Select Page
Weekly Alert  |  October 18, 2023

A Romance Scammer Targets a Canadian Woman In September, we spoke to a Canadian woman who had been victimized by a romance scammer, a man who called himself Boyan Chumak. Boyan claimed to be a freelance mechanical engineer who works on ship engines, currently living in Buffalo, New York but from Sofia, Bulgaria. (His phone number used an area code from Buffalo, NY as well.) He was about to go offshore for a job. (This is a common theme, often used by male romance scammers.) To protect her identity, we’ll call the woman “Maggie.” Maggie is age 46 and a retail clerk. She met Boyan on the dating app called Hinge on July 19 of this year. Sadly, over a couple of months, Maggie sent Boyan 67,000 Canadian dollars (about $49,000 USD). Before you judge her for her loss, listen to her story as she explains how she tried to help someone who seemed to care for her and needed her help.

Boyan’s profile said he was age 37, Christian and 178 cm tall. Almost immediately after meeting Boyan on Hinge, he asked Maggie if they could continue their conversation on Whatsapp. She agreed. This continued for several days and Maggie asked Boyan to video chat after three days. However, Boyan said that he wouldn’t because he had once been blackmailed by a woman using video chat. But he agreed to a short phone call. Maggie tells us that Boyan appeared to be a caring man who wanted to understand and get to know her. He seemed very empathetic and caring. In fact, after just a few days of communication, Boyan requested that they both delete their dating profile and continue to focus their attention only on each other. Maggie agreed.

About a week after meeting Boyan, and speaking with him daily, he said he was leaving to work a job in Malaysia. Unfortunately, the Internet service on the new job site was very bad and he couldn’t use his iPhone there either. (This is also a common theme in these scams because it gives an excuse to the scammer why he has to limit the type of communication, or quality of communication, with the victim.) Boyan claimed to be a world traveler and this seemed to be supported by the photos he posted in his social media account. However, we’re certain that some of these photos are photoshopped and not real. For example, the photo below seems to show Boyan Chumak in front of a famous landmark in Buenos Aires, Argentina called Circulo Militar (Army Club). But the image of this man was placed in front of this building’s photo with editing software.  Magnifying the original image confirms this because parts of his body do not match the resolution of the background around him. (Doctoring photos using Photoshop was a common scheme used by a very skilled romance scammer whom we’ve written about many times and whom we named the Professional Love Scammer from Zimbabwe.)

Boyan Chumak would sometimes leave voice messages on Maggie’s phone. Here is one of the last messages he left for her in mid-September. What is critically important for readers to recognize is that the voice you hear in this message is a man with the accent of a black African, and NOT the accent of a Bulgarian caucasian man speaking English.

This romance scammer used several tricks to convince Maggie that he needed her financial assistance. They involved giving her access to his bank account at a fake online bank called States Enterprise Bank, in which Maggie saw that Boyan had hundreds of thousands of dollars in his account. He needed her help moving money for several reasons, including paying a fine in Malaysia because he overstayed his visa! (See the screenshot below of his “official” court document.) His poor wifi service prevented him from doing this himself, he said. But Maggie discovered that when she tried to move the money from his bank account for him, she was asked to pay VAT and other taxes and fees. She had to pay these fees with her own REAL money but thought Boyan would repay her since he had so much money in his account! Of course, his bank is a fake bank and his money isn’t real! She also helped out Boyan by sending him moneygram payments and iTunes gift cards for other “problems.”

Overall, Maggie ended up sending his romance scammer a total of $67,000 Canadian dollars because she trusted this man and thought he cared deeply about her. She wanted to help him because she cared for him as well, and thought he would be able to easily pay her back since she saw the money in his bank account. But it was all a lie. The lies told by this scammer are very similar to the stories used by the Zimbabwe scammer we’ve written about many times. Also, the accent in the voice message left by Boyan sounds similar to the accents we’ve collected from other women targeted by the Zimbabwe scammer.

It is our experience that these romance scammers will delete their dating profile once they have a potential victim to minimize their fake name from being found and exposed while they try to groom the victim. However, this doesn’t stop the scammer from using the same photos, or photos of the same man with other names on other dating apps.  And, in fact, Maggie told us that she recently found “Boyan’s” photos under other names on other dating apps. She shared this link with us posted on TikTok by @CatchtheCatfish123 on July 27.  The video shows lots of photos of a real Russian ship mechanic and engineer named Andrej K.  It is his photos that are being taken and used by romance scammers and some of them were sent to Maggie by “Boyan.” (Here are some of his photos posted on YouTube.) Here is the same photo as above of this man as “Andrew Solomon” on the dating site

Maggie told us that she is very concerned that this scammer may try to hurt her. We tried to reassure her that this was extremely unlikely! We’ve personally spoken to more than a dozen female victims of romance scams and none of them ever reported being threatened by these scammers.  All these scammers want is money and we’re 100% certain that they are located in another country, far away from the victim! We did tell Maggie that her scammer will likely try to contact her for weeks, and perhaps months.  He doesn’t give up easily once he’s been successful. Maggie also told us that using Hinge and meeting Boyan Chumak was her very first experience using a dating app. We urged her to be extremely careful using any dating app because scammers are all over them.  We also told her that it is a serious red flag when someone she meets online is unable to have a video chat with her and is also in need of financial help!

Online scams are the most reported type of crime. Most countries now state that between 20 to 50% of all crimes reported are related to online fraud. This is only the tip of the iceberg, as only 7% of all scam victims report the crime to law enforcement. With nearly $55 billion lost last year and more than 300 million consumers scammed fast action is required.

On October 18–19, 2023, the 4th Global Anti-Scam Summit (GASS) will take place. The goal of the GASS is to bring governments, consumer & financial authorities, law enforcement, brand protection agencies, and (cybersecurity) companies together to share knowledge and define joint actions to protect consumers from getting scammed.

In 2022, we had nearly 1,300 virtual guests and 120 physical participants from 70+ countries. This year the event will be organized hybrid again. Last year, we defined 10 Recommendations to Turn the Tide on Scams. This year, we will focus on further defining these solutions and showcasing the best practices from around the globe.

Schedule  |  Book Tickets

October 18-19  |  Ramada by Wyndham Lisbon Hotel, Portugal & Online (Zoom)

Cryptocurrency Fraud Are you looking to invest in cryptocurrency? Have you come across these 2 websites Bufetex[.]com and Haeterbit[.]com? Be cautious! Check out for more details and protect yourself with this 100% FREE, all-in-one tool.

Like most of the world, we watched in horror at the atrocities committed by Hamas last week, resulting in a war with Israel that will only produce more horrific tragedies. Our hearts go out to the many thousands of innocent people effected by it all. However, to our readers we want to raise awareness about misinformation and disinformation being spread about the war in Israel. Several excellent news services have already documented these misinformation campaigns successfully spreading on X, the social media platform formerly known as Twitter, as well as on Tik Tok. (Apparently, one of Elon Musk’s methods to cut costs after taking over Twitter was to greatly reduce the oversight group that monitored and removed fake content.)  What shouldn’t surprise anyone is the fact that at least some of the disinformation is believed to be coming from Russia and claims that Ukraine provided weapons to Hamas. This is a lie. Here are several of the news articles about the lies being spread on social media about the war:

I am looking for Newsletter readers and others who have been helped by our content and who live in New England, USA. There is a Boston, MA reporter who would like to interview people in our greater area whom we have helped, or who have learned to be safer online because of our articles and newsletters. If this is you and you would be willing to speak with this reporter, please email Doug at  Thank you!

If you’ve ever wondered about the methodology of some scammers who target you with the many fake invoices that pour into your inbox, we can reveal their tricks thanks to our friend Rob! On October 12, Rob received a fake bill in his email from Norton Lifelock.

We would lunge for the delete key, but not Rob! He immediately turned on his recording software and called the scammers…..errrr, we mean Norton Lifelock customer support staff! As you’ll hear in this 4 minute and 10 second recording, the Norton customer support scammer wanted Rob to visit a dangerous website called hghelp[.]online. This malicious domain was registered just 5 days before Rob spoke to these scammers!  This domain is hosted on a server in Chisinau, Moldova. This malicious website will allow the scammer to completely take control over Rob’s computer! NEVER let some random tech support person point you in the direction of a website when they are just supposed to be giving you a refund. Also, confirm information! These scammers couldn’t identify Rob’s address, or credit card information.

Tricking people into giving these scammers full control and access to your computer is part of their method of operation.  Once they have access to your computer, there is a tremendous amount of harm they can cause to support their financial gain.  This includes installing malware, searching for information on your computer that can be monetized, taking control over your email, social media and financial accounts, and more. 

Our friend Rob has been very busy lately. We’re deeply concerned to report that he may be in serious trouble with the United States Secret Service! He’s been in communication with them (via emails) and, because he’s been unwilling to pay a fee in order to receive a box full of money with his name onit, he may be thrown in jail or…..God forbid, hanged!

Zelle, Xfinity, and Cox Zelle is a digital payment method owned by a variety of banks (Source: Wikipedia) So imagine getting a notification from Zelle telling you that you have a $1,600.00 payment waiting for you?  Except that closer inspection shows it was sent from a free Gmail account called notification.zelle.onlinesuport, with “support” spelled incorrectly! Unfortunately though, your Zelle account is not authorized to receive such a large payment so they want to give you another $500 to fully set up your account. We guess you’ll have to call the Zelle customer service number (347) 985-0045 to collect your full $2100.00.  But don’t worry, “neither the buyer nor the seller will lose a dime in this transaction.”  Yeah, and if you believe this malarky, we have land to sell you in Atlantis that is prime real estate! (Note: A Google search for the exact number 347-985-0045 turns up a link to a website in Taiwan and another link to a blog that lists lots of phone numbers.  But not to Zelle!)

Over and over, we tell readers that details matter!  Take this lovely email from Xfinity, thanking you for your payment of $403.11.  It didn’t come from Comcast, the parent company of Xfinity. It came from AnstonMail[.]com. This is especially interesting since Google can’t find this website at all and it was just registered early in August, 2023.  But more importantly is the small print at the bottom of this phishing scam!  It refers to Cox network, an entirely different business than Xfinity! “Cox respects your privacy.”  Like we said, details matter!

Here however, is an email that seems to be from Cox network but it actually came from someone’s hacked personal Cox email account and not the real Cox customer service account. Notice that the paragraph in this email contains a few capitalization errors and a grammatical error. The “click here” link points to a shortened link using the too[.]st link-shortening service.  When we unshortened it, we discovered that you’ll be redirected to a phishing page on app[.]link and not to! But the app[.]link isn’t your final destination either!  Again, you’ll be redirected and this time to a malicious phishing site at alertsszelelessa[.]com.


Medicare Advantage and Join AARP for a Free Gift In our September 20 newsletter we wrote a story how cybercriminals are targeting senior citizens around the world. That trend continues. October 15 through December 7 is the open enrollment period for Medicare in the United States and that most typically involves senior citizens. This means it is also prime time for scams centered around this topic. Recently, the US Federal Trade Commission posted an article titled How to avoid Medicare Open Enrollment scams on their website. Check out this recent email below that one of our longtime readers sent to us. It invites Americans to explore medicare advantage plans. But the email came from an extremely dangerous website responsible for thousands of malicious emails. It’s called tangismedia[.]net.  The link in this email points to a long string of characters when, in fact, it is a shortened link. Nothing after the pound symbol (#) in the link matters at all.  When we unshortened the real short link, we discovered that you’ll be redirected to a very dangerous website we’ve reported on in the past called vipgadget[.]store. You know what to do!

    Another example of cybercriminals continuing to target senior citizens is this bogus email pretending to be from AARP. (American Association of Retired People)  This clickbait did NOT come from and the links don’t point to it either!


    Apple Security and Your Email — One of our readers sent us this screenshot.  It popped up on her computer on October 14 when she visited some website (we don’t know which). It is clearly a redirect from one website, sending her to a site called portlocate[.]cfd. This website wants you to believe it is Apple Security but of course it isn’t. The domain portlocate[.]cfd was registered a few days earlier on October 8 through Namecheap. Don’t believe this junk! Your Mac is not at risk but it sure as hell will be if you click OK!  If this happens to you, immediately force quit your browser application. After you relaunch it, completely clear your browser cache and check your browser’s extensions to make sure nothing was installed within your application. (Ask a friend for help if you don’t know how to do these things.)

    Speaking of crap that is completely absurd and should never be believed, check out this email telling one of our readers that his Yahoo email has 42 complaints against it!  Now this is really absurd! However, if you clicked the link you will be adding malware to your own device.  Deeeeeeleeeete!

    Pig Butchering and A Purchase at 7-Eleven —Over several weeks this fall, we’ve brought attention to random texts hitting people’s inboxes that appear to be sent by a woman by accident. Doug has received multiple contacts like this, including a conversation he reported in our September 13 newsletter. We believe these random texts are the beginning of a pig butchering scam!  Here’s another one that came to Doug last week It came from a woman named “Jenny” who thought that she was speaking with a friend named Mary. Or so she claimed.  This “mistake sounds innocent enough but we don’t believe it is!

    One of our readers received this text from a “Workers Credit Union” concerning a purchase at a 7-Eleven convenience store.  (Notice the way a period is used to break up “unauthorized” and “cancel.”  The link in this text is to a shortening service.  When we unshortened the link we saw that it will redirect victims to a bogus help desk website called myonlinehelpdesk[.]info. Google knows nothing about this website and its no wonder. A WHOIS record tells us that it was registered less than 2 weeks earlier!

    Check out this Consumer Checkbook service article about how scammers are using Email to send malicious texts:

    Until next week, surf safely!

    Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
    have subscribed to it via or

    Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

    Contact Webmaster