Copy
THE DAILY SCAM NEWSLETTER — APRIL 28, 2021
Content Director Doug Fodeman | Creative Director David Deutsch | Issue 349


THE WEEK IN REVIEW

We have an important warning for anyone who owns an Apple computer, iPad or iPhone. Researchers have found security flaws in Apple's Airdrop ability that allows hackers to steal data from your computer!  For those unfamiliar with it, Airdrop is a feature of all Apple devices that allows you to quickly and easily transfer files from one device to another IF you are within range, generally not more than 30 feet.  The risks for being hacked increase for those who turn on Airdrop for “everyone” and keep it on at all times.  Read....

    https://www.cyberscoop.com/apple-air-drop-security-hackers/

It is easy to avoid this risk.  Airdrop should ALWAYS be turned to the setting that says "Allow me to be discovered by no one" UNLESS you are using it.


 

To see what your Airdrop settings are set to on a laptop or desktop computer....

  1. Go to your Apple Desktop

  2. Click "Go" on the menu bar and select Airdrop

  3. Look at the settings at the bottom of the window

Turning Airdrop on or off on an iPhone or iPad can depend on which version of the hardware/software you have.  It's best to Google it based on your device.

We recently discovered, and reported to authorities, about four phishing websites designed to look like Housing/Real Estate sites used to collect very personal information from US Citizens, including social security numbers. The collection of this important information looks like it was sent to a US Government website when, in fact, it was sent to a generic Yahoo email account.  We’ve reported on this fraud in our most recent article titled “Phishing Scams Disguised as Housing/Real Estate Corporations.” ALL of the 4 websites we outed were essentially identical to a fraudulent website called Patriot Housing that we wrote about in late 2019.

Sometimes we read that the good guys win an important round against the cybercriminals out there who target netizens. We have two such reports…. The first is a recent article about a win against ransomware attacks.  This is truly a rare event!

https://www.cyberscoop.com/jack-cable-qlocker-ransomware-recovery/

The second concerns an outstanding article recently published by AARP and titled “Inside an International Tech-Support Scam” in which a tech-savvy good guy completely turns the tables on a boiler room scam operation in India.

Not long ago, our friend Rob L was communicating with Nigerian 419 scammers who were trying to convince him that money was deposited into an account in his name and waiting for him to pay fees before being able to withdraw it.  It was ridiculous!  In their effort to prove their point, the scammers, pretending to be a lawyer, sent Rob a stock photo that still contained the watermarks from the stock photo website AND incredibly obvious Photoshop manipulation.  Can you tell what information was Photoshopped into this image? (HINT: It isn’t hard!)


 

Daily Scam Home Page

 

PHISH NETS
Paypal and Amazon

“Dear Customer, Your account has been limited. We have found suspicios activity on your last trasaction.” Oh Yeah?  Well we found poor spelling on your suspicious transaction!  This lame email came from GoogleGroups.com, not paypal.com as you are led to believe.  The link to “Login to Paypal” points to an oddball domain that was registered in Canada on the same day the email was sent! 

Deeeeleeeete!






It never ceases to amaze us that Registrars would allow ANYONE to register such an obvious fraudulent domain as “amazsun-center.com.”  OF COURSE it was used in a phishing scam!  OF COURSE the scammers want people to think this represents the real Amazon.com!  This crap domain was registered anonymously in Iceland (“.is” = 2-letter country code for Iceland) on the same day that the email was sent.  There are no working links, just a scammer’s phone number to call if you wish to refute the $744 charge for in-ear monitors (which is actually listed in the email as $799 before tax).  However, we loved the fact the charge for shipping & handling is “Nil.”




Daily Scam Home Page

 

YOUR MONEY
Targeting People Interested in Medicare

Back in late March, one of our TDS readers sent us this bogus email she received from a domain called “houndhands[.]net.”  Though it appears to be about your medicare application, the links point to a domain called “eyespatrol[.]net” and are 100% malicious.



Then 3 weeks later, another reader sent us this email which is meant to appear as though it came from a website called MediGapInsurancePlan.net, a legitimate website registered back in 2012.  But that’s not where the email came from.  You are invited to find the “Right Medicare Plan for You: Compare and Save.”  However, all links in this email point to a suspicious domain, named revlk[.]com, which was registered in Spain more than 4 years ago! If this were legitimate, wouldn’t you expect the links to point back to MediGapInsurancePlan.net?  We urge all our readers who get uninvited emails related to Medicare to look very carefully at the source and destination of the emails they receive!





We are NEVER able to go a week without someone reporting malicious emails disguised as paid surveys!  Here is one pretending to be a Capital One Banking Survey.  Like all the others, recipients are offered a financial reward and told the survey is short, 30 seconds.  But this email came from “doris.k” at ParkPayd[.]com and the links point back to this oddball website.  The Zulu URL Risk Analyzer had no problem showing these links to be 100% malicious, AND that you’ll be forwarded to another malicious domain we’ve written about in the past called surrealresult[.]com. 

Deeeeleeeete!





Daily Scam Home Page

 
 

TOP STORY
Playing With Scammers

We are always grateful to our many readers who share their stories with us.  One such gentleman recently told us how he played with Indian scammers who called him to say that his social security number was involved in fraud, resulting in an arrest warrant being placed against him!  (We’ve received dozens of these scam calls ourselves but have never had the time to play with the scammers.) We’ll call this TDS Reader “T.” Here is his story of how he played with the scammers for an hour.

T is an elderly gentleman in his 70’s. Upon receiving a call from an unknown number that showed up on CallerID as coming from Fremont, Ohio, T knew it was likely fraudulent and decided to have some fun.  He answered and pressed 1 to speak to an “agent” of the Social Security Administration. The man who came on the line identified himself as “Neil Matthews” from the Social Security Office in Washington DC.  T noted that Neil Matthews, which is a very American sounding name, had a foreign accent, likey from India or that region of the world. Neil Matthews asked T to confirm that he was FULL NAME from FULL ADDRESS, which he did. (The scammers had clearly done their homework. They had his full name and address, as well as his phone number, to make their fraud appear legitimate.) T was told that his social security number was being used in El Paso, Texas, from two different addresses.  Neil reported one address as 7609 Ocean Street, followed by another address that T didn’t quite hear.
 

=================================

[When we visited Google and searched for the address 7609 Ocean Street, El Paso, Texas, instead of returning links to/about this address, Google returned NINE top links related to social security scams!  Here are just 3 of those links:

     This is What a Social Security Scam Sounds Like (FTC.gov blog; 12/27/2018)

     Social Security Number Phone Scams Costing Victims Millions (CBS News; 4/11/2019)

     How to Avoid the Social Security Scam That Makes You Out to be a Criminal (VC Star; 2/13/2019)

=================================
 

T was assigned case number “EMC 7010” and told that there was a warrant out for his arrest as a result of the fraudulent activity!  They asked him if he had been to the Mexican border, though he didn’t know why they asked.  We’ve learned that this scam has victims believing that their social security number is connected to people who are running drugs and/or money laundering at the border with Mexico.  T told them yes, back in 1963 he had been in that area.  They asked him what was the purpose of his visit.  He replied “just to have fun.”

The scammers then told him some legal BS that his visit was authorized by “Section 42C, 1958.”  (We couldn’t find any Texas law related to “Section 42C” that made any sense whatsoever.  These scammers are easily exposed if one simply asks questions and doesn’t accept their answers as legitimate!)  However, The scammers asked T if he wanted to get a lawyer, or if not, they could handle it with an “ADR” (Alternate Discharge Resolution).  (We suppose that the scammers think they’ll intimidate people if they throw enough legal jargon and acronyms at them to overwhelm them!)  T said “sure, if it doesn't cost me anything I’ll handle it ADR.”  Neil also impressed on T that he should keep the circumstances of this call completely private. He shouldn’t even discuss it with his wife because, Neil suggested, his wife could have been the person to steal his social security information and misuse it. Again, the fake SS Agent emphasized, DO NOT talk to anyone else about this! (Of course, this tactic is meant to isolate a victim to prevent him/her from asking a friend or relative for advice about the call.  The scammers are afraid that someone might tell the victim that this is likely a scam!)

T’s response did not make the scammers happy.  They then told him that two agents would come to his house the next day to arrest him.  Smiling to himself, T quickly replied that he didn't want any agents coming to his house.  He said “how would that look to the neighbors?.”  “Well, we can find another way to take care of it” said the scammer Neil Matthews. So, they assigned him an “ADR Approval @3227741” to have the charges removed. However, this meant that he had to talk to the El Paso Dept. of Treasury. They told him to hold on, and accept the call from the Dept. of Treasury while putting Neil Matthews on hold.  This was all very bizarre but T hung in there, eager to see where they heck this was leading.

He quickly gets the call from an “agent” identified as coming from El Paso, Texas.  The caller, claiming to be from the Texas Department of Treasury, reiterated that this was a very important call, and not to discuss this with anyone.  T was now growing a little impatient. He wanted to push back and put some pressure on the scammers. He asked the new agent what County he was in.  The man first replied “USA.”  T asked again, he then said “El Paso.”  T countered with “The county? I thought that was the city you were calling from.”  The new agent became irritated and then said he was in Winton, Texas (which is 641 miles east of El Paso).

Moving the scam along, the El Paso “agent” told T they would be issuing him a new Social Security Number.  But, again, the agent emphasized that T was not to share any of this conversation with anybody!  The agent reminded T that his Wife may have been the one to steal his Social Security number, so don't even tell her.

=================================
 

According to this article at AARP, there are only 3 reasons that are acceptable to the Social Security Administration for issuing a new social security number.  They are: 

  • Sequential numbers assigned to members of your family are causing confusion.

  • Another person was assigned or is using your number.

  • You have religious or cultural objections to certain numbers or digits in your original number.
     

=================================

Both scammers told T that they did not want any of his account numbers.  But, they told T he had to verify his identity by withdrawing all but $20 from his checking account in the next 2 hours and placing it in a 'secure' digital account opened in his name that they would set up for him over the phone.  And only T would have the vital information to this new digital account. (OH YEAH, RIGHT?)  Thinking quickly, T told them that it was 5:30 by that time and the banks were closed, so he couldn't do it that day.  Then he  told them that he would have to get his attorney involved in all of this.  The scammers replied by saying that T would be arrested in the next two hours!  By this time, T’s game was played out.  All he could reply with was, “Oh well.” That was when one of the scammers said “Are you playing me? F U!” and hung up on T!  Of course, this only made T smile, having spent an hour wasting the time of two scammers from India.

T told us of an interesting observation he made while communicating with these scammers.  Whenever one of the scammers talked to him, he always heard a lot of voices in the background, and then silence as if the scammer kept his microphone off when T was speaking because the man was likely in a boiler room of scammers!  T also told us that he felt the most credible part of this scam was that they seemed very sincere about helping him to clear his name from the activity that happened at the Mexican border.  They wanted to be on his side to make sure he’s OK.  That was, of course, the greatest lie of all!

Daily Scam Home Page

 

TEXTPLOSION
Do You Love Chicken Sandwiches, Gummy Medicine, and Powerball Winner Donation

Though we’ve been running this blog for nearly 7 years, we still marvel at the creative and bizarre content scammers use to target their victims.  Such as this text from 724-395-7459 to Doug asking him if he loves chicken sandwiches!  “Here is a free lunch for the next 14 days!”  He was simply asked to click a link to the domain i20nj[.]com, which was registered 2 days earlier in Iceland and now sitting on a server in Amsterdam!  No thanks, he doesn’t need your free lunch.  How about sending him a text for a free beer at a local pub?





Or how about this text from 773-207-2207 stating that “this gummy is the new wave of medicine!” All one had to do is click the malicious link to the domain s7aol[.]com.  It was registered in Iceland the day before the text was received.  Need we say more?




 

We hope that our readers have noticed the many times crap domains talked about in this newsletter were found to be registered in Iceland.  We don’t believe that is a coincidence at all.  We believe the same cybercriminal gang is likely responsible for all of those scams, and more.

Finally, we leave you with this lovely text received by a group of 9 people (and likely many, many more) from “Mr. Manuel Franco” to inform them of a donation to 200 random individuals.  They were lucky enough to be among the 200.  To him, we say Bull Crap!



Until next week, surf safely!

Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE


Produced by:
Deutsch Creative
 
Copyright © 2021 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp