Please take our victim survey on Pollfish to help us better understand online threats targeting the public. One of the best ways for you to stay informed and recognize online threats is by helping to build a list of scammer websites, and check out the list from time to time.
Unless you are living under a rock, you’ve likely heard about online AI services that can easily create content for people or provide answers to questions in seconds. (But some of these answers contain false information!) For example, the AI service called ChatGPT. According to ConsumerAffairs.com, there is a similar AI service called wormGPT built specifically for scammers to use, increasing the risks to all of us!
Job Scams on the Rise — During the month of August, we heard from multiple people across the world, (but mostly in the United States) about being victims (or nearly victims) of job scams! These scams took different forms, some requiring an advance visa payment for a job in another country, to advance check scams to purchase materials for your job (but the check bounces after you’ve wired your own money to the scammers), to hiring Americans as mules to ship stolen merchandise and then ghosting them after a month without pay! Take a look at some of the examples shared with us…
At the end of August, we heard from a woman we’ll call “Cassidy.” Cassidy said she received a text one night last week from a woman about a “work from home” job. The woman who texted her used the name “Gracie Evans” and claimed to work for Black + Decker. This was the first red flag because no legitimate HR person would contact an applicant at 9 pm! She told us that job scammers had contacted her before so she was on her guard and was immediately suspicious because the job text came so late! She searched the phone number it came from, the woman’s name, and the company but told us that she couldn’t find anything to connect them all. Of course, there is a company called Black + Decker. But the phone number used to contact her came up as unregistered. She recognized all of this as a huge red flag. And the last text message Ms. Gracie Evans sent to Cassidy asked her to download and get onto an app for a text-ony interview. That was a HUGE red flag! Real honest-to-goodness businesses don’t conduct text-only interviews! She then started researching this as a possible scam and found our article where we’ve detailed more than 200 of these scam interviews!
Check out a few of her texts with Gracie Evans below. Also, she told us that she couldn’t find any “Hiring Manager” for Black and Decker named “Michael Crawford.” It’s also important to note that Black and Decker ALWAYS identifies themselves as “Black and Decker,” not “Black + Decker.” This “interview” is the start of an advance-check scam. After 30-40 minutes, she would have been hired and sent a bogus check to purchase supplies to work from home. She would have been asked to deposit that bogus check and immediately purchase supplies from their “assigned” vendor. That means sending her own real money to the scammers before finding out that the check is a fraud and bounces.
In mid-August, a young man told us that he had been looking for a job he could do from home, while attending college. He was contacted by a Mr. Thomas Nelson about a “data entry” job. Here is a brief exchange of emails after which the young many became very suspicious. He was observant enough to notice that the email for Mr. Thomas Nelson appeared to be from email@example.com. This is HIGHLY UNPROFESSIONAL and a MAJOR RED FLAG! Also, Mr. Nelson never named the company for that “work from home” job. The young man asked Google about possible work from home scams and his search led him to our website where we’ve posted many articles about these scams such as this “Your hired! (Job Scams).”
Notice, too, that Mr. Nelson asks the young man to download/install a texting app for the job interview!
On Sun, Aug 13, 2023 at 12:46 AM Thomas Nelson <firstname.lastname@example.org> wrote:
Data entry clerk Responsibilities & work related include:
* Transferring data from paper formats into computer files or database systems
* Typing in data provided directly from customers
* Creating spreadsheets with large numbers of figures without mistakes
* Proven experience as data entry clerk
* Fast typing skills; Knowledge of touch typing system is strongly preferred
Excellent knowledge of word processing tools and spreadsheets (MS Office Word, Excel etc.)
Working knowledge of office equipment and computer hardware and peripheral devices
Can you handle this duties effectively ?
On Mon, 14 Aug 2023 at 2:08 PM, [NAME/EMAIL REDACTED] wrote:
Yes, I am interested.
From: Thomas Nelson <email@example.com>
Date: Mon, Aug 14, 2023 at 5:59 PM
Subject: Re: I’m in
To: [NAME/EMAIL REDACTED]
You will receive a week of online instruction from your training supervisor, who will teach you how to use the programs accurately and complete additional data entry tasks. Your computer and phone will be used to complete your course online. Are you familiar with the Nicegram apps/ Telegram Messenger ) to get connected and this will be done by text can I get you connected now? I will be connecting you with the hiring manager of the company for your interview process
Fortunately, the young man didn’t continue with this job offer and thanked us for our input!
During the last few years, we’ve written many articles about a Russian-speaking cybercriminal gang who have created a very clever scam that “hires” Americans to repackage and reship packages sent to them at their homes. These packages contain stolen merchandise or merchandise purchased with stolen credit card information. After the Americans complete their “probationary period” of one month, they expect to receive their first paycheck of at least $3200 but instead, they are ghosted by the “company.” A TDS reader contacted us to say he was very suspicious about a job offer for a “package reshipping” position he received in August! When we investigated the company, we’re certain it is one of these scam shipping companies! The company is called Wordaze[.]com and the website is professionally created. This domain was registered in Pakistan back in August, 2021! We discovered that these fraudsters were also using these other domains to perpetrate their fraud:
Because we’re already very familiar with these scammer’s tactics, we know that they usually create multiple scam businesses that follow the same design and model. After visiting Wordaze[.]com, it didn’t take us long to locate and identify two more nearly identical scam shipping companies using the following domains….
- Eslapo[.]com / eslapo-hr[.]com / eslapo-jobs[.]com
- Alemeo[.]com / alemeo-hr[.]com / alemeo-jobs[.]com
Our parent article about these types of job scams now lists 89 fake shipping companies and lots of details about this scam, including some of the things that Americans were asked to ship! Check it out for more detail.
Our final example about a job scam actually came to us from a reader in Tehran, Iran. He applied for a position as a Store Keeper on the Virgin Voyages Cruise Line, based in West Sussex, UK. There were many emails back and forth with the Virgin Voyages Cruise business and ALL OF THEM were with free Gmail accounts instead of the real domain virginvoyages.com! Here’s one example…
The scam in this exchange of emails comes after the job applicant is hired and told that he or she must purchase a work or travel visa to the country where the job is located. Often, the victim is told that her visa expenses will be reimbursed once he/she begins employment. Of course, it isn’t true. Check out this long email whom the man from Iran received from the “UK Visa & Immigration Dept” in Leeds. The cost for this travel visa is 375 Euros but some crazy nonsensical explanation in the email bumps that price up to 500 Euros! The scammers ask the victim to transfer that money using either Ria Transfer (A European transfer service) or Money Gram to two different recipients, depending on the transfer method selected.
Not only is the English awful in this email, and it includes so many red flags, but the email was sent from the domain Post.com. Post.com is a domain that offers free email accounts. The website IPQualityScore says that since it has been heavily abused by scammers, Post.com has a medium risk score. Remember, details matter! The heading shows “UK Visas & Immigration” but immediately after that logo it says “UK Visa and Immigration Dept.” Fortunately, several emails, including this one, made the man very suspicious and he decided not to send any money to them! He researched if this was a scam and found our website! We’ve posted several articles about this type of scam, such as this article about a fake company called Bloomscope Engineering.
There are several tell tale signs that a job is likely a scam. Most importantly….
- If someone claims to represent a company but then sends their email through a free email service, BEWARE!
- If someone wants to interview you and that interview is entirely text-based and NOT in person or via video, BEWARE!
For every job opening you are considering, do your homework! VERIFY, VERIFY, VERIFY! Google the names and phone numbers of the people you are communicating with. Google the business. Check websites like the Better Business Bureau (BBB.org) to look up the reputation of the business and check a WHOIS service to see how old the business domain is. If it is less than a year old, you should be suspicious!
Can You Spot These Scams? — Top phishing scams of the week: Microsoft, USPS, AUPost, and OOFOS. Can you spot all these scams? Check out and protect yourself with this 100% FREE, all-in-one tool.
Amazon Scams, Pig Butchering and NOT Tax Relief — Our partners at Scamadviser just published an excellent article in which they explain the most common scams targeting Amazon customers across 20 countries. Check it out! Also in the news of late has been this BBC article about hundred of thousands of people being forced to scam others from their location in SE Asia. These are terribly sad stories and it appears as though some of the local authorities either turn a blind eye or are being bribed to let it happen. One of our colleagues at Scamadviser sent this to us. He says “while it is bad that the problem is so big that it gets this kind of attention, it is positive that the awareness is being spread on one of the world’s most viewed news websites.” He’s right. Check out Hundreds of thousands forced to scam in SE Asia.
On August 28 at 6:09 pm, one of our readers received a voicemail from 659-212-0769 from Jasper, Alabama. The caller claimed to be “Jessica from the Tax Relief Center” and asked the woman to call her back at 949-606-1587. But, in fact, the voice was AI generated and a scam call! Robokiller agrees! In addition to that post on Robokiller, it turns out that “Jessica” has called people recently from other phone numbers such as 820-529-0321. The voice sounds so human, it’s hard to believe this was generated by AI. We are now in a new era for scamming! Beware!
Jessica with the Tax Relief
Coincidentally, just last week the New York Times posted an article about the use of “deep fake” voices to scam their way into people’s bank accounts using AI! This is also frightening because scammers are now cloning people’s voices (or trying to) for this scam. Check out their article titled “Voice Deepfakes Are Coming For Your Bank Balance” published by Reporters Emily Flitter and Stacy Cowley.
We continue to be amazed by how audacious some scammers will be, even at the risk that their bold moves easily expose their own fraud! Below is a perfect example that resulted from a text communication between Scambaiter Rob and a scammer pretending to direct Rob to speak with the FBI about getting millions of dollars in compensation. “Michael Smith” asked Rob to contact Mr. Raymond Duda, an FBI agent, at the FBI domain fbiiinternational[.]org! That’s “FBI I Internetational,” when in fact the real FBI domain is fbi.gov. We guess these scammers lost count of their “i’s.”
Spotify, Norton LifeLock, & Geek Squad — One of our readers sent us this screenshot of an email telling her that her Spotify membership had expired. (Sorry, it didn’t come with a link associated with the email content.) We know it’s a complete fraud for several reasons, including the fact that it was sent from the hacked account of Coach Mac at basketballforcoaches[.]com! (Notice the spacing errors in the subject line! Details matter!)
We were recently informed that our Norton LifeLock subscription was auto-renewed and debited from our account at a cost of nearly $700! But, of course, we never made that purchase! We’re not worried because this bogus email came from Casey’s personal email account at iCloud and the phone number we’re asked to call to cancel, 877-814-1657, is a scammer’s number! Deeeeleeeeete! (The last line in the attached pdf file SHOULD have said “we look forward to scamming you in the future.”)
So many of these smelly phishing emails look the same, but use different business names! Check out this one claiming to be from Geek SQUAD. The attached pdf uses the same manipulative BS to try and trick you to call these scammers where they hope to do real damage. Notice the additional spacing they’ve added around the phone number. That is their effort to make it harder for search engines to find that number if you were to copy and paste it into a search field or if anti-spam servers were to scan that attached pdf file.
USPS Monthly Promotion — Scammers want you to think that the United States Postal Service will give you a $50 voucher for your opinion. This is 100% malicious clickbait! Notice that this email came from a domain called releaseoffers[.]com and the links point to mixedwholesales[.]com. The link in this email is a double-whammy. The Mixed Whole Sales website has malware lying in wait for you (according to Sucuri.net; see screenshot below). But you’ll also be redirected to another website called WebShopAbout[.]com. Virustotal tells us that WebShopAbout[.]com is a known phishing site! (See screenshot below.) Oh, there is so much love coming from the postal service!
Google Message and Payment Released —Google is universally recognized, used and trusted all over the world! If you got a message from Google telling you that suspicious viruses were detected on your device, would you believe it? This “Virus Alert” came from a free Gmail account (how appropriate, right?) but the “security check” link in this clickbait is absolutely malicious! Sucuri.net says there is “possible malware” at the end of this link. Considering the subterfuge and the fact that there is a hidden redirect to send you to a website called Galapanos[.]art, we’re certain that malware sits like a bear trap, lying in wait for your click. Lunge for the delete key!
A Safety Officer at a chemical company sent us this email that arrived in her inbox. She gets these threats often. If you’ve read our newsletters for some time then you’ll recognize the attached html file as a seriously dangerous file to open! (NEVER open attached files that end with .html, .htm, .shtml or .php.) We cracked open that attached htm file and discovered it was a phishing scam designed to collect and send your data to a website called oalshatty[.]com. (The insert shows a section of code in the html file leading to Oal Shatty) Every security service we checked found that old shatty website to be malicious! Virustutotal said that 7 services found it malicious, including malware. The woman clearly dodged a machine gun! Deeeeeeleeeeete!
Your Package Cannot Be Delivered, But Malware Can! —We’re hearing from readers all across the US telling us that they are getting hammered with the malicious texts saying they are from the “U.S.P.S.” Your package can’t be delivered….blah, blah, blah. We were able to connect the link in this USPS text to malware. BEWARE! Below are two more examples of these malicious texts. They were sent to their victims from crap iCloud email accounts!
The link in this next text uses “usps” as a subdomain to trick victims. The real domain follows that and is parcel-shelving[.]com. It was registered the same day this malicious text was sent on August 30.
The domain used in this next text was registered on the day that it was sent to our reader. Uskjni[.]top was registered on September 1 and is hosted on a server in West Germany.
Online scams are the most reported type of crime. Most countries now state that between 20 to 50% of all crimes reported are related to online fraud. This is only the tip of the iceberg, as only 7% of all scam victims report the crime to law enforcement. With nearly $55 billion lost last year and more than 300 million consumers scammed fast action is required.
On October 18–19, 2023, the 4th Global Anti-Scam Summit (GASS) will take place. The goal of the GASS is to bring governments, consumer & financial authorities, law enforcement, brand protection agencies, and (cybersecurity) companies together to share knowledge and define joint actions to protect consumers from getting scammed.
In 2022, we had nearly 1,300 virtual guests and 120 physical participants from 70+ countries. This year the event will be organized hybrid again. Last year, we defined 10 Recommendations to Turn the Tide on Scams. This year, we will focus on further defining these solutions and showcasing the best practices from around the globe.
October 18-19 | Ramada by Wyndham Lisbon Hotel, Portugal & Online (Zoom)
Until next week, surf safely!
Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com
Keurenplein 41, UNIT A6311 | 1069CD Amsterdam, The Netherlands