Copy
THE DAILY SCAM NEWSLETTER — MAY 12, 2021
Content Director Doug Fodeman | Creative Director David Deutsch | Issue 351


THE WEEK IN REVIEW

We’ve often talked about hackers who benefit financially by manipulating accounts or services.  However, we’ve never, ever heard of someone hacking a service in order to win a beauty contest!  Allegedly, a mother and daughter in Florida did just that to manipulate the outcome of a contest the daughter had entered.  Just when you think you’ve seen everything!

Check out:
https://www.cyberscoop.com/homecoming-queen-hack-florida-teen-mom/

Lots of people reached out to us last week. For example, we were contacted by a school Librarian who told us that she received a phone call from 978-650-3369 to her school library office phone.  When she answered, a man said “I think I have a job opportunity for you! Are you interested?”  She wasn’t. She promptly hung up and told us her story.  What makes this phone call all the more interesting is that she said the man had no accent and she was not looking for a new job. (Nearly all job scams we’re familiar with are perpetrated by foreigners with accents.)  In fact, she said she hadn’t posted a resume anywhere or listed her name with any job service!  When we Googled that phone number, 978-650-3369, the top three returns were about scam calls!  Nomorobo reported that phone number was connected to recent Medicare scam calls.

Another woman contacted us to say she received 11 voice messages in less than two hours one evening from 8 different phone numbers, all using the area code “339” followed by “293.”  All 11 voice messages stated that her iCloud account had been hacked.  She was urged not to use any apple device until after she spoke with one of the caller’s representatives!  Apple will NEVER call you like this, even if your account is hacked. The phone numbers calling her are:

1-339-293-6108
1-339-293-4158
1-339-293-3101 (called 3 times)
1-339-293-2256
1-339-293-9083
1-339-293-2962
1-339-293-5352 (called 2 times)
1-339-293-5246

Doug received a bizarre phone call that first seemed to be an offer for DirectTV.  But then the caller asked for his 4-digit AT&T passcode! The call came from 866-980-5098. At first, it sounded like he was talking with a live person but it turned out to be recording, as you’ll hear. Since the conversation didn’t match, it was kinda funny! Please don’t ever give out your passcode to anyone over the phonel, for any reason!

Click to listen:


 

Our long-time readers know that we like to inform them of issues that, though technically are not scams, feel very scam-like. With this in mind, we wanted to share an article with you that we recently read on Gizmodo.com. Apparently, lots of children’s apps used by schools have been found to collect and share data about the children with third party companies. That doesn’t feel right.

Read...
https://gizmodo.com/60-of-school-apps-are-sharing-your-kids-data-with-thir-1846819024

Sadly, this collection of data is one more example of the exploding “surveillance capitalism” in which personal data about people, and children, are the products being sold to other companies and people.  Do you think you have any privacy in anything you do or say online?  Think again! “Online privacy” is an oxymoron.  You can listen to an eye-opening radio interview with Harvard Professor Emeritus, Shoshana Zuboff, speak about these issues in a December 18, 2020 episode of On The Media. Professor Zubott is the author of a book called “The Age of Surveillance Capitalism.”

Finally, we’re thrilled to report that our friend Rob was recently contacted by Bill Gate(s), telling him that his email account has won “a prize in Microsoft Company here in USA.”  Congrats Rob!  Wow! 3.8 Million!  He just needs to attach a $300 iTunes gift card to an email (really???) and his winnings will be added to that card.  We think it’s a bit odd that Bill Gate(s) spells his name “Gate” and “Gates” in the email. We also think it’s odd that Mr. Gates, the creator of Microsoft, is using a Gmail account instead of a Microsoft.com account! Come to think of it, this email from Microsoft ALSO came from a generic Gmail account!

 

Daily Scam Home Page

 

PHISH NETS
Bank of America, Chase Bank and Amazon (Lots!)

One of our readers recently sent us this phish meant to look like an email from Bank of America, but obviously sent from the hacked domain bedairs[.]com.   We love the grammar! “Urgent account updates is needed.”  The link, “click here to Update and verify your account,” points to a hacked municipal website for Koszalin, Poland. (“.pl” = 2-letter country code for Poland.)

Deeleeete!



“Your online banking access has been locked” says a bogus email from “offers[.]com.”  This fake Chase Bank email is filled with credibility problems, like the fact that there is a problem with YOUR account but the email doesn’t address you by name!  The spacing of the words in the email is also suspicious. And most importantly, the link for “sign in to online banking” points to a hacked website called “asmitatrust[.]org.”




We received many phishing scams pretending to be about your Amazon account last week.  Some were well-crafted, like this email from a bizarre, never registered, domain called dyuydjoautos[.]com.  The email says there was a problem processing your payment. The link looks like it points to Amazon.com but a mouse-over clearly shows that it points to a scammer’s Amazon look-alike domain called Amazoncluub[.]com.  (WHY can’t Registrars see and stop these domains from being registered?! Because they don’t care and they make money from the scammers! We think that EVERY Registrar should be required to have at least one person on staff whose job it is to review and freeze all domains that appear to be fraudulent.  Registrants must then provide additional proof that the domain is for legitimate purposes or at least verify the person registering the domain.)  This scam domain was registered with Tucows Domain service on the day the email was sent.  We all know what that means! 100% Malicious!





Another reader sent us this screenshot of an email she received for an Amazon order she never placed.  We don’t know where the link pointed to but if you read it closely you’ll see that is says “amazom” not amazon!  Also, the phone number in the email is not the legitimate number for Amazon!



Another TDS reader sent us this email from the domain kudunebox[.]net to say that her “Amazon Account Suspended - Update Required.”  It came with an attached pdf file with instructions and a link to a phishing  website in Chile! (“.cl” = 2-letter country code for Chile)





Finally, a TDS reader sent us this exceptionally poor attempt at a phishing scam.  There are so many red flags that should make everyone suspicious!

Deeeeleeete!

Daily Scam Home Page

 

YOUR MONEY
Answer & Win an iPhone, and "I Am Looking For An Investment Partner"

This next email is clever because of the link created in it.  The email offers a chance to win an iPhone 12 if you participate in a “Loyalty Program for Free.”  The links in the email look like they point to a marketing domain called klclick[.]com but that link is 100% malicious, as 2 security services have noted below!  The email appears to have been sent from a legitimate website devoted to gourmet foods and gifts, but it is possible that this email address was spoofed.
 





Routinely, we post emails about commercial products disguised as malicious links in this column.  However, something else recently caught our eyes.  It concerns an offer to invest with a partner who is looking to invest money into the United States and wants to partner with you!  Besides the fact that NO ONE IN THEIR RIGHT MIND, EXCEPT SCAMMERS, would ever make such an offer via email or through our web contact form! There are other red flags too.  The email was sent from “Bill Willam Abbott” and a reply would automatically be sent to a Gmail account (See the Reply-to field) even though he says he works for an investment firm called Proquest Consulting.  He lists another email address for Proquest Consulting but that 2nd email is also a generic Gmail address!  We looked up the firm “Proquest Consulting Limited” and see that they use the domain proquestit.com. They are an IT firm! As for the 3rd email at oneofficedesk[.]com, it was registered in late March. The only money moving in this investment would be out of our pocket. ‘Nuf said!



We have another possible investment to share with you…  Mr. James Lambert ALSO contacted us through our online form at The Daily Scam. He has a project worth $24 Million and is looking for a partner too. He told us to contact him via his business email at lambert-james[.]com but his reply-to email was a generic Gmail address. This dual email behavior is CLASSIC behavior of Nigerian 419 scammers. They send from one email account and have you contact another different email account.



We discovered that Mr. Lambert’s domain, lambert-james[.]com, was registered late in January by someone named Veska Marlov, from 1604 Georgetown Dr 1 in Wanblee, South Dakota. However, there is no #1604 on Georgetown Drive 1 in Wanblee! In fact, there are only 8 houses on that street.





Moreover, Mr. Veska Marlov appears to have registered many domains in 2019 which appear to be energy or chemical companies. No doubt, these are the companies that “James Lambert” is hoping to find an investor to help develop. No thanks. We’re good!



Daily Scam Home Page

 
 

TOP STORY
We Don't Have All the Answers, But We DO Have Your Problems!

Oh, the cleverness of scammers. How can I scam thee? Let me count the ways… We recently heard from a woman who has been overwhelmed by scam “group texts.”  They’ve been targeting her, along with as many as 19 other strangers whose phone numbers appear in the group. She asked us for advice on how to stop the onslaught. She told us that she never clicks on the links or responds, but inevitably others get mad at receiving them.  Some people respond with "STOP" or respond with angry foul responses. Of course, since it's a "group text" she says, she gets those responses too! 

Some of these texts are supposedly to sex sites, others not. She added “How I got included in these sex lists is beyond me and I do have to laugh at that, though it gets annoying! I think my adult son found it much funnier than I did!”  Here are two recent examples she sent us.  This first text, sent to 20 people, was actually delivered from a Hotmail email account called “dorotheanwilmethag6541.”



