Select Page
Weekly Alert  |  September 29, 2021

The 2nd Global Online Scam Summit will be November 3rd & 4th!Please join us for the second edition of the Global Online Scam Summit (GOSS) taking place on 3rd and 4th November 2021. The event, organized in association with APWG and the Global Cyber Alliance, is a platform for sharing knowledge and insights on how to fight online scams and fraud worldwide.  Last year more than 425 representatives joined the 1st Global Online Scam Summit virtually. This year we hope to make the event even bigger by expanding to two days and adding more inspirational speakers but also more possibilities to network and share insights one to one.

Do you think you can spot scams with your eagle eyes? Check out this “Spot the Scam” article from Trend Micro posted on ScamAdviser.com!  Good luck!

Watch Out. Here They Come – During the last week we saw an overwhelming amount of fraud perpetrated through the use of fake, look-alike emails, websites and domain names. The majority of these scams appeared to help support examples of “advance fee” scams known as Nigerian 419 scams. The 419 scam is named after the 419 Nigerian Criminal code. As described in this Wikipedia article, this advance-fee scam has a long and colorful history. Not all 419 scams originate in Nigeria but the term “419 scams” has become a broad umbrella used to describe these types of scams. This issue of our newsletter is especially devoted to this form of chicanery!

Here’s a simple example of what we mean that everyone should recognize.  Gmail is a free email service created by Google.  Anyone can create a free email address using any account name they want, without restrictions, unfortunately. (As long as it isn’t already in use.) In this example a scammer, using the name “Victor Hinds,” created an email address called “Consumer Protection Bureau Ltd” and contacted Rob, our scam-baiting friend.  If you use Google to search for Consumer Protection Bureau Ltd, you’ll find that all the top links returned by Google point to U.S. Government websites. These websites end with the global top level domain “.gov” –meaning the United States Government. This Gmail address is an obvious fraud:

This second example is more sophisticated and harder for some to see through the subterfuge. A 419 scammer purchased and registered a domain meant to trick victims into believing they were communicating with officials from the International Monetary Fund. The domain is imforg[.]us.  However, it is exceptionally simple to search for the IMF in Google and discover that the real domain is imf.org. The real domain was registered in 1993 to the International Monetary Fund. However, imforg[.]us was registered on July 31, 2021 to someone named “Mr. Patrick Paul.”

Here’s one more example of this type of 419 fraud that recently caught our attention.  This recent email was sent to Rob and invited him into a partnership between Sinopec Group and the Equatorial Guinea National Oil Company. Nevermind that this fraud came from a generic Outlook email account and that he is asked to respond to a generic Gmail account.  Neither email address represents the real companies mentioned in the email. What really caught our attention was the contact information at the bottom of the email…

Mr. Michael Augustine claims to be a Supervisor of Procurement for the Sinopec Group, a Chinese Petroleum and Chemical Corporation. He provided his official email address as having the domain sino-pec[.]org.  But Google doesn’t recognize this domain and instead shows the real domain as sinopecgroup.com.  A WHOIS search shows us two very legitimate domains for this long-standing company.  By contrast, the domain sino-pec[.]org was registered in 2019 in Nigeria by “DMP Entertainment!” TOTAL FRAUD!

Choosing similar names for domains or companies is common practice by artful scammers who’ve been honing their craft for many years. And so we are devoting both our “Your Money” column and Top Story to one particularly crafty scammer’s effort to victimize people for nearly two years.  However, we want to give readers several additional resources to understand more about these scams.  Check out our articles:

From Scam Adviser and The Daily Scam:

A Collection of Nigerian 419 Advance Fee Scams

How to Recognise Unexpected Money & Winning Scams

There is no free money: Inheritance Scams

United Nations COVID-19 Compensation Commission Scam

Why it is our Civic Responsibility to Hit Back!

A FINAL NOTE: Before we move on, we wanted to share with you one of the most bizarre emails we’ve ever seen.  We’re confident it is a type of scam but haven’t tested it.  “Hot cocaine,” anyone?

Phish Nets: Spear Phishing a School, Amazon Security Alert (Text) and Geek Squad SubscriptionOnce again, Doug at The Daily Scam was informed that a school’s Principal had been “spear-phished” when several employees received this email from a scammer pretending to be the Principal, named Jon. This phish was extremely easy to see through, as evidenced by the email address. The narrative with these types of spear phish is always the same.  The leader of an organization/company is asking employees for a favor and it involves buying gift cards on his behalf. He asks you to send the authorization numbers to her or him because she/he is too busy to do it at the moment. Yeah, right.  If you believe this junk, we also have land to sell you in Atlantis!

One of our readers received two identical texts hours apart (from 2 different phone numbers) informing him of a “Security Alert” from Amazon.  He’s told that someone charged a Samsung Galaxy Tablet to his credit card for nearly $1050!  He’s asked to call the scammers at 855-366-9166 to deny the charge. That is definitely NOT the Amazon Customer Service number!

Once again, phishermen have turned to using a fake email invoice to try to manipulate someone into calling their scam phone number to deny a newly renewed subscription to Geek Squad support for 3 years.  This is PURE FICTION! NEVER call these bastards!  Unless, of course, you’ve got time on your hands and, like our friend Rob, want to WASTE THEIR TIME!

Standard MBF Bank – World Class ExpertsIn 2015, the CEO of Banking Reports estimated the number of banks found around the world to be about 25,000. In August, 2021, Statistica estimated the number of banks located in the European Union as more than 6000, though we’ve seen other estimates as high as 8000. Clearly, banking and related financial institutions are critically important to both businesses and consumers alike. We would guess that ALL of them have websites supporting their clients and informing the public of what these institutions have to offer.  This was our mindset when we looked at the website for a world class bank called Standard MBF Bank, headquartered in Paris, France. Their website title says “Standard MBF Bank – Providing International Banking Solutions.”

The “About Us” page includes a lot of information about their purpose and what they promise to their customers. Their site is very robust, with a lot of information about the types of products and assistance they offer.

We were particularly impressed by many of the promises and commitments Standard MBF Bank had written on several pages of their site.  For example, on the web page about their advisors they said “Your relationship manager serves as your primary point of contact, bringing together additional specialists.”

On the Personal Banking webpage, Standard MBF Bank rather impressively says “Our strengths lie in our ability to focus on your needs and offer you a wide range of financial management solutions and member benefits. Enjoy our easy to use on-line internet banking and get the most out of life.” So positive and supportive, right? Wrong! Read our Top Story and you’ll understand why.

Would You Trust This Bank? –  It is our very strong opinion that Standard MBF Bank is a complete fraud and likely being used to victimize people as a part of Nigerian 419 scams for the last two years.  Here’s just a few reasons how we arrive at our conclusion…

  • We couldn’t help but notice that their entire website was located in a directory called “quickpay.” Their banking top page is found at the website: http://www.smbf-fr.com/quickpay/   We wondered what the top of their domain looked like and so we visited http://www.smbf-fr.com/ (without the quickpay directory) and discovered a web page called “NanoTech.” The page title says “Coming Soon.”

  • On the CONTACT page for Standard MBF Bank, they list their address as 32 Rue de Monceau, 75008 Paris, France. We asked Google to search for this bank at that address but Google couldn’t find it at all! HOWEVER, Google did locate another bank at that address, that had a similar sounding name and called Standard Chartered Bank! During this search we also noticed that there is a website called TheBanks.eu which has information about 8000 banks located across Europe.

  • We visited TheBanks.eu and conducted a search in their database for Standard MBF Bank and discovered that NO SUCH BANK CAN BE FOUND!

  • Now our “spidey senses” were on high alert! We noticed fine print at the bottom of every Standard MBF Bank web page that reads “Standard MBF BANK, Standard MBF BANK FINANCIAL GROUP, Standard MBF BANK, and the chevron device are trademarks of Standard MBF BANK, used under license. Standard MBF BANK is a member of the FDIC and the Federal Reserve System. Standard MBF BANK is the subsidiary of Standard MBF BANK (Nasdaq: Standard MBF BANKFG).” Fortunately, it is exceptionally easy to look up names of member banks on the FDIC website AND to look up Nasdaq symbols.  You can already guess what we found… NOTHING!  Standard MBF Bank could not be found! They are NOT a member of the Federal Deposit Insurance Corporation (FDIC), nor are they listed on the Nasdaq stock exchange! What they say on their website is a lie.

And so we wondered HOW their website was able to look so professionally crafted, saying all the right things that visitors might hope to learn about a personable bank.  The answer, we discovered, was simple.  ALL of the content on the Standard MBF Bank website was STOLEN from other real banking sites! 

Remember the impressive information found on the “About Us” page?  It was stolen from a Dutch multinational  bank named ING Group.  We used Google’s advanced search features to learn that text on the Standard MBF Bank could be found, word for word, on many other bank websites around the Internet, some of whom are also questionable banks.

We have another dozen examples that demonstrate that Standard MBF Bank is a complete fraud and will publish them in a more detailed article in the weeks ahead.  However, we hope our point is clear.  Remember the expression “you can’t judge a book by it’s cover?” It should always be applied to online content because it is simply too easy to perpetrate fraud!  The domain used to represent this fake bank, smbf-fr.com was registered almost 2 years ago in Nigeria by someone named Kosiso Chukwudi from Benin City, Nigeria.  The fact that this fraudulent website has been able to exist for nearly two years is shameful to the hosting service and registrar who support it. CAVEAT EMPTOR!  You can read about other fake online banks on this webpage at TheDailyScam.com. 

(Many thanks to Rob, Scam-Baiter Extraordinaire, for bringing these and other scam websites to our attention. Keep fighting the good fight, Rob!)

NOT the Best Marketing Tool! –One of our readers received this short email offering “your best marketing tool” for his business.  But this smart reader noticed that the email came from a server in Russia, which made him suspicious.  As it should have! We asked the AI at Scam Adviser to look at the link offered in this email and they gave it a Trustscore of 15!  The Zulu URL Risk Analyzer also said the link is malicious. A WHOIS lookup told us that the domain in Russia was registered about 2 weeks before the email was received! 

Deeeeeleeeete!

Gift from AT&T – One of our readers received this text confirming that his AT&T bill is paid AND offering him a “little gift.”  The link for the gift points to an oddball domain that was registered the day before the text was received. That link is a malware hand grenade about to explode!

RUUUUUN!

Another reader sent us this random text he received from “Pastor Tom.” The good Pastor was offering $20,000 in COVID relief funds to anyone in need. How sweet! You just have to reply with the phrase “APPLY C19D” to begin your application.  DO NOT BELIEVE THIS CRAP! It’s just another advance-fee scam!

Until next week, surf safely!

Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com

Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

Contact Webmaster