In our January 8, 2020 newsletter Phish Nets column, we exposed a bizarre “unsubscribe” email that was designed to collect and send your email address to a server in Lithuania.  We have since received two more of these bizarre emails, disguised as another generic “unsubscribe request” and also as a “private hook up message” from a woman identified as “Lina.”  Were you to click subscribe or unsubscribe, your email address is sent to six different web domains, nearly all of which are sitting on the same server in Lithuania.

Just delete!

Since 2016 we’ve reported many scam calls informing people that they have won $25,000 or an SUV.  This scam call from Todd, Alex, David, Erin, Brett, Jenna, Katie and others, and also morphed into a holiday cash giveaway without the car.  This scam call continues, this time from Mandy. Based on information provided by TDS readers, we believe this is all a shameful marketing trick to get people to sit through a high pressure sales event.  Since late October through early January, at least 34 people have reported this scam call from phone number 844-631-9230 on the website and 11 more people have reported it on That’s at least $1,125,000 supposedly given away!  Here’s a recording of Mandy telling us that we’ve won $25,000. Lucky us! (Read more about this scam and listen to many more recordings in our feature article.)

Daily Scam Home Page

Microsoft Account Security

We didn’t realize that Microsoft email services were based in El Salvador, at the Ministry of Health’s web server.  That’s where this next email came from, though the FROM address starts with “Microsoft account team.” We LOVED their message!  “Kindly note that all unverified and outdated E-mail account will loose their account if not verified and updated within 24hours.”  Clicking either the link to “Review activity” or opt-out will take you to a phishing page on a server in Columbia. How very South American of them.

Daily Scam Home Page


CVS Rewards and Surveys

“Happy New Year! Your CVS Reward has Arrived!” says this email from chumis[.]com and claiming to represent a CVS Loyalty Rewards Partner.  This is a pack of lies. There is no $50 gift card waiting for you after a 2019 30-second marketing survey! (Apparently, these idiots don’t know that it is now 2020.)  The domain, chumis[.]com, was registered on December 28, just 10 days before it arrived in one our honeypot email accounts.

Cybercriminals are obviously targeting CVS customers!  Here’s another recent malicious clickbait that came from the oddball domain PavedFirmat[.]space with the subject line “We have a surprise for CVS Shoppers.”  You got that right! The links in this “Limited Time Opportunity” all point to the website digitaloceanspaces[.]com.  We learned that the landing page at digitaloceanspaces[.]com will actually forward you to another oddball website at fapkap[.]com. Five different services all found fapkap[.]com to be completely malicious! 



Daily Scam Home Page


Day Old Domains

As a result of analyzing online fraud and malicious content over many years, there are several truisms that we know are never wrong.  One of them is simple…. DAY OLD DOMAINS ARE MALICIOUS!  

A domain is the name purchased from a Registrar, such as GoDaddy, that will be used to represent a website.  It is possible to purchase and hold onto a domain name without putting up a website. That practice is called “parking.”  There are lots of parked domains, some for resale by the domain owners. But most domains are used to represent a website and “name servers” learn where to point people when they click a link to get to your website because that domain name is registered and associated with an Internet address. (IP address)

Here is an example of what we mean by day old domains…  “Do you suffer from yeast infections?” This email, sent from newsletter “@” sellergo[.]info, wants to help by offering a trial to a supplement from Nutra Prosper called Fresh Flora. Except that this email didn’t come from the manufacturers of this supplement! [NOTE: TDS is not endorsing Nutra Prosper or Fresh Flora supplement.  Consumers would be wise to do their “due diligence” and read reviews from legitimate websites about this unregulated product.]

We visited a WHOIS tool to see when the domain sellergo[.]info was registered.  Unsurprisingly, we learned that it was registered in India the day before we received this email. (See the screenshot below.)  Legitimate businesses often register their domains months, and even a year in advance of the appearance of their website. One example is the domain  We knew we wanted that name for our website and registered it in late March, 2012. However, it took us more than a year to build our website to accompany that domain. Building a good website takes time.  By contrast, when people are contacted from, or receive links to domain names that are a day old or even just a few weeks old, those domains (and any website found there) are automatically suspicious!


Here’s another example... And we want you to practice using a WHOIS so you can see how easy it is!  Check out this email from “Gwendolyn” about a new position available at Apple Computer, or so it seems.  It’s important to look at BOTH the domain name that follows the “@” symbol of the FROM address, as well as the domain that appears when you mouse-over the primary link(s) in the email.  On January 6, this email came from the domain containdeadly[.]club and the links point to another domain called eveninglog[.]site. 

While there are many WHOIS tools across the Internet, some are better than others.  Our favorite tool is ( limits the number of lookups you can make in a day unless you register for an account. You also may have to check the “CAPTCHA” that reads “I am not a robot” to prove you are a human being.) Visit and enter the domain names from the previous paragraph WITHOUT brackets around the periods.  Look for the date that the record was created! How do these dates compare with the email going out on January 6?

Hopefully you’ve discovered that both domains were registered less than 24 hours before this email was sent!  Criminals have a short window to misuse domains before they are identified and shut down or blacklisted. That’s the primary reason why they rely heavily on newly registered domains as a means to infect people’s computers.  Keep in mind that this does not mean a legitimate and older website cannot be hacked and used for malicious purposes! It happens all the time, but it is harder for criminals to hack a website than it is to register a new malicious domain.

Think you’ve got it?  Here’s one more example for you to try your skills using a WHOIS.  The subject line in this email is really strange… “What strangers are thinking when they see you.”  It’s about body shaming and trying to manipulate people who are overweight to click what they think is a link to a YouTube video.  However, the link points to the domain softwin[.]us.  This email hit our inbox on January 3, 2020.  When was the domain registered? (See answer in the screenshot below.)  And in case there was any doubt, the Zulu URL Risk Analyzer tells us that there is an 80% chance that the links in this email are malicious.

Daily Scam Home Page


FINAL WARNING! (When your extortion threat is a bluff.)


We have written two feature articles about fake extortion threats by someone who claims to have embarrassing video of you because they have installed malware on your computer and turned on your camera without you knowing it.  This threat can be extremely frightening, and even more so when the anonymous sender shows you one of your passwords you’ve used as proof that they’ve monitored your computer. But it is all a hoax, though a clever one!  Read our articles to understand how these bastards pull off such a clever ruse.

Until next week, surf safely!


Forward to Friends

About Us
Contact Support
Manage Subscription


Produced by:
Deutsch Creative
Copyright © 2020 The Daily Scam, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp