Content Director Doug Fodeman | Creative Director David Deutsch | Issue 355


Recently we had the pleasure to meet a number of other people from around the world who were also fighting against cybercriminals and supporting victims.  The meeting was organized by and included a diverse group of people who were as passionate as we are to stand up for victims.  For example, one of these Internet angels was a man named James.  In addition to supporting, he also has a helpful website called which he started almost exactly a year ago, on June 6 2020. (He also has pages on Facebook, Twitter, LinkedIn and YouTube to reach the public.)

James told us that he had been reading about scams since his early teens and developed quite an understanding of them. He said he noticed scams skyrocketing during the pandemic and also saw people on social media struggling to recognise something real from a scam. So, he decided to start his website to help people avoid getting scammed.  Like, is intent on educating the public on how to spot scams!  Please add Jame’s as one of the good guys in your arsenal to stay safe online!

Another amazing support system specifically for victims of cybercrimes is a team of individuals who run  One of the founders, a man named Wayne, told us that he discovered the world of scambaiting back in 2005.  Very quickly his specialty became dealing with romance scammers.  Back in 2005 few people were offering this kind of help. Wayne was approached by family members on a regular basis asking him to bait a particular scammer to help prove to another member of their family that the person they had developed a relationship with online  was actually a scammer.  As Wayne’s work with scam victims grew, three other people joined him to make a team.  In 2012 the four of them set up

We asked Wayne why he and his team do the work that they do.  We loved his response! Like us, he said "because it's the right thing to do.”  He continued to say “Why should we let the scammers get away with what they do?  If what we do makes it harder for the scammers, then what we're doing is worth it and we'll keep on doing it.  We post everything we can [about a scammer] to make it publicly searchable.”  Wayne also told us that calling a scammer up and messing with him for an hour is all well and good, but getting their scripts, names, email addresses and numbers out there for people to find is the bread and butter of the fight against romance scammers.

And so to the men and women at,, and, we express our gratitude for their effort to help others!  In future newsletters we hope to highlight more of the people we met recently who are trying to make this world a better place, and reduce the pain and victimization of cyber-leeches.

We have some good news to report for the good guys and for meat lovers in the U.S.  First of all, Cyberscoop has recently reported that the Department of Justice has caught a sophisticated group of Romance Scammers who were located in Nigeria, Ghana and the U.S.  You can read about this in their June 2 article. Did you know that victims of Romance Scams lost at least 304 MILLION DOLLARS in 2020 alone?! We’ve written several articles about a VERY active romance scammer who lives in Zimbabwe. We know he is still actively trying to victimize women because a woman contacted us just a few weeks ago about him. Read “A Professional Love Scammer from Zimbabwe.”

You may have heard that ransomware had successfully targeted one of the primary meat-packing plants in the U.S. that was responsible for about one-fifth of all meat. We’re thrilled to say that this plant is now in recovery mode and meat lovers across the U.S. need not worry. Ransomware recently pinched our oil supplies, now our love of meat. What’s next, coffee supplies?! To read more about this visit the article “Meat Chain JBS Says US Production is Returning After Ransomware Attack.”


Daily Scam Home Page


Geek Squad and McAfee Plans Auto Renew

This phish has become a very popular trick in the behavioral engineering toolbox of scammers. However, anyone who reads it carefully should realize it is a scam. “Dear Customer, Today the Service Will Renewed Automatically with $399.51 on the same account provided to Geek Squad.”  This and the fact that the email was sent from a generic Gmail account called “hawarddsears.”

Of course you can reach their scam support team by calling 800-674-0637, which is NOT the phone number used by the real Geek Squad!


This next stinky phish, disguised as McAfee services, also came from a generic Gmail account.  This one at least tried to make an effort by naming the Gmail account “mcafeerzxc,” whatever that means. The English in this spoof starts off poorly and then explodes in craziness when it states “We would thank you for the competition of 12 months maintenance plan.” We counted so many grammatical and capitalization errors in this email that we gave up counting! At least these scammers knew we were busy (read the email.) And so, we’re asked to call these leeches at 845-481-1184 so they can manipulate the hell out of us over the phone. No thanks.

Daily Scam Home Page


Bath & Body Works Test Kit, Your Medicare Plus Card, Automend, and Thank You For Your Order!

Would you like to test products in a Bath & Body Works gift basket valued at $250? If you would, don’t click the links in this email! It was sent by our archnemesis in India we call the Hyphen-Poopy Gang!  You can find their tell-tale random two hyphenated words in the malicious links within the email.  This time the words are “plumes-brooder.”  Our long-time readers will remember that this particular cybercriminal gang very likely auto-generates their malicious links on servers using software that randomly combines 2 words with a hyphen.  We first noticed this “tell” in the Spring of 2019, followed bread crumbs to India and then named this gang of leeches in early fall of 2020.  If you mouse-over a link and see two random hyphenated words in it, the odds are 100% that the link points to a malware infection!

As additional confirmation of our suspicions about this malicious clickbait, a WHOIS tool tells us that the domain that all the links point to, affect[.]rest, was registered in India just 6 days before this email was sent.  Also, the Zulu URL Risk Analyzer scores the links as malicious and shows that you’ll be redirected from one malicious website to another sketchy website called foryourpromo[.]com.  It has not gone unnoticed that this second website, foryourpromo[.]com, was registered in Iceland too, like so many other recent scam sites!


Some of us are of an age in the United States that has us thinking about Medicare in our future. That includes Doug.  So when he got an email stating that his “New Medicare Plus* Card is Available Today 05-31-2021” he took notice.  And then we took REAL notice upon seeing that this very helpful email addressed “Dear Friend” actually came from a very familiar malicious domain called marvilons[.]com.  We pointed out several emails in last week’s newsletter that came from the barrel of that gun.  Like those, the links in this clickbait pointed to a rather LOOOONG link at the link-shortening service at  And like the other bullets (emails), we see that the unshortened link points directly back to marvilons[.]com!  STEP AWAY FROM THIS TARGET RANGE!


There are a handful of skills that we consider to be extremely important for identifying suspicious content and outright fraud. One of these skills is learning how to recognize 2-letter country codes. This next malicious clickbait is a perfect example. It appears to be an advertisement for AutoMend Pro, an American company that creates products to keep your car neat and tidy. However, this email came from the oddball domain snipeinfo[.]com. More importantly, all links point to the domain “mcmod[.]cn.” Whenever you see 2 letters follow a domain name instead of something like DOT-com, DOT-org, or DOT-info, it is significant! Those 2 letters refer to a country where the domain was registered. We’ll give you a hint. “.cn” does NOT refer to Canada! There are many online lists of country codes, including this one at There you will find that “.cn” is the 2-letter country code for China! Mcmod[.]cn was registered in China.

And so we ask…. Why would an email about an American company’s products, which includes a company address in New Jersey, use links sending you to a server in China? Our skeptical nature says “don’t click!” Our suspicions were deepened when we looked up the address given for Automend. A Google search for 377 Valley Road in Clifton, NJ shows a small strip mall with a PostNet business that has mailboxes for rent. This is a common ploy for scammers.  They will often point a business address at a PO Box that can’t be verified easily. 

Speaking of China, one of our readers sent us this VERY suspicious email that appears to be from Windboy software.  Apparently his payment did not go through and he was asked to complete the payment process.  Except he never purchased this software.  We had never heard of “windboy[.]store” and wondered about that domain.  A WHOIS lookup confirmed that it pays to be skeptical.  It was registered in China about a week before this email was sent! 


Daily Scam Home Page


Craigslist Rental Scams... Again!

Over the years we’ve posted articles about scams disguised as apartment or home rentals. (See links below.) No matter where in the world the property is located, the scam always has the same basic elements that are meant to trick the victim into wiring a deposit in advance to a scammer without ever having seen the inside of the property.  The scams typically begin with a cybercriminal stealing the real estate photos of a property (that is usually for sale) and then posting this same property for rent on a site like Craigslist.

Last week, a woman contacted us about a listing she found in Providence, Rhode Island at 34 Montrose Street.  In fact, our search on Craigslist showed this property listed on three different pages:


The woman used the “Reply” button and inquired. It didn’t take long before she got a reply from “Mr Soledad Deats Resendiz & Mrs Daniella Gonzalez Resendiz” who used a Gmail address called “MovementLandlord.”  Read through the email and see how many “red flags” you can spot that make you suspicious of the authenticity of the source. 


From: Gonzalez <>

Date: Tue, Jun 1, 2021 at 11:36 PM

Subject: ***** Application Form For 34 Montrose St ****


Thanks for your interest and inquiries about our home and yes the house is still available for rent as soon as possible. We are looking for a responsible person/family to occupy and maintain the house now that we are not around. My family and I just moved down to CALIFORNIA for a Volunteers support UNICEF’s mission for Saving Life And Protecting People Against the Coronavirus and Our Volunteers are of all ages and backgrounds living in the United States who educate, advocate and fundraise on behalf of UNICEF in their communities.

Everyone is talking about coronavirus disease 2019 (COVID-19), and everywhere you look there’s information on the virus and how to protect yourself from it. Knowing the facts is key to being properly prepared and protecting yourself and your loved ones.

Visit our site>

House Address : 34 Montrose St, Providence, RI 02908

Bedroom: 3

Bathroom: 1


No Smoking Allowed Inside.

No Screening Fee/Credit Check

Pet Fee : $100 Every Four Months (Pets must be generally well-behaved)


The monthly rent is $985 inclusive of all the utilities, and the refundable security deposit is $725 making  a total of $1,800 for the move-in deposit. There is a 10% discount if you pay for 3 months and 15% discount for 4-5 months upfront. The deposit will be refunded on your move out date if there are no damages. But If there are damages, you can fix/replace damaged property at your expense.


Applicant Personal Information

Name (First name / Middle name / Surname): __________?

Sex: __________?

Date Of Birth(D.O.B): __________?

Profession: __________?

Phone numbers (home, cell and office line) #: __________?

Marital Status: __________?

How many proposed occupants: __________?

List all in addition to yourself including approx. Age: __________?

Kids__ (Yes/No), How Many: __________?

Present  Address : __________?

When Do You Intend Moving In: __________?

How Soon Do You Want To Pay For The House: : __________?

How Much Can You Put Down Upfront: (Security deposit only, Security deposit + First Month Rent, 3 months Rent + Security deposit Which comes with 10 % discount, 6 Months - 1 Year rent + Security deposit which comes with 30% discount. Please Specify How Much Deposit You Can Come Up With): __________?

Are you a section 8 applicant (Yes/No)

Do you have pets : __________?

Do you smoke: __________?

Do you have any criminal records (Yes/No)

Attach front & back picture of drivers license

I certify that the answers I have given in this application are true and correct.  I authorize verification of the information provided in this application to determine my eligibility.  I understand that if any part of my application has been falsified, it shall be grounds for denial of residency, or future eviction if discovered after moving into the property.  I understand that a home will continue to be offered for lease until I have paid a deposit to hold the home for my move in.

We look forward to hearing from you soon at your convenience with the rental application form above filled out so we can discuss further with the renting process. Please you can only drive by to look at the house from the outside for now if you would like to view the house or to verify the address because it is currently locked for security purposes. 

Mr Soledad Deats Resendiz & Mrs Daniella Gonzalez Resendiz

"Everybody Deserves a Home Both The Rich And The Poor.

Thanks and God bless.


  1. The sender’s email address is a red flag because it was chosen to suggest the legitimacy of a landlord. “MovementLandlord” is an odd email choice, in our opinion.

  2. We have seen rent scammers routinely use phrases like “We are looking for a responsible person/family to occupy and maintain the house now that we are not around.”  The phrasing is meant to trigger a response to make the new victim feel like she or he has to prove their trustworthiness, such as sending a deposit. This is then followed by an announcement from the owner that he/she is now out of town and not around to show the property.

  3. TAKE OUT YOUR TISSUES! Scammers will often give you more information than you need because they want to pull at your heartstrings and make you THINK they are good, God-fearing people who eagerly help humankind.  In the above email, Mr Soledad Deats Resendiz & Mrs Daniella Gonzalez Resendiz told the woman that they have moved to California to join Unicef’s effort to “Saving Life And Protecting People Against the Coronavirus.”  Then they continued with information about Unicef, including a link to their website. This is a HUGE red flag! These fake landlords are NOT good and honorable people!

  4. “Pets must be generally well-behaved.”  Seriously?! How can anyone set this expectation?

  5. This statement is a significant red flag: “There is a 10% discount if you pay for 3 months and 15% discount for 4-5 months upfront.”  REAL PROPERTY OWNERS rarely make this offer!  But rental scams ROUTINELY include this offer, hoping to collect more money from victims of their scam!

  6. Some of the questions asked in the email are seriously questionable, and possibly illegal to ask.  The list of personal questions should make everyone feel uncomfortable.  Keep in mind that this is the first contact with the “owners.”  There have been no phone calls, let alone a video call or in-person meeting.

  7. Perhaps the biggest red flag of all is this statement at the very end…. “Please you can only drive by to look at the house from the outside for now if you would like to view the house or to verify the address because it is currently locked for security purposes.”


That last statement should expose this as a scam to everyone!  “Mr Soledad Deats Resendiz & Mrs Daniella Gonzalez Resendiz” can’t let the woman inside to see the property NOT because they have moved to California but because they are scammers and don’t own the property! They can’t provide the keys but they certainly want the woman to think they will send her the keys if she wires money to the scammers!

Once we identified many red flags about this rental, we hopped onto Google to see what we could find out about this property. It took seconds to see that this house located at 34 Montrose Street in Providence, RI, is actually for sale.  In the links and screenshot below, you can see the property listed for sale on 3 different realtor websites for $279,900 (as of 6/6/21), including If you look at the link to, you will also find the EXACT same text that was also used by the scammer on the Craigslist rental post, word for word!

This scam may seem obvious to many of our readers but the demand for housing is high.  Landlords can make people feel like they are fielding calls every hour for a property.  Though home hunters may feel a bit uncomfortable about the circumstances, some will still wire a deposit, thinking this is the only way to lock in this deal!  Sadly, we are confident that this scam is successful because it has been going on for years.  Craigslist is the most commonly used site to target victims.

If you would like to read about more of these rental scams, visit any one of our articles:

Daily Scam Home Page


For Your Safety

As we’ve said previously, we often get mail sent to us through the contact form on our website.  A significant amount of this email are solicitations, or so the sender would like us to think.  Take, for example, this recent email from Lee Martz, claiming to represent a service called “your-seo-specialist[.]com.”  SEO stands for “search engine optimization” and Lee was claiming that he can help us improve traffic coming to our website.

However, we are naturally skeptical people. (What a surprise, right?) So the first thing we wondered about Lee’s email was why he would use a generic Gmail address when he had a business domain called your-seo-specialist[.]com.  The vast majority of businesses send emails from their business accounts.


Next we tried to ask Google (using the Firefox application. DO NOT DO THIS IN CHROME! Chrome will not search for a website but will SEND YOU to that website, which can be dangerous!)  Very oddly, Google had no clue who or what your-seo-specialist[.]com was!  For a business that claims to drive web traffic to your website, we found this to be odd and HIGHLY SUSPICIOUS!



Now our “spidey senses” were ablaze and we visited our favorite WHOIS tool to see what we might learn about this domain that Google couldn’t find.  Surprise, surprise!  This domain was registered in Russia in late March.  Furthermore, told us more about this website...“Trust score is low! Caution needed” 

‘Nuf said. We don’t need their services, thank you very much!

Daily Scam Home Page

Forward to Friends

About Us
Contact Support
Manage Subscription


Produced by:
Deutsch Creative
Copyright © 2021 The Daily Scam, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp