’ll be surprised by the number of products that use fake reviews!

We’ve had some newsletter readers report an uptick in spam/scam phone calls in the past week and we’ve noticed it ourselves.  In honor of the scary halloween season just ending, check out this OFTEN USED threat that you’re going to be arrested unless you press 1 to talk to “Federal Agent” and speak to the “concerned department!”

Doug from TDS received a call that he couldn’t resist! He was told that his “auto warranty had expired” and to press 5 if he was interested to renew his auto warranty now.  He pressed 5 and was talking with “Ally” from “Dealer Services.”  Listen to what happened to him when he questioned Ally about what Dealer she represented. NOTE: the volume increases after the first 3 seconds; you can hear that “Ally” is in a scam call center with other callers in the background and that she has an accent.  Some news services are reporting that victims will be charged as much as $3000 for this scam warranty. Learn more about this scam in this FCC.gov article Watch Out for Auto Warranty Scams.

We also receive lots of offers from marketing companies, like this one offering us money to post links on our website. (We NEVER accept content from anyone, for any reason UNLESS they are a demonstrated expert in a way that can help people reduce their online risks!) According to our favorite WHOIS, headsupmarketing[.]online was registered at the end of July, 2021.  Deeeeleeeeete!

Finally, we are also seeing a recent uptick of scams arriving as text messages onto people’s phones.  Many of these are bogus job applications! (See Texplosion below.) You can learn more about many of these types of scams on Scamadviser’s site “Hot Scam of the Week.”  We followed up on the link to one job application and it led us to a Google form asking for lots of personal information. If you are applying for a job, NEVER give out personal information up front unless you can have a video chat with a company employee and VERIFY who they are and that there is a job opening, OR you are certain that you are on a legitimate company website! As you can see in this Google form, your information will be sent to someone using an email address at “mail[.]com.”  Mail[.]com is a FREE email service that anyone can use!  It doesn’t represent any business!

Citizens Bank (via text), Amazon & Geek SquadOur first phish is a bit unusual because it arrived as a text to one of our readers.  Banks will not text you to say your account has been disabled! Furthermore, we hope it is obvious to everyone that the link in this text doesn’t point to citizensbank.com! Nor is the sender’s phone number, 607-303-9109, associated with Citizens Bank! And yet, look how convincing the website is that we were directed to after clicking this link!

Amazon users are one of the most highly targeted groups of consumers across the world because Amazon is so popular across the world.  We see phishing scams against them nearly every week. Check out this email sent to us by a reader. It came from a Google Group, NOT amazon.com! The “Supports@amazon.com” is written into the text field that normally contains a person’s name. [WHY can’t email services prevent the “@” symbol from being used in this field?! **sigh**] Fortunately, this rotten phish has numerous grammatical, punctuation and capitalization errors that should make recipients suspicious! And, of course, the link to verify  your account doesn’t point to Amazon.com!

Cybercriminals continue to stick their middle finger at the software services who offer protection to consumers.  Such as this email about your Geek Squad subscription renewal. Apparently, your credit card will be charged $349. WHAT? Not your transaction? The scammers want you to call them at 877-711-4317 so they can manipulate the hell out of you! What they try most of all is to gain access into your computer and take over all your digital accounts. Deeeeeleeeeete!

This final Amazon phish says that “our services has protected your account…”  Notice the grammatical error!  English is not the primary language of most cybercriminals and sometimes you’ll see subtle mistakes that make this clear.

CVS Halloween RewardHalloween was celebrated across the United States just a few days ago and we hope that it was a fun and safe experience for all. Interestingly, we’ve learned that it is not a popular holiday in the UK, though it is sometimes promoted by Pub owners to encourage people to visit their establishments and order a pint or two! Surprisingly, we saw very few malicious clickbait disguised as Halloween promotions.  Here’s one that was sent from a person’s Gmail account and pretending to be a gift reward from CVS Pharmacy.

Sucuri.net discovered that the link in this scary email points to possible malware AND visitors will be redirected to another crap site called “a tad behind work” (attadbehind[.]work).

Virustotal.com shows us that 1 security service has identified the original link as frightening because it is malicious.  Also kind of scary is the fact that anyone who lands on attadbehind[.]work will suddenly find themselves on a server in Russia! This is not exactly in our travel plans.

It is NO COINCIDENCE that another newsletter reader ALSO sent us the exact same malicious clickbait email. However, this one came from a server in Germany and contained links to an entirely different, but equally scary, website with malware on it.  And it didn’t point to CVS.com!  Step away from this flesh-eating zombie!

    3 Examples of Targeted Attacks – Sometimes attacks from cybercriminals are targeted and personal! Understandably, such attacks can make victims feel frightened and uncertain about many of the emails that pour into their inboxes! We have three different stories to share with readers this week about such targeted attacks.

    The first attack was shared with us by a longtime reader who has become VERY savvy about the tricks scammers use to target consumers. He received an email that appears to have come from his niece, a woman named Lindsay.  Lindsay’s email says that she has a picture to show him that she should have sent earlier, and she provides a link to the picture.  Except that our reader is smart enough to recognize that the email address that followed his niece’s name WAS NOT her email! He contacted his niece directly to ask if this came from her and of course it hadn’t?

      What makes this scary for our reader and his niece is that criminals conducted research on their family in order to put this threat together.  The link to view the supposed picture points to a website that was registered in Iceland just 3 days earlier.  The age of this site is a SURE SIGN that it hosts malware, lying in wait for our reader to click and infect his device.

        The second targeted attack shared with us came from a woman who received an email from a friend whom she hadn’t heard from in many years. The email came from his REAL email address at Verizon.net! The subject was “Catching up” and that got her attention.  However, her friend, named David, said that he needs a favor and asks the woman to email him back as soon as possible. This woman thought that David’s request was a bit odd since she hadn’t heard from him in many years. She reached out to us for our opinion. We recognized this as a scam immediately. The giveaway was the fact that the “Reply-To” email address led to a different email account that was designed to look similar to David’s REAL email address.

          This “I need a favor” scam is all too familiar to us because many businesses and schools have reported this scam to us over the years. The person, pretending to be someone you know, asks you to purchase gift cards for others because he or she is unable to at the moment.  Then the scammer wants you to scratch off the back and give him the numbers on the gift card.  But don’t worry, the scammer says that he’ll pay you back!  Our reader has tried to contact David to let him know that his email account was hacked! A hacked email account is especially frightening because our email accounts are truly the keys to our digital kingdoms! (Learn how to recover from a hacked email account in our article.)

          The third example of a targeted attack happened to Doug & Dave at The Daily Scam during a 2-day period last week. We are often targeted in a variety of ways but this was the first time it was multiple phishing attacks.  We were sent a series of 6 similar emails (and one not so similar) to several different email addresses at TheDailyScam.com.  Almost all of these phish contained the exact same link to a site meant to capture our login credentials to our email accounts. Check out this first one sent to feedback@thedailyscam.com.  Apparently, our website prevented the delivery of 14 messages into our inbox and we were asked to “authenticate.”  However, this email came from a server in Saudi Arabia! (As seen by the “.sa” at the end of the email address.) LAME!

            Here’s another phish sent from Saudi Arabia telling us that our “4 incoming new messages are suspended.” Same bogus link to a phishing site.

            This was followed by these two phish sent from a website registered and hosted in Germany called winaico[.]com. All links point to the same phishing site as the emails above.

            VirusTotal.com told us that at least 5 security services recognized this phishing threat.  We visited that bogus login page and took a screenshot of it for readers to see.  We entered a very “telling” email address to make our point!

            Finally, during the two days of this attack, we received one last email that was made to look like someone had sent us some files to download through WeTransfer. Except that the email came from a website called vincentmarsh[.]com and the links pointed to a service called Netlify. Check out the list of files waiting for us through the bogus “WeTransfer” site. There is an mp4 sound file, a pdf, and a zip file.  The zip file is the most dangerous one of the three and very likely contains malware that will be triggered the moment we open it!  Scary stuff, right? No thanks, we’re good!

            Fortunately, Scamadviser and Virustotal had no problem recognizing the threats in these downloadable files! And so we lived to tell the tale to our readers!

            “How are you?” – Random WhatsApp contact – We have often heard from friends, family and readers that they had received a random message from a stranger via email, text or some app, like WhatsApp.  Some of these random messages are, no doubt, innocent mistakes sent to the wrong number or account.  Others, however, are lures to engage with a scammer such as this recent message sent to one of our readers through her WhatsApp account. “How are you?” says someone from 816-267-5639, using an icon of a  woman. “She” did not identify herself and is not known to the recipient but she sure spoke as if she did know her. 

            Our advice is simple. NEVER RESPOND to these random messages.  Instead, block them.

            Car Wrap Scam –Like tsunamis, car wrap scams suddenly flood an area and then disappear for a long time.  We’ve been writing about them for a few years and you can see many examples in our article Car Wrap Advertising Scams. Here’s a recent text randomly received from an email account to a reader’s phone.  You will NOT be paid but you WILL lose money when you deposit a fake check and then send your own real hard-earned money to the scammers.  Deeeeleeeete!

            Until next week, surf safely!

            Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
            have subscribed to it via Scamadviser.com or thedailyscam.com

            Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

            Contact Webmaster