Copy
THE DAILY SCAM NEWSLETTER — JUNE 30, 2021
Content Director Doug Fodeman | Creative Director David Deutsch | Issue 358


THE WEEK IN REVIEW

Spear phishing is a type of scam in which the perpetrator uses specific information about an individual or organization to target a group.  Or, as Trend Micro puts it, “spear phishing focuses on specific targets and involves prior research.” One of the methods used by criminals is “stupid simple.” They’ll capture the login credentials to a person’s social media account or email account, OR they’ll study relationships between people and even create fake accounts in someone’s name. Whatever their method, the criminals will contact others while disguised as someone else and ask for “help.” This recently happened to one of our TDS readers. We'll let him tell you in his words what happened and show you the email exchange that began when he received an email from a friend, but not through an account he recognized.

"A guy steals your friend's name on Facebook, and then emails you for help with buying something. Well, as you can see, I told him I bought it and will run it over to him tomorrow.” 

On Thu, 24 Jun, 2021 at 4:03 PM
[SCAMMER EMAIL]
To: me [EMAIL REDACTED]
Subject: Hello !!
How are you doing I need a favor from you ? email me back as soon as possible.
Sent from my iPhone
 

On Thu, 24 Jun, 2021 at 6:01 PM
[SCAMMER EMAIL]
To: me [EMAIL REDACTED]
Do you have an Amazon account ?
Sent from my iPhone
 

On Thursday, June 24, 2021 6:14 PM
From: me [EMAIL REDACTED]
To: [SCAMMER EMAIL] 
Subject: Re: Hello !!
Sure, Andy.  How can I help you?
My phone number is [REDACTED]
 

On Thu, 24 Jun, 2021 at 6:28 PM
[SCAMMER EMAIL]
To: me [EMAIL REDACTED]
i would have called you at first but due to poor internet connection am having over, i only have access to mails i will be more than grateful if you can help me.   I've been trying to purchase a $150 Apple E-Gift card by email from Amazon, but it says they are having issues charging my card. I contacted my bank and they told me it would take a couple of days to get it sorted. I intend to buy it for a friend of mine who's having her birthday today. Can you purchase it from your end for me? I'll reimburse you once my bank sorts the issue out. I am just trying to put a smile on her face in this trying times. Let me know so i can send you the link and her email address
Sent from my iPhone
 

On Thu, 24 Jun, 2021 at 10:58 PM
me <EMAIL REDACTED> wrote:
To: [SCAMMER EMAIL]
OK, I just purchased it and paid for overnight delivery.  It will be here tomorrow.  I will run it over to you as soon as it gets in.  Also, it will be good to see you again.  How long has it been, 9 months?  


On Thursday, June 24, 2021 11:22 PM
From: me [EMAIL REDACTED] o
To: [SCAMMER EMAIL]
Subject: Re: Hello !!
Give me a call.
 



No call came. We’ve seen LOTS of these types of phishing scams and the great majority of them start with “I have a favor to ask.” Of course, the favor involves the transfer of money in some way. As the TDS reader tried to do…. VERIFY, VERIFY, VERIFY!  This type of attack especially targets company and organization employees, including school employees.

We hope that our readers are aware how untrustworthy product reviews can be.  For example, it is possible to purchase fake reviews by the hundreds for very little money.  Also, people are paid, or offered other incentives, to provide positive reviews for products.  Fake reviews are especially problematic on Amazon and Google.  This issue is severe enough to prompt UK regulators to investigate both companies to see if they are doing enough to combat the problem. You can read more about this in an article on ABC News posted on June 25. What can consumers do? Don’t assume that all reviews are real! Obviously, the larger the number of reviewers improves the odds that more reviews are legitimate. However, to help you assess whether or not product reviews on Amazon are real or legitimate, visit ReviewMeta.com or FakeSpot.com/analyzer. (These are good resources to bookmark!) You may also wish to consider installing the Chrome extension produced by FakeSpot.com.

Speaking of reviews, For the second time in as many weeks, we received another random email into one of our honeypot accounts.  Subject line is “Please Activate Your Account.”  We’re invited to set up an account for a “new course” that will show us how to make money online.  
 


Hmmmmmm, let’s think about this for a moment.  This unsolicited email contained a link pointing to the domain getresponse[.]com which, we learned from Sucuri.net, will redirect us to Mr. Morrison’s website.  Regardless of whether you believe Mr. Morrison’s claims or not that he can teach you how to make money online, there is another much more important question. Why did Mr. Morrison’s email come from one email address, but a REPLY-TO response will send your email back to a different address, AND the link you’re asked to click appears to have no content except a redirect to Mr. Morrison’s real website?



 

We asked Scamadviser.com to review the link in that email and its AI replied with a trust score of 1%!  Yeah, we thought so too.
 


 

Daily Scam Home Page

 

PHISH NETS
Apple Pay and Apple Login
 

One of our TDS readers sent us this email she received from the domain afcen[.]com. This domain was registered in France in 2004 and is hosted on a server in France. Not exactly what one might expect for an email from Apple Pay, right? She recognized it immediately as a scam because she hadn’t placed the $400 order and it felt like social engineering to be told to call “Customer Care 1-(808)-444-5113.” Obviously, this is a scammer’s number, not Apple’s number!



Another TDS reader received this email from vividseats[.]com telling her “It looks like someone logged into your account.” If you look carefully at the two paragraphs in this email, you’ll know immediately why It pays to read carefully. Ask yourself if Apple would REALLY say this!



Daily Scam Home Page

 

YOUR MONEY
Netflix Survey and Capital One Rewards

We’ve now seen so many malicious emails coming from the domain moonastyle[.]com that we simply had to ask… What is “moona style?”  Apparently, it is a fashion style from South Korea, and may possibly be a music style similar to “Gangnam Style.”  But whatever it is, it is a hacked website and being used to lob malicious emails at Americans.  Here are two more recent examples.

“Your Fifty Dollar Netflix Reward is Waiting” says the first email from moonastyle[.]com.  Presumably, if you tell them about your Netflix experience, they’ll reward you with money.  But act fast because supply is extremely limited!  MALWARE waits for you at the end of that link! 

Deeeeeleeeeeete!




This second email from moonastyle[.]com wants you to believe that you’ll be rewarded another $50 if you take a survey for Capital One. (What’s so special about $50??)  This subject line reads “You’ve been selected to participate! Gift inside!”  Hell, no!

Deeeeleeeete!




Daily Scam Home Page

 
 

TOP STORY
Is This Credible?

Credibility is the quality of being trusted, or believable. There are so many clues to help us determine credibility and one of them comes from a sender’s email address. There is a lot of valuable information in an email address, if one knows how to look for it!  Understanding this information can help you see through many scams. Let’s start with an excerpt from a very long email sent by a Nigerian 419 scammer’s “advance fee” scam. He asks for a reply back to the “Money Gram Agent” through that Agent’s email account.  But the email is to a Gmail address called “moneygram8890,” as opposed to an email connected to the rightful domain, moneygram.com.  Anyone can open a Gmail account and put any name they want in front of gmail.com! (In today’s digital world, overflowing with fraud, why does Google allow this to happen?!  It’s pretty easy for AI to flag an account like this and immediately shut it down or put it on a watch list for fraud.  But they don’t.)



 

When evaluating email, ALWAYS look for the domain that follows the “@” symbol!  Anything in front of the “@” symbol is not important because it is easily made up to say anything the sender wants!  To understand more about email addresses as a way to identify threats from credible sources, read our article “Where its @!”

We were recently contacted by a Solicitor (legal professional) named Daniel Walker in the UK on behalf of a client of his. Let’s ignore the fact that Mr. Walker didn’t address us by name. (No doubt, because he randomly sent this email to thousands of people.) He sent his email from a business-sounding domain called “FirstClassAdvisor[.]com.”  We wondered if this domain was a credible website…



 

One of the most powerful tools to assess a domain’s credibility is a WHOIS tool.  These tools can tell you when and where a website was registered, and more. There are many WHOIS tools and some are better than others.  Here are just a few, with our favorite at the top:


https://whois.domaintools.com/

https://www.whois.net/

https://lookup.icann.org/

https://domainbigdata.com/


And so we checked our favorite WHOIS tool to see when FirstClassAdvisor[.]com had been registered because the age of a website is a VERY valuable reflection of credibility for a website.  For example, Amazon.com was registered in the US in 1994! By contrast, we learned that FirstClassAdvisor[.]com (without the brackets around the period) was registered anonymously in Canada less that a month before Solicitor Walker contacted us. This fact is NOT credible and strongly suggests that this email is a fraud!



 

Another critically important way to evaluate credibility is to use Google to investigate domains. HOWEVER, please be careful how you do this! If, for example, you enter MySuspiciousDomain.com into Google using the Chrome browser, it will simply send you to that website, which could be a dangerous malware trap. Not good!  But if you use Google in the Firefox browser, it doesn’t do that (as of this publishing date) and Google will instead return information about that domain. So if using Chrome, you will want to ask Google a question like “what is MySuspiciousDomain.com?”

Disguised as an elderly woman, we’ve been communicating recently with Nigerian scammers.  In this exchange of emails we heard from the Operations Manager of a Bank in Turkey.  It turns out that we have money available to us but need to pay for a Turkish resident permit costing $1850 before we can withdraw any of millions of dollars in the Turkish Bank.  Mr. Ahmat Burat says he is the Operations Manager for the QNB Finans Bank and uses an email address that comes from this bank. Or does it?  Look VERY CAREFULLY at this email and then Google the bank to see what domain the REAL QNB Finans Bank uses.


 

Mr. Burat’s email used the domain qnbfinansbnk.com.  But a Google search shows us that the REAL bank in Turkey uses the domain qnbfinansbank.com!  This “sleight of hand” subtle change is CRITICAL to understanding the fraudulent methods used by many scammers!  We then used a WHOIS tool to confirm the fraud.  You can see in the screenshots below that the REAL bank’s domain, qnbfinansbank.com, was registered in Turkey in the bank’s name in 2016.  And it is hosted on a server in Turkey, which makes sense for a Turkish Bank!  However, Mr. Burat’s email address used the domain qnbfinansbnk.com (missing the “a” in bank). This domain was registered anonymously in the US in mid-May and is hosted on a server in Manchester, England!







 

Once we saw through this fraud, we used several tools to assess Mr. Burat’s website and they easily assessed it as malicious!  The alternate Bank domain had ZERO credibility!  We declined to send Mr. Burat the $1850 to pay for a Turkish residence permit!  We encourage our readers to improve their anti-scam skills!  To help you, we have a series of articles about ways to do that and you can find them at the bottom of our website in a red zone called “Build Your Anti-Scam Skills” as well as on the black navbar on the right side of our website.


Daily Scam Home Page


 

For Your Safety
Package Awaiting Delivery and Order Confirmation

An elderly TDS reader is pretty savvy and sent us this VERY malicious clickbait disguised as an email from the United States Postal Service about a package awaiting delivery.

Step away from the ledge!




At first we thought this “Order Confirmation” email sent to us by a TDS reader was another phishing scam, but it proved to be worse. The email came from a domain that was registered just hours before the email was sent! This is a sure sign of fraud! The link also points to another domain that was registered hours earlier in Palau and called “allahgive[.]pw” Palau is a small group of islands in Micronesia, near the Phillipines. Malware waits for you at the end of that link!





Daily Scam Home Page

Textplosion
Claim Your Tax Refund and Text from Turkey

The United States Government will NEVER send you a text about a tax refund! PERIOD!


 

Doug at TDS has received several oddball texts from Turkey. “+90” is the country code for Turkey. (These are unrelated to the advance fee Turkish bank scam described earlier.) However, he’s not alone! Apparently other people are also getting these texts and have posted complaints about them, such as on SpamCalls.net.  If you don’t recognize the source of the text or have any connection to the message or sender, delete!




Until next week, surf safely!
 

Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE


Produced by:
Deutsch Creative
 
Copyright © 2021 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp