Select Page
Weekly Alert  |  November 30, 2022

Here’s Why You Cannot Trust Google Ads Literally, everyone on earth who has used the Internet has likely used Google. That’s a LOT of eyeballs. So it shouldn’t be surprising to learn that Google’s Ad revenue in 2021 was more than 209 Billion dollars, according to Online advertising is a significant financial force, but can it always be trusted to provide risk-free links? The obvious answer is no. That said, you may be surprised by how serious the problem can be for Google Ads that appear at the top of your search returns.  Here are two recent, and very different examples…

Just to be crystal clear, this is what we mean when we talk about Google Ads shown to you after you conduct a Google search. Google will inform you that top links are advertising links by using the letters “Ad” just in front of the website address or at the beginning of the text underneath a link.  For example, searching for black friday deals recently showed us that Verizon, Dyson and Bombas paid Google money to be listed in advertising links in the top few returned links.

But being listed as an ad in the top Google returns does not mean that the link is safe or legitimate!  Our first example comes from a woman who prefers to remain anonymous. We’ll call her Lucîa. One of Lucîa’s contacts saw an Ad for a very well-known business appear at the top of a Google search result. (She’s asked us not to reveal this well known business.) Her contact clicked the Ad and jumped through at least 2 websites to land on the following website… 

Though we were not given the name of this website, we were told by her reliable source that it was NOT or any legitimate related service. This pop up “Security Warning” was an engineering trick intending to get people to pick up a phone and call a fake Windows Support phone number.  According to Lucîa’s source, if you try close this window, the popup goes full screen and informs you that your computer is locked. Such behavior is NOT indicative of real website services, but it IS indicative of some malicious websites. Though her source reported the Ad to Google, it remained live for several hours. 

Should you be hit with a malicious popup, it is critically important NOT to click on any of the choices presented. Immediately, quit your browser and if you cannot do that, shut down your computer. Ideally, you should already have anti-spyware/anti-malware software installed on your computer. (This includes Apple computer owners!) If so, turn off your Internet service to prevent any additional malware from being pulled in by the possible malware you may have installed, restart your computer and conduct a malware scan with your trusted anti-malware/anti-spyware software. Once completed, open the web browser that you had used and locate the “add-ons” or extensions. Look for any odd extensions, or extensions that you don’t need, want or don’t make sense.  Remove them and restart your computer. Then turn your internet back on. (If any of this is a challenge to do, enlist the help of a tech savvy friend or service.)

We wondered how easy or hard it might be to run a Google search and find questionable or scam Ads.  The answer… Our third search! Our third search was for a service widely used in the United States: usps (United States Postal Service).  The second Ad that Google showed us was for a website called USPSStampStoreLocal[.]com. (The first Ad was for the very real Besides the domain name itself, we found two other observations suspicious about this website…

  1. The oddball grammar found in the first half of the actual link, suggesting that the website creators are not native English speakers.


  2. The offer to sell 300 stamps for $65. At the current postage stamp rate of 60 cents per stamp, 300 stamps would normally cost $180. Selling those stamps for $65 represents a 64% discount, or a cost of roughly 22 cents per stamp!

We used Google to search for reviews of this website and were very surprised by what happened next! Besides seeing that the top link returned was for a website about Ad scams, the next two links showed us details about toothbrush sales at USPSStampStoreLocal[.]com! This only fueled our suspicions that this website was not likely legitimate or safe to use. 

We visited this stamp-selling website after using several tools to confirm it did not have malware lying in wait. At the very bottom of the “About Us” page we discovered a business name that didn’t match anything else on the site…SunStampUS. We wondered if there were other stamp-selling websites using information found on this suspicious site. The bottom of their About Us page says “We legally acquire our stamps from 1,000’s of supply partners and the public from businesses such as CVS and Costco.” When we conducted a Google search for this exact sentence, we found it located on two other websites, uspsontime[.]com and onlinebuystamps[.]com.  The former website domain name was registered on October 26 and the latter on October 31. That’s about a month ago, making these new websites HIGHLY suspicious, in our opinion! (USPSStampStoreLocal[.]com was registered on August 16, about 3 ½ months ago.) 

We are not alone in our overall suspicions of Google Advertising returns! On September 16, 2022, The Washington Post published an article titled “Scams are showing up at the top of online searches.” The author, Geoffrey Fowler, described this phenomenon as “malvertising” and gave several examples, as well as offering great tips on how to respond if you suspect you’ve been hit with malware from these landmines. 

Please stop trusting Google, or any other online service, from protecting you against cybercriminals. They can’t do it 100% effectively! That’s why it is so important to educate yourself, your family and friends, on how to see through online fraud and identify suspicious content.  One final ironic footnote to this story…

To calculate how much of a discount the stamp-selling website above was offering, we turned to Google to simply ask “cost of a stamp.” Google included two Ads at the top of our search results. The second Ad was for a website called BuySaleStamp[.]shop. The meta text under the link “Cheap Us Stamps Only $22” and the crap global top level domain “.shop” immediately triggered our “spidey senses.” When we checked a WHOIS to see when this domain name was registered, we discovered that it had been registered anonymously only 2 days ago, on November 24. We STRONGLY suspect that this stamp-selling website is also not legitimate! Caveat emptor!

Missing Boy Scam on Facebook Posts have been going viral on Facebook in relation to a supposed missing boy called Tyler Griffin… But it is s SCAM! Check for details and protect yourself with this FREE, all-in-one tool:

Selling Merch Online Attracts Scammers Like Bees to Honey Last week after posting our Top Story about scams targeting people posting merchandise for sale on Facebook Marketplace, we saw some posts on about scammers trying to trick people selling merchandise. In this text exchange below, you’ll see that even though the seller CLEARLY says “cash only,” the scammer pushes the Australian service called PayID. Also, the scammer uses the VERY common ploy of “I’m not available to pick it up” and says he’ll send his daughter. This creates an excuse WHY the payment has to be digital, giving the scammer the opportunity to run his scam.

Another Reddit member posted this quick exchange. The scammer says that he is busy and can’t pick up the item being sold.  He says he will send a “FEDEX postman” who will provide the cash. That’s absurd! There is no such thing as a “FEDEX postman!”

    Speaking of absurd, our friend Rob is about to be arrested by the IRS! True! We wouldn’t joke about such a serious event. He got this email from Director General Pettig from the IRS with the subject line “IRS Insecurity Notification.” But don’t worry! We’ve offered to bail him out! (We’re sorry to hear that the IRS is feeling so insecure.)

      One of our readers sent us this lovely 50% discount offer from Comcast that came to her voice mail. Comcast is a telecommunications company and owner of the service Xfinity. The call came from a phone number located in Attalla, Alabama. (The 2010 Census showed Attalla with a population of about 6000 people.) The woman making the offer asks the reader to call back to 866-708-1529. That is NOT any published number for Comcast or Xfinity!

        Amazon, Norton, Paypal and Geek Squad This first smelly phish, disguised as an email from Prime Video, actually looks like it came from an account at the Chicago Tribune! It was sent to more than 60 AT&T email accounts and claimed that their Amazon payment for Prime had failed. The link to “update now” points to the link shortening service at LinkedIn. Fortunately, the offending link was quickly taken down.

        This Norton Antivirus renewal invoice looks very convincing, except for the facts that…

        1. It didn’t come from It came from someone’s personal Comcast email account.


        2. It doesn’t contain a single bit of personal information identifying the recipient of the email. For example, it says that payment was auto-debited from your checking account but doesn’t give you the last 4 digits of the account!


        3. Since when does Norton, or any business, have a “Cancellation Team?” The number provided to call that Cancellation Team is NOT associated with Norton at all!  It’s a scammer’s phone number!


        Here is a similar phishing scam pretending to be from Paypal for the purchase of bitcoin.  It came from a bogus free Gmail account. Look at the subject line!  At least they should spell correctly! They mention your “account statement” number but don’t give you the number! Details matter! That 888 phone number is also a scammer’s number.  Lunge for the delete key!

        There is something about this last rotten phish that you may not realize but it SHOUTS out to us as meaning fraudulent.  This “thank you” email for renewing your Geek Squad service contains an attachment.  The attached file is a jpg, meaning that it is a photo or picture file. REAL BUSINESSES will never, ever send you an invoice as a jpg (or “jpeg”) file!  Almost always, they will be pdf files.  If you see an attached invoice as a jpg (or jpeg) file, you can be 100% certain it is a scam!  Plus, this email came from a crap Gmail account!

        How Can Package Tracking be Dangerous? Tis the season for sending packages, many of which are likely to be gifts for ourselves and others. This explains why we are seeing a significant increase in malicious emails disguised as problems with packages being shipped! Emails pretend to be from UPS, USPS, DHL, Fedex and Express Service.  Here are a few examples, starting with an email pretending to be from UPS but coming from a server in the Netherlands. The “track package” link points to a not-too-well-known link shortening service at zpr[.]io.  When we unshortened that link, using, we discovered that you’ll be redirected to a VERY dangerous and well-known malicious website called ServiceShippingUPS[.]com. That malicious mimic domain was registered just 2 days before we found it on November 23!

          This next email wants you to think it came from DHL but, of course, it didn’t. Like many emails lately, the malicious link misuses the Google Apis service. Don’t believe it! Google Apis cannot be trusted to prevent malicious misuse.

            Here is one more example, again misusing the Google Apis service, for a link pretending to represent the United States Postal Service.  The email was sent from a website that has long been misused by cybercriminals called  Kodehexa[.]net.

              eFax Service –While Fax machines were all the rage in the 1980’s through early 2000’s, they are being replaced by online digital fax services.  One such well-known service is  This very malicious email, sent from a personal Gmail account (and NOT, claims to have an attachment. But the link to view the attachment points to Sendgrid[.]net, another service being misused for malicious purposes.


              Chase Payment Services, Credit Notice, You Won the Gas Card, and Business Opportunity – Our longtime reader, named Bobbie, continues to get lots of malicious texts. We’re certain that most of them are sent from the same criminal gang because of similar or related content in the texts. This first text claims to be about Chase Payment Services but the link points to ridiculous domain called SunnyYParapet[.]com.  The second text concerning a “credit notice” points to another bogus domain called LightYSpatter[.]com. Both domain links are followed by 15 characters of gibberish as if it were a code.  Do you think these threats were sent by the same criminal gang?

              Bobbie and others have received malicious texts for weeks containing a link to a website we’ve mentioned previously…. F0undlth3r3[.]link.  Below are two recent texts containing malicious links to this website. You have NOT won the gas card and this is NOT a business opportunity! But you DID dodge a bullet by not clicking on these landmines.

              Until next week, surf safely!

              Copyright © 2022 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
              have subscribed to it via or

              Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

              Contact Webmaster