The 2nd Global Online Scam Summit will be November 3rd & 4th! – Please join us for the second edition of the Global Online Scam Summit (GOSS) taking place on 3rd and 4th November 2021. The event, organized in association with APWG and the Global Cyber Alliance, is a platform for sharing knowledge and insights on how to fight online scams and fraud worldwide.  Last year more than 425 representatives joined the 1st Global Online Scam Summit virtually. This year we hope to make the event even bigger by expanding to two days and adding more inspirational speakers but also more possibilities to network and share insights one to one.

Do you think you can spot scams with your eagle eyes? Check out this “Spot the Scam” article from Trend Micro posted on ScamAdviser.com!  Good luck!

The Week in Review: Joe Biden Has Money for You! – Just like colors are exploding across deciduous forests this Fall, so too are scams exploding across the Internet and preying on consumers under the guise of the “Fall season.” Check out our Top Story below. 

On a more serious note, we want all our readers to know that Scamadivser.com has completed their “2021 Global State of Scams” across the world report.  We analyzed how many people got scammed in 42 countries, how much money was lost, and how national governments, consumer authorities and law enforcement are combating scams. You can download the report for free on Scamadviser.com!  In case it wasn’t already obvious, Scammers are Winning: € 41.3  Billion ($47.8 Billion) dollars were lost to Scams, up 15% from the year before. This is frightening to learn!

Also of concern was a recent report on Cyberscoop.com that State-sponsored Iranian hackers had uploaded a fake VPN app to Google’s Play store, and posed as university officials. This security breach speaks loudly to the important adage we say over and over… Verify, verify, verify!  In this case, verify the authenticity of the apps you choose to install on your devices by reading reviews about them and looking at the number of people providing those reviews!  It is easier to fake 200 reviews than 20,000 reviews!

Now for something completely remarkable… we want to share a turn of events that happened to our friend Rob.  He received an email from President Joe Biden AND just 2 days later from Vice President Kamala Harris!  Unbelievable, right?!  As if that alone wasn’t remarkable, President Biden told Rob that he was one of 20 lucky winners to receive nearly $10.5 MILLION DOLLARS!

But wait…. Vice President Harris had even better news! She told Rob that he had inherited $55.5 MILLION DOLLARS and it was waiting for him in the Federal Reserve Bank of New York.  All he had to do was pay a $100 fee to get his millions of dollars!  Congratulations Rob!  Please remember who your friends are!  (Wink, wink.)  We know President Biden’s email must be legitimate, even though it came from a Gmail account (and NOT whitehouse.gov) because he included a copy of his “Presidential License.”  

WOW! We didn’t know that Presidents get a license that says they are the President once they become, well you know…. the President.  However, we do wonder what it means on Joe’s license when it says “Restriction: Foot in Mouth.”  I guess his Presidential License acknowledges that he sometimes says silly things?  Like “you won $10.5 million dollars!”

In addition to the emails above, Rob also recently received a very important phone call from “Officer Schultz from the Legal Department” who asked him to “leave his work aside.”  He immediately pressed 1 and was transferred to a man with an Indian accent who told him he was talking to the “Social Security Department.”  Rob then played for this scammer a random recording of a woman talking as if she were in a conversation with someone.  Check out the call.  We think it’s very funny but it also gets very strange at the end!

What to Do If You Are Successfully Targeted – It is important for our readers to know how to respond once you realize, or discover, that you’ve been phished and given away personal information.  This information can include login details to social media accounts, email accounts, or financial accounts.  It may also include revealing enough personal details about yourself that scammers can steal your identity for their financial gain.  They may be able to make purchases with your information or open credit cards or take out loans in your name. Or simply by pretending to be YOU, they scam others!  The possibilities are endless, including this very recent sample phish that wants you to believe it came from Bank of America. (The link, however, points to a website in Saudi Arabia. Find the 2-letter country code “.sa”)

In late September, TrendMicro published an article on Scamadviser.com called Hot Phishing Scams of the Week: FedEx, Venmo, AT&T, Cathay Pacific, Eva Air, and MORE! In it, they describe a variety of phishing scams. We also recommend reading “Anatomy of a Phish” from The Daily Scam to understand how these scams work.  

If you’ve given scammers access to any financial accounts…

1. IMMEDIATELY log in and change the passwords to those accounts, even if you have 2-factor authentication turned on (and we hope you do so you can dodge that bullet shot at you!)
2. Contact your financial service and ask that they review your account to see if any money was recently transferred out of the account that YOU KNOW YOU DIDN’T AUTHORIZE!.  Also ask your financial service if you can change the username associated with the account so it isn’t repeatedly targeted now that criminals know the username to the account.
3. If you use the same username and password for other accounts, that is now in the hands of cybercriminals, change the password on all those other accounts! But please don’t make the same mistake!  Create a SET of different but related passwords. You can use our article called “Creating Strong Passwords” to help you do that! Do you think your password is strong? Test it in the safe, free online service called “How Strong is My Password?”
4. Don’t take any chances. Cybercriminals are very clever!  Explain to your financial service what happened to you and ask that they issue you a new account number (easy for banks to do!) or a new credit card.

If you’ve given scammers access to any of your social media accounts, you can expect that they will do the following…

• Scrub your account for personal information about you and your family. 
• Contact your friends and family with scams while pretending to be you!  Most often, friends and family members are targeted with malicious links to malware.

WARN YOUR FRIENDS and FAMILY IMMEDIATELY!  Tell them your account was hacked and if they received any communication from you after X date and Y time, they shouldn’t click on any link or respond to those bogus emails, texts or posts.  You’ll have to include something personal in your communication so that your friends and family KNOW it is you communicating with them!  What will make this effort even harder is that the scammers will likely LOCK you out of your account!  Call several friends and family and have them post on your behalf!  Then contact the social media company as best you can to try to recover your account. (Sadly, Facebook makes this nearly impossible to do effectively or quickly.)

If scammers have access to your email account, prepare for a lot of pain and headaches trying to recover your access because your email account represents the keys to your digital kingdom! Once you get back into your account, it’s important to visit your settings to make sure that the scammers haven’t set up auto-forwarding to another email account.  We’ve seen this many times before and the email forwarding has looked very similar to your original email ID. Read our full article on How to Recover from a Hacked Email Account.

If you have given scammers very personal data, such as a social security number, or image of your driver’s license or passport, then it is critically important that you protect yourself against identity theft.  Check out these valuable articles suggesting ways to protect yourself against identity theft.  They refer to stolen social security numbers, but their advice also applies to stolen drivers licenses and passports too.

https://www.ssa.gov/pubs/EN-05-10064.pdf

https://www.experian.com/blogs/ask-experian/3-steps-to-take-if-your-social-security-number-has-been-stolen/

https://www.tomsguide.com/us/what-to-do-ssn-stolen,news-18742.html

Finally, and worst of all… If you have been successfully targeted by scammers, you should expect to be targeted again and again. Often!  They know they fooled you once and they will keep trying again!

Your Money: Sam’s Club and Exclusive Offer from UPS – Sam’s Club users are often targeted by cybercriminals who toss malicious clickbait into their inbox. Check out this “$90 Halloween Gift” for participating in a marketing survey.  Except the email didn’t come from samsclub.com and the links don’t point there either!  This clickbait came from a website in the United Kingdom called bartter[.]org[.]uk and all links point to this UK website.  Notice the odd subject line’s use of underscores, dash and closing bracket.  Scammers do this to try to avoid attention by anti-spam servers.  The only thing truly scary about this “halloween special” is that you’ll be redirected to a website called wallingsight[.]com where malware likely lies in wait.

We’ve seen this malicious clickbait using this same UPS image so many times that we’ve lost track! “Exclusive offer from UPS.” Scammers continue to use it because it must be effective. Don’t believe this crap! Cybercriminals wrote “UPS.com” in the text field of an email address but you can clearly see that the email comes from a Gmail account named “PyLAjiX.”  Mousing over the link “OK” shows that you’ll be sent to a website in Germany called kuitika[.]de. (“.de” = Deutschland = Germany)  That sounds just like UPS, right?!  Delete!

Fall Weather Brings Fall Scams –

Cybercriminals are NOTORIOUS for using holidays and other themes to create malicious clickbait. Christmas, Halloween and Valentine’s Day are several examples.  So is the Fall season! As the weather turns cooler, many people are naturally interested in shopping for Fall clothing.  Check out this short portion of a LONG email we received that appears to represent a legitimate clothing store called The Lanam Shop. Everything about this email looks legitimate.  Scammers used a legitimate marketing service, called Klaviyomail, to send this email from the domain mail-lanamshop[.]com and the links in the email also use the Klaviyo-owned domain called klclick1[.]com.  

Everything about this Fall clothing marketing email from the Lanam Shop looks legitimate. But it is not! Virustotal.com shows you that two security services found this link to be malicious! (On May 12 and April 21 we also showed readers in our newsletters that other links from klclick1[.]com had been misused and were not safe to click!)

The cybercriminals who created this Fall clickbait were very clever.  Check out the WHOIS records for the REAL LanamShop.com and the bogus Mail-LanamShop[.]com from which the above email was sent. The REAL business registered their domain in August of 2020 and used an Internet Name Server called BigCommerce.com.  However, the domain Mail-LanamShop[.]com was registered just a month ago and uses a different service as its Internet Name Server.  This newly registered domain was very likely created by cybercriminals to trick the public into thinking it is the real Lanam Shop!

Who doesn’t like a discount? This email about “Fall Senior Discounts” is surely going to be attractive to seniors and prominently displays the word “Fall” twice and “discounts” three times. It appears to have come from an organization calling itself “My Senior Perks.” Except that this email actually came from a domain called irafrqig[.]cam. Every DOT-cam domain we’ve ever seen is a scammer’s domain.  There are two other “poker tells” that indicate this email is HIGHLY LIKELY to be malicious. The second is that the email begins with the line “This offer is for United States only. If you can’t see this image Visit Here.” (NEVER CLICK that link!) There is a cybercriminal gang who has used those sentences at the start of thousands of malicious emails for years! 

The third “poker tell,” and PROOF that this email is 100% malicious, is the fact that 2-hyphenated words appear in the links within the email.  One has to carefully mouse-over a link, WITHOUT CLICKING, to see them. At the end of the link in our screenshot you can see “Chungking-hubris.” This email came from the infamous Hyphen-Poopy Cybergang in India! 

Over the last 2 years, we’ve found breadcrumbs that strongly indicate the Hyphen-Poopy gang is located in India. They use automated software to set their malicious directories (i.e. bear traps) on websites using 2 random hyphenated words.  If you spot 2-hyphenated words in a link, that’s another reason NOT to click! But if you have any doubts about what we say, a WHOIS lookup will also show you that irafrqig[.]cam was registered just 4 days earlier and is being hosted on a server in Romania! (See screenshot below.) 

Finally, the Zulu URL Risk Analyzer tells us there is an 80% chance that the link in this “Senior Fall Discounts” email is malicious.  We’ll happily add the 20%! After getting hit with malware, you’ll be forwarded to a website called LittleItaliano[.]com where you can enjoy Italian food and wonder where the hell your discounts are.

Fall Discounts? The only thing related to Fall in these emails is the definition “to descend freely by the force of gravity until you reach the ground.” OUCH!  No thanks, we’re good.

Undelivered Incoming Messages and Please Confirm Your Account – Our “spoofs” inbox at The Daily Scam received this lovely notice informing us that some of our incoming email messages were undeliverable. Oh dear! We were invited to click one of two links…. “Allow Messages” or “Review Messages.” We chose to do neither after seeing that both links pointed to the same crap domain called workers[.]dev. Virustotal.com shows that the security service Webroot has identified this website as  malicious.  Also, an attempted visit to this site displays a warning from Chrome telling us that this website is a phishing site.  Need we say more?

We must have a huge red target on our back at TheDailyScam.com because one particular cybercriminal group has been sending us variations of the same malicious email at least a dozen times every week, for weeks!  The email comes from the bizarre domain NunsEducated[.]com and the links always point to a malicious domain called airreducation[.]slrcdn[.]com (The airreducation is a subdomain.) Here are just 2 examples of the dozens we’ve received. Each deserves a lunge for the delete key!

We Apologize for the Phone Outage – Here’s a text we’ve never, ever seen before and sent to us by one of our readers. She received it from a random phone number, 404-357-0471. “We apologize for the temporary phone outage.” The text continues with its bogus apology and then offers a link for a $100 gift offer.  That link is 100% malicious!  DO NOT CLICK IT!  The domain in it, mntlly[.]com, was registered anonymously in Iceland just hours before the text was sent. Deeeleeete!

FOOTNOTE: Warning! New York State is warning residents of a “vaccine phishing scam” via text, according to the news site WCBS.com.  It won’t be long before this text scam targets residents in other U.S. states and countries.

Until next week, surf safely!

Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com

Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

Contact Webmaster