Copy
THE DAILY SCAM NEWSLETTER — DECEMBER 16, 2020
Content Director Doug Fodeman | Creative Director David Deutsch | Issue 330


THE WEEK IN REVIEW

Apparently, several of our readers are about to be arrested! Oh my!  It has something to do with the Social Security Administration, according to voice messages left on their phones.  The first call came from 509-524-9746 and is a woman with an Indian accent, while the second was an AI male voice that came from 678-824-8053.

Click to listen:





Our readers might recall our Top Story on December 2 titled “Murky Waters of Cam girls?”  In response to that, another reader sent us this lovely email he received from someone who identified himself…. Herself as “John Macculam.”  “Are you a real person??? I am reall’y safe sexy Girl in local Area…” She/John invited the recipient for “some fun.” We don’t know any women named John but this “John” simply wants “sex...No drama… No games.”  She/he invited the recipient to visit her personal profile on a website called go2cloud[.]org. 



Before anyone thinks to jump into these murky waters, do your homework!  A simple search in Google for go2cloud[.]org shows a website with no information.  But more importantly, the 2nd and 3rd links returned by Google are for very respectable sites describing adware and other PUPs (Potentially Unwanted Programs) associated with this cloudy website.  No thanks, we’re good!  Plus, who names their daughter “John” anyway?




Daily Scam Home Page

PHISH NETS
Global-Giving Emergency Relief Fund, PayPal, and Wells Fargo

Now for something completely new!  We were quite surprised to receive the following text from the Global-Giving Emergency Relief Fund via the phone number 256-572-4177.  Apparently, this relief fund was offering us $1500!  Just click the link to apply...


 

Of course, being the skeptical gentlemen we are, we investigated this offer!  There is indeed a “GlobalGiving” 5013C non-profit organization but they do not use a hyphen between the words Global and Giving.  We recognized the shortened link to bit.ly and used Urlex.org to unshorten it.  We discovered that if you click the link you will be redirected to a free form builder site where you’ll be given an explanation of this “relief fund” and then asked to enter VERY DETAILED and PERSONAL information, including your social security number and Driver’s License. (Of course we reported this abuse to Powr.io and they took the page down quickly.)  The ONLY thing you’ll be relieved of using this form is your identity!






We can’t imagine how ANYONE would fall for this phish, poorly disguised as an email about your PayPal account being restricted!  Look at how they spelled PayPal multiple times!  Also, this email came from the crap domain called mqucom9I-82136861[.]world.  Fortunately, VirusTotal.com tells us that many security services know that the domain linked to the Login button is malicious! Also this malicious domain, “lihi1[.]cc” (located in the Cocos Islands), is a double-whammy because malware is lying in wait for you there. ‘Nuf said.









“Your Wells Fargo Online has been disabled” says this email that came from a free email service in Germany. (“.de” = Deutschland = Germany)  The TDS reader who sent us this phish was not able to send it with its link, so we don’t know where links pointed.  But we DO KNOW it is a scam!

Deeeleeeeete!



Daily Scam Home Page

 

YOUR MONEY
Doordash Gift Card, Fresh Food for Healthy Pets, and U.S. Housing Helper

Doordash is one of the largest U.S. food delivery services and is based in California. (According to Wikipedia.)  So when one of our honeypot email accounts was told that it had qualified for a $100 Doordash gift card, we were excited!  Except that the email didn’t come from Doordash.com, it came from the crap domain pey[.]buzz and links pointed back to that annoying domain.  Too bad, especially when we were told that we could apply that gift card to toilet paper.  We’re in a pandemic, for God’s sake!  Imagine the amount of malicious s$%& we could clean up with $100 worth of toilet paper!  It turns out that the domain pey[.]buzz was registered in India in early February.  Clicking any of the links in this email lead to a malware infection PLUS a redirect to another very sketchy website called yourdigitalofferr[.]com.  Since we didn’t find any other website called yourdigitaloffer[.]com (spelled correctly!), we can only imagine that some cybercriminal made a dumb spelling error that should get EVERYONE’s attention!





 

Feeding your pet healthy food is as important as our own healthy diet.  And so this offer also got our attention. Of course, like so many malicious emails, the content of this clickbait was stolen from a legitimate company.  You can clearly see that this email was sent from the oddball domain fodnm[.]work and the links point back to it, not to company called Nom Nom.  That oddball domain was registered anonymously the day before the email was sent and is hosted on a server in Poland.  The Zulu URL Risk Analyzer had no problem identifying it as malicious! And we couldn’t agree more, this is nothing to kibble about!







Daily Scam Home Page

 
 

TOP STORY
How Good a Detective Are You

Dear TDS Reader, it is your turn to step up to bat and see if you are as good as Sherlock Holmes in the digital age!  Below are two scams. The first is an email and the second is a link to a website.  Your task is to read over them carefully and list as many suspicious, or outright fraudulent points, about each one as you can!  Use the power of Google and the Internet to investigate both of these scams. (Investigating the website is the harder task of the two of them.) Below you’ll also see links to our discoveries about these scams. Both are variations of the “advance check” scam.   Good luck! (And if you’ve discovered something fraudulent that we didn’t mention, let us know!)

  1. Marriott International invites you to interview for a job!
    Once you complete your investigation, you’ll find our analysis at the top of our article titled You’re Hired! (Job Scams) 


     
  2. Envestt Trust Consulting Services
    Envestt Trust claims to be a consulting service of nearly 50,000 employees, with a dozen offices across the United States, Europe, Asia and Canada. They claim to have experience working for more than 30 industries and partnering with Dell, Adobe, Microsoft, IBM, Oracle and many other very well-known U.S. companies.  So why do we believe this business and its website are a complete fraud?

    Our Super-sleuth readers could spend an hour scraping their robust website to investigate all kinds of details.  However, we suggest that you look beyond the few misspellings or grammatical errors.  Think about critically important information listed on their website that can be VERIFIED easily using Google!

    Important note: We have used several reliable tools to see if any malware lies hidden on the Envestt Trust website and found none.  We have crawled all pages of this website several times and have not suffered any type of attack or infection monitored by our tools.  However, we cannot predict what the fraudsters who’ve posted this website may do in the future.  If you take up this assignment, you do so at your own risk.

    Here is the link to Envestt Trust Consulting Services website.  Good luck!  You’ll find our complete analysis on our website at TheDailyScam.com/envestt-trust-consulting-services.

Daily Scam Home Page

 


FOR YOUR SAFETY
Amazon Alert Notification and You Have Received a Payment

At first glance, this email which came from a server in Turkey (“.tk”) seemed like a perfect phishing scam.  The recipient is informed that someone signed into his account from a new device.  Just the sort of message to raise your anxiety level and pushing your buttons to click the link.  But it turns out that the link points to a malware infection! (Look at the screenshot shown to us by the Zulu URL Risk Analyzer.)





 

We want to remind our readers that not all documents are created equally.  This email tells the recipient that he has received a payment and the details are apparently contained in the attached file called Payment 923217188[.]html.  An “html” (or “htm” or “php”) document is a web document that can instruct your web browser to do many things, including visit a malicious website or download a malicious document from across the Internet.  This type of document can be extremely unsafe and there is no reason for a legitimate service to send it!

Until next week, surf safely!

Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE


Produced by:
Deutsch Creative
 
Copyright © 2020 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp