Feel My Pain!
As we said at the opening of this newsletter, a husband and wife decided to share their weekly pain with us and we’re grateful for their effort. Their effort enables us to help educate our readers! Let’s start with one of several voice messages received by the husband. It is our experience that scam/spam callers rarely leave messages on our phones anymore if we don’t answer. Not so for this man! Here is a call transcript he sent us in which someone is threatening his arrest. He was instructed to call back 415-969-3165 and provide the last 4 digits of his social security number. This phone number has been reported as a social security scam multiple times on YouMail.com last week.
Not to feel left out, the wife received this voice mail the very next day about the same social security scam. She was asked to call 415-969-5865. There are several scams posted to YouMail.com that use this phone number.
On the same day, the husband also received this text from 332-600-2587 informing him of “FEDEX: shipment 74199 notification - shipped!” The link pointed to a website, c7fsv[.]info, that was registered hours earlier and hosted on a server in Hong Kong. No doubt, there is malware waiting on that server intended to infect phones.
A few days later the fellow received yet another text stating an update of his FEDEx parcel 30315, but from 347-331-8897. Except this time the link pointed to a website called e1fcb[.]info. This domain was registered the day before he received this text and is also hosted on a server in Hong Kong.
In the meantime, his wife received this random text offer for reduced car insurance. It came from 651-371-9975 and contained a link to the domain tnpfwvn[.]com. This domain was registered in Panama on October 11 and is being hosted on a server in France. Sounds like a good old-fashioned American car insurance company, right? Especially with an offer of $39/month! We don’t think you can insure a sit-down mower for that money! By the way, you’ll see that the woman was invited to “Reply END to unsubscribe.” NEVER do that with scam texts! It only confirms to the scammers that you pay attention to their texts and so they will send more!
In the meantime, the husband gets another lovely voice message on his phone. This time from “Jen Rivera” calling to say that the fellow is pre-approved for a $52,000 loan. He’s asked to call her at 888-891-2172. We found lots of people on 800notes.com complaining that this was a scam because they all had received pre-approval for a $52,000 loan from Ms. Rivera but none of them had applied for a loan! We also found this phone number associated with a loan service located at creditservices[.]cc (domain regisered in the Cocos Islands). This domain was registered about 10 months ago but what was MOST concerning was the fact that both the Zulu URL Risk Analyzer and Virustotal.com found malware sitting on that website on the very web page about personal loans. I guess you can’t believe everything you read, including what came back from a Google search for this personal loan service… “Credit Services is the leading personal loan service provider.” Perhaps it should read “Credit Services is the leading personal loan service malware provider.”
We’ll close out this snapshot of pain with a final text, sent again to the husband at the end of the week, saying that his package was returned to the warehouse. The text was asking him when he wanted them to try to deliver it again. This time the link pointed to a website called yourpackage[.]info. This to-the-point domain was registered just two days earlier on October 15 in Panama and was being hosted on a server in Hong Kong. The website OnlineThreatAlerts.com posted this particular text as a scam on the same day the man received it. The man, thankfully, never clicked on any of these links. ‘Nuf said.
Keep in mind that all of these are just a sample of the scams and malicious messages sent to this couple over the course of a week. They are both pretty fed up about it all.
We feel your pain!
Daily Scam Home Page