It turns out that “Cutt[.]us” appears to be a malicious shortening service of sorts and the website contains text in Arabic. Don’t be misled by the “.us” for United States! Cutt[.]us was registered in Saudi Arabia nearly a year ago.  Anyone clicking that link will be hit with malware (See the report from Sucuri.net) AND arrive at a pornography website called mysecrethookup[.]com where you will AGAIN be hit with malware!



When we asked Google in Firefox to tell us about Cutt[.]us, we discovered that LOTS of people had searched Google to try to understand what these links were. (Do NOT use Chrome to search for a domain.  Chrome will send you to the domain itself!)  Google has a feature that will auto-populate text as you type, based on similar searches that other people have made in your geographical area.  Look what Google showed us as we typed cutt[.]us...




Clearly, many other people were asking Google about this shortening service.  We entered many of the links you see above in our online security tools and every time the tool came back saying that cutt[.]us was malicious and malware was lying in wait!

Here’s another example of a group text hitting the woman’s phone, along with 19 other people.  The link this time came from someone’s Gmail account and pointed to a sex site called mydateupseex[.]site.  But this oddball name seemed so peculiar that we ran a whois lookup for it.  It turns out that it was registered in Bangladesh less than 3 weeks earlier, and we all know that this very likely means it is malicious!






 

By now, the poor woman bombarded with these texts was at her wit’s end and asked us what to do.  In the past, she said, she had blocked each number individually. “That worked for a while, but they have mysteriously started up again. Regularly!” she said.  But her “block list” has become quite large!  The only thing we can recommend is to install a phone call blocker, like NoMoRobo, but those have had some problems in the past year by blocking legitimate calls too!  

Our readers may recall that in late March, cybercriminals signed up one of Doug’s email accounts on multiple sex dating sites.  In one month he received 836 email invitations (that he turned down).  We feel your pain, and then some!

We were also recently contacted by a woman who asked us a question about her iPhone that had us completely stumped.  Surprisingly, we discovered we had the exact same problem she described! 

She writes...“I noticed recently that when I send an email [from my phone] and tap on the From line, my four gmail accounts appear. But now there is a fifth one listed that is not my account at all!  It is LisandraGreg173@ my.minbox.email.  I rang Apple Support and they said since I use gmail, I should contact Google.  This I did, but then Google said that as I send/receive mail through the Apple portal, I needed to contact Apple.  So confusing.   I will contact both again today but wondered, in the meantime, if you might be able to shed any light on this?”

Though we didn’t have a definitive answer for her, we were shocked to discover that we had the same problem! We discovered that we had an email account from 2 other people installed on our phone!.  Moreover, a Google search informed us this bizarre problem was described by MANY people on the Internet.  Most of those who described the issue had an iPhone 6 and the solutions that were offered for the iPhone 6 no longer worked in the newer iPhones such as the iPhone 12.  (The problem is that with the newer operating system, none of the suggested fixes made sense because the tools have changed.)

As best as we can tell, It appears that the woman may have inadvertently clicked on a malicious ad or visited a website that installed the email account into her phone in an effort to manipulate or misuse her phone. Perhaps. And this happened to us as well!  We still don’t completely understand what’s going on!

Here are a couple of links talking about this issue:

   https://discussions.apple.com/thread/8390734

   https://discussions.apple.com/thread/8383319

But we did discover that this bizarre, and disturbing problem of finding someone else’s email account on our iPhone can be managed by logging directly into your iCloud account and clicking the “Contacts” list. It was in the Contacts list that we found the 2 unrecognized email addresses and were able to delete them. (We couldn’t resolve the issue any other way!)  We didn’t put these email addresses onto our Contacts list and had no idea who they were! Like we said, we may not have all the answers to your questions, but sure have your problems!

If you have an Apple account and an iPhone, we recommend logging into your iCloud account, click your Contact List and delete anyone you don’t recognize on that list! And while you are there, be sure to turn on 2-factor authentication to better protect your account!

 

Daily Scam Home Page

 

For Doug's Safety
Are Indian Cybercriminals Targeting TDS?

In the recent past, cybercriminals have targeted Doug’s wife with malicious emails pretending to be from him.  Now it appears that they are targeting Doug with texts pretending to be from his wife.  Doug’s wife has an unusual spelling of her first name and this unusual spelling was included in a text he recently received about a 4 Bedroom home being available.  The link pointed to a website called rent2owndeal[.]me.  This domain was registered just two days earlier in Iceland!

Deeeeeleeeeete!
 





Daily Scam Home Page

Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE


Produced by:
Deutsch Creative
 
Copyright © 2021 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp