Copy


THE WEEK IN REVIEW

As serious and sometimes disturbing as this work is to shine a bright light on the scams and endless fraud that targets us all, we sometimes see things that make us laugh because they are so lame.  Or sometimes the carp that targets us falls under the category of “what the heck is this?” Here are two such emails that TDS readers have sent us…

From the “Notification Department” (without ANY email address) comes this “confirmation of search for [NAME REDACTED] unclaimed assets.”  “ATTENTION LOCAL RESIDENT” We are pleased to inform you that our email matching department has identified you…” Email matching department? Seriously?  We DARE YOU to find a company name anywhere in that email!  And if you think it is obviously “Temporary Light Source” in San Diego, CA you will be greatly disappointed.  No such business exists based on our searches. But someone named Andrew Harper owns the domain name temporarylightsource[.]com along with about 100 other oddball domain names.





We’ll be blunt… What the heck is this below and why did we receive it?  Is someone telling us that our writing skills need improvement? Horrors!  Some links in this mess point to servers in Japan and Australia. And then there are links to wonderfully named websites such as “e-vocable[.]com” (says the email about improving writing) and “mabuty[.]com” (as in My Booty?).  And yet, we found the opening paragraph in this email so compelling that we Googled it to see where it might have come from.  That’s where things got REALLY WEIRD….



 

We found that exact (or nearly exact) same opening paragraph on websites such as a site about teriyaki turkey jerkey, a blog site talking about sex, an Iowa website about home exteriors, an Electric company in the tropics, and other sites.  Oh yes, we also found that paragraph on a blog named “WritingBest[.]com”  (The name of this blog feels like an oxymoron to us.)  Should you need to hire someone else to write your papers for you, WritingBest[.]com is your place to hire him or her!  (Check out the testimonial in the screenshot below.)

So again, we say… What the heck?!






One of our readers sent us this lovely voice message left on her phone.  It is the usual AI (artificial intelligence) voice telling you there is a problem with your account…. This time AT&T Wireless account.  “Your account has been suspended for verification. To reactivate your account, press 1.” Don’t press 1! Hang up! AT&T would never suspend your account and send you a voice message!  Nor would any other business!



Please read our newest feature article… Targeting the Elderly - One Man’s Story.  Though it is very sad, it could have had a much worse outcome!

Daily Scam Home Page

PHISH NETS
Apple ID and Confirm Your Payout

Apple users get hammered with phishing scams all the time!  This one may say “Apple Support” but the email came FROM the domain akeoobmr-22788201[.]info which is a domain that has never been registered according to our favorite WHOIS tool.  “Dear Customer Your Apple ID has been locked for security reasons. To unlock it, you must verify your identity.”  But the link to “Unlock Account>” doesn’t point to apple.com! It points to a web-shortening service called snip[.]ly. We used Urlex.org to unshorten that link and discovered that you’ll be forwarded to another website called akudesktopgan[.]com which was registered a month earlier and is hosted on a server in Melbourne, Australia. 

Sound like Apple to you?




 

According to a Google search for “cloud click for riches” there has been some kind of questionable online lottery for years.  However, when we specifically searched for the domain found multiple times in this email and hidden in the links of this email (cloudclickforriches[.]com) Google finds a website that has absolutely NO INFORMATION whatsoever known about it.  That’s never a good sign! What’s more, according to a search result on Sucuri.net, that tracking link that points to cloudclickforriches[.]com has been blacklisted by PhishTank.com.  Best to delete this one rather than click to “confirm the balance of your payout.”






Daily Scam Home Page

 

YOUR MONEY
Walgreens and US Bank Survey Rewards

We apologize to all our readers if this column of information seems redundant.  It’s not our fault! As long as readers (and our honeypot accounts) continue to get these “reward surveys” we feel an obligation to show these malicious clickbait emails for what they are…. TROUBLE!  One of our readers said he almost clicked the link for one of these but then had second thoughts and sent it to us.  These are all created and sent by the same criminal gang and are linked to malware at the end of those links.  Think of big bear traps with a large gift box sitting on the trigger! 

Take this $50 rewards survey about Walgreens as our first nasty example.  Of course, it didn’t come from Walgreens or any legitimate marketing business.  It appears to have come from the domain saksoff5th[.]com.

 



More importantly, the links in this clickbait point to a shortened link found on a blog called “Tuan’s blog” written in Vietnamese and hosted on a server in Samoa.  When we used Urlex.org to follow that link, we learned that it will redirect you to a VERY malicious website we have already reported on in past issues called “warmthpony[.]com.  (We previously reported on the nastiness of warmthpony[.]com in our newsletters of January 16, 2019 and December 18, 2019.)



Congratulations U.S. Bank Customer!  You are about to infect your computer!  Don’t believe this junk! Look at the FROM address.  This clickbait came from the domain howaboutfunny[.]com and the links point to the domain greatideasforteachin[.]com!  “Great ideas for teachin?” Seriously?  Would you believe that those “great ideas” are hosted on a web server in Moscow, Russia!  But don’t get comfortable Comrade, you won’t be in Russia for very long. In a nanosecond you’ll be redirected to a website in Kazakhstan called emilmete[.]com. (See the screenshots below.)  VirusTotal.com tells us that two security services have determined that emilmete[.]com is malicious. 

What a surprise.







Daily Scam Home Page

 
 

TOP STORY
You Are A Winner!

You are a winner!  You must be because you get notices from hither and thither telling you that you are a winner over and over again, right?  Let’s begin this wonderful self-justification with a piece of snail mail sent to us (by photo) from one of our regular contributors.  URGENT NOTICE… Re: UNCLAIMED REWARD.  AMOUNT: $100.00

“Our records indicate that we have a reward in your name.”  All you have to do to claim your reward is call 800-209-6849.  Nevermind that no reason is given for this sudden pronouncement, and no business or company is identified anywhere on this urgent notice.  You are a winner! Just call 800-209-6849! Except that neither Google, Yahoo or Bing search engines can find any information whatsoever about this phone number. We called this number and a real live woman (nicely spoken and without any accent) answered the phone saying “thank you for claiming your reward, can I please have your claim number located at the bottom of your postcard?”  We said “can you please tell us the name of your company.” She responded with “yes, I’ll need to start with the number at the bottom of the postcard.” To which we said “we’re not going to give you the claim number until you tell us the name of your business.” She, very politely, said “alright, whenever you are ready to give us the claim number you are welcome to call back” and then hung up.

 


 

Why should any legitimate business or marketing event work so hard to hide who they are?  No name on the postcard, no information in the search of the phone number, and the person unwilling to share the name of the business.  Three strikes and you’re out!

No matter, we know we’re a winner because we have this email from Dr. Elizabeth Henning telling us that our e-mail address has won $2 million dollars for the 2020 Microsoft award! And the email came from an Outlook.com email account which is owned by Microsoft!  But we’re a bit nervous that Dr. Elizabeth Henning is asking us to contact ADVOCATE FRANKLIN EDWARD through his email address at yandex.com.   Yandex is a free internet/email service in Russia. (Why do so many “online roads” point back to Russia?)

 


 

These shortcomings have put doubts in our minds.  Maybe we’re not winners afterall? To add insult to injury, this next email fuels those doubts because it says “YOU’RE THE WINNER?” with a question mark!  Oh, dear! They think we may have won $5,000 but they aren’t sure.  Perhaps we should click “CHECK IF YOU’RE THE WINNER!!!!” even though the link points to a website called great-info-tokeeprunning-ahead[.]info.



 

Now our mind is really filled with doubt!  We want to keep running ahead but we’re not sure that it’s safe to click that link!  And yet the email came from a website called infinitysweepstakes[.]com (or so it seems) and that sounds legitimate, right?  We had Google search for “infinity sweepstakes” reviews and it found the Infinity Sweepstakes website!  But the only other places where Google found reviews of this sweepstakes website was on Pinterest accounts, a crane service and a construction company account. (We found only one online complaint made on September 3, 2019 to the Salem, Oregon consumer complaint office about Infinity Sweepstakes.)  Oh dear, this doesn’t help us. Maybe we’re not winners afterall.  I think we need a hug.

:-(




Daily Scam Home Page

 


FOR YOUR SAFETY
AOL Account will be Deactivated


We would normally assume that this email informing an AOL account holder that her “request on: 19/09/2019 08:11:50 p.m. to remove your account from AOL server has been approved” is just another phishing scam.  But the security service Forcepoint Threatseeker clearly shows that the link in this clickbait is VERY malicious!

Just delete.




 

Until next week, surf safely!

Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE


Produced by:
Deutsch Creative
 
Copyright © 2020 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp