These Cute Puppy Sites Are Scams! — Cybercriminals use a wide variety of lures to interest the public and perpetrate their fraud. Lately, one of the most successful types of online fraud we’ve documented concerns the online sale of puppies. During the first nine months of 2022 we helped expose 38 fake dog-selling websites and published these in our article Fake and Suspicious Dog-Selling Websites. However, in early October, 2022 we teamed up with a scambaiter who uses the moniker “Whiskey Scambaiter.” (“Whiskey,” as we call him, is passionate about dogs and whiskey!) Whisky also works with a team of scambaiters and researchers to help expose, annoy and shut down scammers. Their community is growing and becoming more organized! Through Whiskey, we also received a lot of additional data from the Better Business Bureau (BBB.org) showing a rise in this form of fraud. During one week in late September and early October, people reported 40 scam websites (including bogus shipping companies). Eight targeted people collectively lost $9,460.00 from this type of fraud. We’re going to step into this smelly doggy poo…
Here is one recent example of a puppy-selling scam. On October 6, 2022, a man reported to the BBB.org Scam Tracker website that his mother had called the phone number 786-567-8480, found on a puppy-selling website called goldens-pup.business.site. She expressed her interest to purchase a golden retriever puppy. The website goldens-pup.business.site is a home-made site set up using Google Sites, and claims to sell Golden and Labrador Retriever puppies. Their website says they are located at #40 Coral Reef Court, Palm Coast, Florida. A man, who answered the phone, explained that he wanted a $300 deposit towards the $800 purchase of a puppy. He did not want the woman to pay in person, and he would not accept credit cards. He was reported to have a heavy Indian accent, and was very difficult to understand. On behalf of his mother, her daughter-in-law paid the man $300 via Venmo to an account linked to the name @victoiredivine as the Venmo recipient. The victims then reported no further communication from the man or the website. Their deposit was stolen. When the son called the Flagler County Sheriff in the breeder’s region to report the crime, he learned that there was no dog kennel at that address.
The foundation of many online scams depends on cybercriminals building a believable website, with credible information, and appearing to offer something the consumer wants. If a website is created well enough, without obvious flaws and red flags, consumers are more likely to trust the site and make a purchase. Seeing the signs of fraud can be further complicated when cybercriminals steal real content from legitimate websites. In the case of goldens-pup.business.site fraud isn’t obvious on the website. However, details matter online! If you take the time to zoom in on the map location for their listed address and switch to satellite view, you’ll notice that this address is a house with no obvious kennel area or any evidence to suggest they house many dogs.
Also, the website includes several “testimonials” from people who claim to have previously purchased puppies from this breeder. A random search for quotes posted by two of these three reviews shows nothing odd. But there is a third quote from someone identified as “Matilda J.” She said “I was also impressed with the adoption process and the fact they cared about where these puppies were going, I’ve had job interviews which had less questions!” We used Google to find that most of Matilda’s testimonial also appears, word for word, on an Australian website called Yellowsite.net for a breeder located there. The Australian quote was listed for someone named “Alex Thomson.” Which quote is real? Are either of these quotes from a real person? We consider observations like these to be suspicious red flags.
Other puppy-selling websites have serious red flags suggesting they are not legitimate but only if you have a deeper understanding about online fraud. For example, for the past year at least one cybercriminal gang has heavily favored registering their fraudulent domains in Iceland, using the registrar service called Namecheap. The Daily Scam has documented so many fraudulent domain names registered through Namecheap in Iceland that it is almost a foregone conclusion that any domain registered in Iceland using Namecheap is a fraud! An example is the puppy-selling domain rosetoypoodle.com. According to this WHOIS tool, this domain was registered about 6 weeks ago in Iceland, using Namecheap. Newly registered domains are highly suspicious! RoseToyPoodle.com was reported as a scam site to The Puppy Scammer List site on October 3 and reported to the Better Business Bureau as a scam on October 6.
The man who reported rosetoypoodle.com as suspicious to the BBB.org scam tracker, gave them a text thread that raised many red flags for him. Here is an excerpt of his conversation with these scammers….
Scammer: Please will like for you to check your email right away for i just sent you and email with more pictures and information of Lola the toy poodle puppy you want to buy from me. The others are available but we do not welcome people to come see or pick up puppies for them because we had bad experiences allowing that to happen and more over my wife is pregnant and acting up so i will prefer you book a flight to El Paso, Texas send me details of your flight snd will be at the airport with which so ever puppy you pick to receive you and that has to be done today or latest tomorrow or we will take offers from other clients .hope you understand.
Man: A reputable breeder welcomes potential buyers to their kennels. I have your address. If you are a real breeder then let me pick a puppy, send it to me and allow me to pay at time of delivery. Sound fair?
Scammer: You have no right to tell me how to do my business and what guarantee do i have that if i ship the puppy to you i will get my money. you want to report a person that has no business with you and that has not taken any money from you.what are you going to tell the police? that you saw my website online and in your imagination you think is a scam so you just go and make a report. are you thinking normally. why not get a puppy locally like i advice and stop wasting your time moving up and dawn calling innocent people scam
Man: What guarantee do I have of actually receiving the exact pup I choose? What guarantee do I have of getting the puppy at all? Why do you sell purebred toy poodles for 600 when they typically sell for upwards of 1500.00? Why can people not go where the pups live?
Scammer: my wife is pregnant and her pregnancy is very complicated so no visitors.a client came and she just got angry with her for nothing so its complicated. its 600dollars because we giving a discount so that all of them can find new home before my wife put to birth so will have enough time to take care of her.
I really do understand your fears and concern but I want you to know that I am and honest and upright man and ripping innocent people off is against my principles as a person and religion as a Christian so will never support or even think of cheating or ripping innocent people off and i have once been ripped off too so belief me when i tell you i know how it feels to pay for something and do not get it at the end and was such a bad experience that will not even wish to my enemy not to talk of someone that has done nothing to hurt me.if it will make you feel safer, you can make a deposit of 400dollars and will ship Duke to you and the remaining 400dollars you pay when you have her and everything is good on the condition that you promise to take good care of her and get me my balance when you have her and if you cannot do that then i advice you get a puppy locally.
Man: Can you provide your name, your business name and it’s address? If you provide me your name, business name and address. [This was the last message reported by the man.]
It’s important for our readers to understand that scammers routinely come up with lots of reasons why they should be trusted, including that they are religious “God fearing” people, and they often describe circumstances why they can’t follow typical business practices, like accepting credit cards! Online deception is too easy to perpetrate! It’s critically important that consumers do their due diligence and VERIFY, VERIFY, VERIFY! Here are the names and links to many other recently reported scam puppy-selling websites. We’ve included a few with comments from the people who reported these scams to the BBB.org Scam Tracker…
Family Raised Tibetan Mastiff: familyraisedtibetanmastiff.com
Reported Oct. 5; domain was registered on September 21, about 2 weeks earlier.
Reporter noted: The address for this kennel is in a subdivision with no place for the dogs to stay unless they stay in the house and they say they have 4 pairs of breeding dogs and 7 puppies
Adorable Cavapoo Puppies: adorablecavapoopuppies.com
Reported Oct. 5; domain was registered on September 13 by “William Tatum” who said his address was that of the Mayo Clinic in Jacksonville, Florida!)
Reporter noted: I asked what the name of the vet they used was and I was told they did not give that out due to scams. The physical address listed was of a house that just sold very recently. After I was told this information about the vet, there was no other contact by the “seller.”
Elise Cavapoo Puppies: elisecavapoopups.com
Reported Oct. 4; domain was registered in New Zealand on August 29.
Reporter noted: A person named Elizabeth was texting me, telling me she is from Atlanta, Georgia and can ship me the dog. She asked for information right away, saying the dog can be shipped right away. She asked for payment through Zelle. But she could not provide information about when the dog was getting shipped or anything really after I paid her $850. She also cursed me out on the phone. Wouldn’t give me my money back when I wanted to cancel the purchase. My friend decided to pretend to be interested in the same dog. They said he was available when we had already purchased him and they also said they were in a different state than they told us!
Star Life Poodles: starlifepoodles.su
Reported Oct. 4; domain was registered on July 26 and is hosted on a server in Ukraine.
Reporter noted: I found this website selling poodles extremely cheaply and I went to buy one. The person came off as very polite and kind. Claimed to be American but clearly wasn’t. After I sent the initial payment thru Zelle… We started the transportation process. So all of a sudden the seller kinda just passed me off to a courier company. That’s where they asked for more money for a specialized crate or, they said, my puppy won’t get shipped. [NOTE: This is a common part of pet scams!] They said the money is to “RENT” the crate and would be fully refunded upon delivery of the puppy. I thought what’s the point of even sending the money if I’m going to get it right back? This is when I knew it was a scam.
Additional fraudulent websites reported in late September and early October include:
IMPORTANT NOTE: We are always happy to partner with scambaiters! “Whiskey” tells us that he started scambaiting in April 2022 and created a Twitter Account WScambaiter (Whiskey Scambaiter) to share some fun stories with the public and try to raise awareness about Whiskey Scams. Like many of us who are fed up with the scammers, Whiskey wanted to make a difference and help fight scams. In his effort, he also discovered another Twitter account focused on specialty liquor scams in Twitter and getting these scammers suspended and their sites shut down. On Twitter they are called WhiskeyScamAlert (@WhiskeyScam). We encourage our readers to visit both WScambaiter and @WhiskeyScam on Twitter to find out more about the good work these people do to protect the public! And we’re grateful to Whiskey for his effort and our new partnership.
PayPal Invoice Scams – Have you ever received a Paypal invoice for which you haven’t a clue? Many have! Check out this article from Trend Micro on Scamadviser.com about these threats.
Reality Can Be So Bizarre! – Last week we learned about some things that happened online and in real life that had us shaking our heads in disbelief. What we learned was bizarre, but true. Let’s start with an article that appeared last week in TheRegister.com, an online publication centered around technology. Their article “How Wi-fi Drones Snooped on a Financial Firm” reads like science fiction! Futuristic stuff and yet, it’s true! Criminals flew a drone, containing various hacking tools, onto a bank’s building to hack into the bank’s wi-fi network and divert money from the bank. Oh my god! New advice to all financial institutions and others, check your roof tops periodically!
The second bizarre thing that happened just recently concerned an obscure message sent to us through our online form at TDS. The message that was posted came from someone identified as “J. Colbert” (colbert.jen @ yahoo.com). It said:
Hey, I came across this page and wanted to share it with you.
Check out how to survive a nuclear attack from Russia and his credit leader Putin…
It’s a one mad man rule, there’s no check on it. And he’ll probably do it. We have to prepare.
Check it out, bit[.]ly/3InuK8c [<–We deactivated the Bit.ly link by including the brackets around the period.]
This message seemed really strange to us, of course. Bit.ly is a link-shortening service, as many of you know. Fortunately, there are several online services that can unshorten such a link and tell you where they lead to on the Internet. This is a good thing since lots of cybercriminals use shortened links to send people to malicious websites where they are hit with malware and infect their devices. We copied that Bit.ly link and pasted it into Urlex.org. (We also like to use Unshorten.it) We fully expected this to be a trick pointing to a malware-laden website. Instead, the link redirected us to a website selling baby products and called JoyfulKids[.]com! The web page to which the Bit.ly link pointed contained a variety of highly discounted survival products, and included “Ukraine Flag Support” for $14.99 – $19.99.” Here’s a screenshot of just the top quarter of the web page…
Adding to the bizarre nature of this web page was the text found at the bottom from the KidsJoyful[.]com website saying “We are a leader in baby and young kids trendy accessories. We work very hard at selecting our unique items and we strive to provide the best customer service online shopping has to offer….” What on earth was going on? We assumed that their website had been hacked and misused so we sent them an email to let them know. But then we dug a little deeper and discovered a possible rabbit hole into this kid’s joyful Wonderland. Google showed us that someone had posted a 1 star vote on the KidsJoyful[.]com Facebook page. On July 3, 2020 someone named Alex said “I ordered something 2 months ago for my baby. It is still not here. And now she is too big for it….if it every comes.” But stranger yet were the posts we found on the Better Business Bureau website about this online retailer. The BBB.org has given KidsJoyful[.]com an “F” rating! Four consumer complaints posted on BBB.org all stated that they hadn’t received the items that they had purchased from this website. Also, this online retailer had not responded to any of these complaints, which is extremely unusual for legitimate services. And, to top off this odd circumstance, was the fact that on May 17, 2021, someone posted this complaint… “I ordered a knife sharpener from them in march. They took payment and have never shipped or responded to emails.” Wow! We didn’t know babies played with knife sharpeners! Hmmm….. When it comes to online purchasing, Caveat Emptor!
IMPORTANT NOTE: We are seeing so many phishing scams explode on the Internet that we wanted to take a moment to remind readers how to tell what is a legitimate login for a website. Here are two legitimate examples: Comcast (Xfinity) and Paypal. It is CRITICAL when looking at a link for a legitimate login page that you see the exact name of the website you expect IMMEDIATELY IN FRONT OF THE first single forward slash. In this Comcast Xfinity example you can see that the legitimate true link begins with https (where the “s” means Secure transaction), followed by the text login.xfinity.com/. The word “login” (followed by a DOT) is a subdomain and is fine. But the real truth to this link is seeing xfinity.com followed by the first single forward slash.
Similarly, check out this legitimate link into a Paypal account. After the https the text reads www.paypal.com/ The “www” is quaint and refers to the “world wide web” as it used to be called back in the early 2000’s and 1990’s. It isn’t necessary nowadays to be included in a link. But, most importantly, it is followed by paypal.com/
Here are a few fictitious domains we came up with that would NOT be OK to log into:
Paypal[.] securitysupport [.]com/
Xfinity[.] secure-site [.]com/
USPS, Chase Bank, Bank of America, Amazon and Yahoo Email! – So many phish and so little space… When one of our readers sent us this “Failed Delivery Attempt” disguised as an email from the United States Postal Service, we figured it was malicious clickbait to a malware infection, but we were wrong! According to VirusTotal, Trustwave has found the sendgrid[.]net link to be a phishing scam! Oh well. Ya learn sumthin’ new every day on the inter-webs.
“Let’s get you back online” says this lovely email from a website called “marisaba[.]com.” But you are led to believe this is from Chase Support at Chase Bank! The link to “Sign in Here” points to an animation website in the United Kingdom (“.uk”) Certainly not our Chase Bank!
WOW, Sendgrid[.]net is getting SERIOUSLY misused by cybercriminals! According to Wikipedia, Sendgrid (DOT-net and DOT-com) is a communication platform and email marketing service. We keep seeing LOTS of malicious emails sent through their service, like the USPS phishing email above and this email pretending to be from the Bank of America below! It’s just one more reason why it is soooooo important to mouse-over links and look at where they point to BEFORE you click!
One of our longtime readers has been getting hammered by bogus phishing emails pretending to be from Amazon. This one was sent to “undisclosed-recipients” from a domain that was registered in Iceland the day before the email was sent and called fastdiger[.]me. Wow! What a surprise! A domain registered in Iceland through Namecheap that’s 1 day old and used for online fraud? How unique! (**said DRIPPING with sarcasm**) By the way, the link “Update Payment Information” points to a website called KingHerLand[.]me. Care to guess where this domain was registered on October 6th?
LUNGE for the delete key!
We bet you’ll all agree with us…. YYAHOO, YAAHHOO, YYYAHHHOOO, MYYYAHOOO or any other misspelling is not the same as Yahoo! Check out this phishing scam one of our readers received. The links point to a subdomain called “myyyahooo” at myportfolio[.]com. No need to update your account here! Just tap the delete key once.
ACE Hardware Loyalty Program and Legal Notice! – ACE Hardware was founded in 1924 (Source: Wikipedia) and has a rewards program. HOWEVER, this next email is NOT from ACE Hardware and is just malicious clickbait. It came from a domain called KaffeineBuzz[.]com. The links in the email point to the misused services at AmazonAWS. Boo hoo! Good services are taking a beating and we all loose as a result.
This next email is bizarre and targeted David at The Daily Scam. It claims to be a “Legal Notice” and was sent from a crap domain registered back on January 3 of this year that seems to be legitimate. But it isn’t. Notice that the email asked David to pay his “warrant” for the legal proceedings via a free Gmail account called debtsettlementdepartment[.]us @gmail.com. That’s complete BS! We know this scam has been circulating for quite some time because a Google search for the address listed at the bottom of the email shows at least 5 links reporting this message and address as fraud! Lunge for the delete key!
Malware Waiting For You – Sometimes you think some phishing scam emails are just that….Phishing attempts. But cybercriminals sometimes throw you a double-whammy recipe of malware, followed by a phishing website! Here are two recent examples. The first is an email that appears to be an Amazon phishing scam. However, we’ve confirmed that malware lies in wait for you and then you’ll be forwarded to a random website. This clickbait was sent to about 50 AT&T account holders.
This second example pretended to be an email from Xfinity but it came from a user’s Hotmail account. (Xfinity users are getting hammered by online threats!) The link pointed to a server in France! (“.fr” = France) ‘Nuf said. Step away from the ledge.
Netflix Has Sent a Refund and Your Device Will Be Locked –One of our very longtime readers recently sent us these two texts she received hours apart. Both are HIGHLY malicious! In this first text, the domain dashfondness[.]com was registered in the Bahamas on the day the text was sent and holds an external script for another suspicious website called prizeforsurveys[.]net.z
Of course this next text is complete nonsense and 100% malicious! The Zulu URL Risk Analyzer tells us that the website in the link contains a redirect to send you to another site called kedkotoa[.]com and this second website holds a hidden connection to a third and VERY DANGEROUS website called weccasoz[.]com containing malware and used for phishing scams. RUN AWAY!
Until next week, surf safely!
Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com
Keurenplein 41, UNIT A6311 | 1069CD Amsterdam, The Netherlands