Last week we were reminded of two sad things… Firstly, how important it is to remain skeptical about Internet communication, no matter the source or the reason for the communication.  And secondly, bad things happen to good people. Doug received an odd (i.e. suspicious) email from the legitimate and valuable service called Recovery Resources, out of Ohio. Recovery Resources provides mental health and addiction services to people 18 years and older in their community.  They are trusted and known by thousands of people across the U.S. That’s probably what made them a target for criminals. Here is a screenshot of the email that Doug received from them.  Subject “Case # for review.” “Greetings, please review your case #” and a password was included to see the “attached case.”

Doug was immediately suspicious because he had no relationship with this service.  Yet, everything about the email checked out as authentic….the domain, web email service and address listed in the email.  Mousing over the button labeled “See attached case,” however, showed a very obfuscated link, adding to Doug’s suspicions. Rather than click the link, we entered it into our set of tools to evaluate. VirusTotal informed us that the link led to a Word document called downloads[.]doc and this document was identified as a phishing document or suspicious.  Doug called Recovery Services immediately and asked to speak to their tech department.  They have confirmed that their email service was hacked and misused to send out malicious email to thousands of contacts.  That was sad to hear. Doug urged them to immediately send out another email to warn recipients not to click on the link. Unfortunately, to the best of our knowledge, they have not done this.  And so we wonder how many people were successfully targeted because they trusted content from Recovery Services?

Apparently, this February there has been an increase in automated scam calls claiming to be from the “Apple Support Advisor.”  Recipients are asked to call back their “Apple Support Advisor” via numbers that are identified as scams online! Here are portions of two such calls sent to us by our readers….

These recordings ask you to call 718-307-1139 and 850-550-9974.  Both numbers are showing up in online communities as scam calls, going as far back as 2018 on the site (Click the links for each phone number.)

Daily Scam Home Page

Amazon Billing Alert and Apple

Very few phish were reported to us last week and we found none ourselves!  Even the 1400+ Reddit community members who discuss phishing scams had very few to report.  We’ve selected two phish from Reddit members to share with you that are most relevant to our readers….Amazon and Apple Computer phish.

Look carefully at this first phish about a `billing alert” from Amazon.  It appears as though this email came from the address billing-ålert @, however we can’t be certain of that. We are very interested in the additional email listed below as bill “@” info-0210[.]com.  Though the Reddit user who posted this does not tell us anything about the attached pdf file, we know that Amazon doesn’t send billing alerts like this with attached pdf files.  Most importantly, the Reddit user who was targeted with this email said he doesn’t use Amazon!

This SMELLS of phishing fraud!

A Reddit user who identifies himself as “LoMeinBrain” informed the community that he received 3 identical messages overnight recently to say that someone had used his Apple ID to sign into his account from Israel.  The messages asked him to click a link to check his account. However, as the screenshot below shows, the email didn’t come from!  It came from the domain spicytz[.]com. (This domain was registered in November, 2019 in Canada.)

Daily Scam Home Page


Green Veggie Causing Diabetes and What if God...

We’ve continued to get LOTS of malicious emails from domains that have been registered in India by a half-dozen Indian names.  Here are just two recent examples of these malicious clickbait targeting Americans…. 

“Green Veggie Causing Diabetes Type 2 in Millions” says this email from the domain eatenden[.]us.  All links in this email point to this same oddball domain. (ANYONE can register a domain that ends in “us” - United States.  It doesn’t mean that they are US citizens or live in the US!) This email “warning” is meant to raise concerns about your health (like so many other malicious clickbait emails) by spreading false information.  In addition to the oddball domain and suspicious content, many of these recent emails contain large grey boxes underneath the email content. When we click and drag our mouse through this space we ALWAYS find hidden text (grey text against a grey background) that is meant to fool anti-spam servers into thinking this email is legitimate. (The anti-spam servers can read the text.) See the screenshot below. 

Thankfully, this trick rarely works.


When we asked our online tools to evaluate the links in this email, none of them showed these links as malicious. HOWEVER, the Zulu URL Risk Analyzer identified that the website at eatenden[.]us contained code pointing to another website that is known to be malicious.  Who created these lies about green vegetables and Type 2 diabetes? Someone named “Virat Yadav” from Jaipur, India. (Less than 2 months ago.)

Every month, our honeypot email accounts receive dozens of health cures, health scares, weight loss suggestions, and bogus nutritional claims for all kinds of things.  Health and food is a topic often used by cybercriminals to target people. So, too, is religious belief. Take this recent email from “Alfredo” with the subject line “What if God gave you the secret to creating whatever you want in life?”  This email came from the domain bricksto[.]us.  This email targets faithful believers in Jesus Christ.  “Imagine if the miracles Jesus performed in the Bible weren’t stories…. What if they were real?” (Again, we found lots of hidden text in the colored box underneath this email.)  And like the malicious clickbait above, the domain bricksto[.]us was registered by someone from India, “Vikas Gupta” from Mumbai, less than 2 months earlier.


Here are just a handful of the malicious domain names registered by someone from India days before the emails were sent, like bear traps placed into your inboxes.  They were all registered in the last 2 months by someone in India and all use the global top level domain “.us.” The next time you see a DOT-us domain name, think carefully before clicking!

Astonomon[.]us registered on February 12 by Rajeet Roy from Indore, India.
Foregroll[.]us registered on February 12 by Rajeet Roy from Indore, India.
Pikemence[.]us registered on February 11 by Punity Goyal from Indore, India.
Upstardle[.]us registered on January 5 by Vikas Gupta from Mumbai, India.
Suddatary[.]us registered on February 26 by Arjun Yadav from Indore, India.
Benjurce[.]us registered on February 20 by Riya Sharma from New Delhi, India.

Daily Scam Home Page


How Many Red Flags Can You Count?

We would like to play a game with our readers in this week’s top story!  The game is called “how many red flags can you count?” We often refer to a “red flag” as any suspicious characteristic about Internet content that suggests it is not what it claims to be.  Want to play? Look at this email from Robert Shepherd. It was sent from his AOL address: hie.nie “@” in response to one woman’s query about a 3 bedroom house that he posted for rent on Craigslist recently: On GATRA bus route and across from Hayward Field. Rent includes…

Look carefully at the Craigslist Ad and Mr. Shepherd’s email below.  How many red flags can you spot? You are welcome to use the Internet and your search skills to help you as needed…



Tanks for your interest & property is still available for rent, I'm sorry for my late response I have been very busy lately. I must confess to you i'm new to this Landlord business and I want a responsible person or family who are neat and also believe that they have all what it takes to take care of the property as if it where there own. Please be informed that I'm renting out the property because I was transferred to OHIO USA and i moved with my lovely family on contract project by American Society of Civil Engineers. (

We wanted to sell the property since we will be staying longer than we though & later my wife advised me not to sell the property anymore. I reasoned with her and accepted her advice so we contacted the agent back and requested for our keys  and documents and put it for rent since we will back in the next 4 to 5 years.

We would have given the same agent this job also but the truth of the matter is that the agent was asking too much of an agent fee and also made the rent high. We were not getting the responses we needed so i decided to terminated our contract with them and put it up for rent ourselves. If you notice, you will discover that the price we are offering is far below standard price and this is enough for you to know that we are not after the rental fee but the absolute care for the property.

The house is available for as long as you want, Rental Features: Stacking Washer/Dryer, Hardwood Flooring in Bedrooms, New Carpet in Living Room. SEE PICTURES BELOW!!! 

LOCATION: 84 North Ave, Attleboro, MA 02703

Rent Per Month: $1200 (Including Utilities)

Security Deposit: $1200 (Refundable)

Total Move In: $2400


House Type: Single Family Home

Large: 3 Bedroom 2 Full Bath

Square Feet: 1450 sqft

Pets Allowed.



FIRST NAME:__________

MIDDLE NAME:__________

LAST NAME:__________


MONTHLY INCOME:_________    





KIDS:_____ (YES/NO), HOW MANY:________



PRESENT ADDRESS:_____________________

CITY: _______________


ZIP CODE:____________







NAME OF PET:_____________

KIND OF PETS:_____________


DO YOU SMOKE:______________

DO YOU DRINK:______________






Please make sure this questions are filled correctly because the best way you answer with your comment will impress me the more to accept your application. After i have received the above details, i will discuss with my wife (family) and let you know our terms and how we would conclude the renting process so you can move into our home asap. You can drive by the  house since I am not in the State and I don't have anyone to show you the inside of the house for now as our lawyer is presently in London, UK for a case and he is so busy right now but i can give you his number to call him, so if you are still interested let me know by filling the form above.

Looking forward to hear from you with all this details so that i can have it in my file in case of issuing the receipt for you and contacting you. You can call or text me for more information on the rental +1(401) 646-0564

I hope to hear from you soonest. God Bless You,

Robert SHepherd & Family

"Trust in the Lord with all your heart, And lean not on your own understanding; In all your ways acknowledge Him, And He shall direct your paths. Do not be wise in your own eyes; Fear the Lord and  depart from evil...."Proverbs 3: 5-7.

How many “red flags” did you find?  We’ve listed ten...

1. We find Mr. Shepherd's AOL email address to be rather odd: hei.nei "@"  "Hei Nei" as in "nice ass?" or the Polish word for hyena?

2. Mr. Shepherd's post on Craigslist contains just one photo of the house, obviously taken from across the street. This is very suspicious for someone hoping to rent his house.  Wouldn't he want to show the inside and backyard? (This photo is also the same photo we find on several legitimate realty sites on the Internet.)

3. We used to conduct a search for rental homes in Attleboro, MA on March 1.  Not only did we NOT find this home, but the cheapest rental we found of the 5 homes listed was $2000/month, well above the $1000/month that Mr. Shepherd is asking! (At we couldn’t even find ANY homes for rent in Attleboro on March 1, 2020.)

4. The name “Robert Shepherd” sounds like such an American, British or Australian name.  (Check out Wikipedia’s information about the name “Shepherd.”) The name strongly suggests that this person grew up in a place where English was his native language.  So why then, is Mr. Shepherd’s English so awful? It is filled with many errors suggesting that English is NOT his first language. We find that very suspicious!5. Mr. Shepherd goes to great lengths to explain that he has moved away (and presumably cannot show you the house personally --we’ve seen this many times before from rental scams on Craigslist!).  It is overkill to send you a link to his “place of employment” as if that makes his claims legitimate. They do not. He goes on to say that he and his wife have taken the house back from the sales agent and are renting it themselves (long distance!).  That claim is a HUGE red flag, and leads us to #6….

6. Mr. Shepherd listed the home’s location as 84 North Ave, Attleboro, MA 02703.  On March 1, Google returns at least 8 links informing us that the rental price for this home was $2200/month back in January. But on March 1, several websites such as, and all inform us that this home is no longer for rent.  And yet, Mr. Shepherd’s ad is still on Craigslist for $1000. Why is that?


7. Mr. Shepherd’s ad on Craigslist clearly says $1000/month but his email says it rents for $1200/month. His Craigslist description also says “Full bath with shower” while his email says “2 Full bath.” These are important discrepancies to note!

8. Some of Mr. Shepherd’s “application” questions are ludicrous!  Why does he need to know the name of your pet? It might even be illegal for him to ask if someone drinks or works late in his consideration for renting his home or not.  But MOST IMPORTANTLY, this question is a HUGE red flag: “DO YOU AGREE TO MAKE DEPOSIT PAYMENT BEFORE YOU GET THE KEYS AND DOCUMENTS.”  This question is PROOF that this is a scam!

9. This paragraph is a complete lie and should send every reader running to flag this ad as fraudulent: “You can drive by the house since I am not in the State and I don't have anyone to show you the inside of the house for now as our lawyer is presently in London, UK for a case and he is so busy right now but i can give you his number to call him, so if you are still interested let me know by filling the form above.”

10. Mr. Shepherd’s “Trust in the Lord” quote at the end is also suspicious.  African scammers rely heavily on using “faith” as a means to build trust in the victims they target.  It is simply part of their bait sitting on the lure.

If you spot other red flags we’ve missed, please share them with us!  Send your response to

We have one other email for readers to turn their eagle eyes on.  This one came to a young man who uses dating apps like Tinder. He received this email from “Hazel Rose” and shared it with us.  How many red flags can you count? Enjoy!


Daily Scam Home Page


Request for Quote

One of our readers works for a company in Texas.  She received this email from “Hollis Binette” asking for a quote “for the materials listed in the attachment.”  However, that attachment was not a Word or Excel document, nor a pdf file. (These files also have risks associated with them.)  The attachment is an HTML file. (which means “hypertext markup language”) Think of html files as a set of instructions for web browsers.  This file can tell your web browser to do just about anything if opened on your computer, such as go to a website, download malware and install it! There is no legitimate reason why the sender should be attaching an html file.   NEVER, EVER click on an html file that is sent to you via text or email (unless you truly know what you are doing and how to handle that file in a way to protect yourself!)

Until next week, surf safely!

Forward to Friends

About Us
Contact Support
Manage Subscription


Produced by:
Deutsch Creative
Copyright © 2020 The Daily Scam, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp