Copy


THE WEEK IN REVIEW

The word “scam” can be defined in various ways and in today’s complex world of digital communication even legitimate businesses can be described as having deceptive practices. Take, for example, this email we received from the business Alignable[.]com.  The email claims to represent a real person who works as a salesman for a car company whom we are certain is a real employee of the company.  We don’t personally know this person or have any connection to this person EXCEPT that we once received a Linkedin invitation from his account back in 2018 which we declined.


 

This salesman presumably says that he wants to be able to refer customers to us and so we’ve been added to his people network on Alignable.  All we need to do is accept this invitation. There are several problems with this email that lead us to believe it was more likely Alignable’s software sending the request from a contact list or Linkedin account than the actual person….

  1. We are not addressed by name

  2. We don’t have customers!  We don’t sell any products.

  3. Why would a car salesman want to refer customers to The Daily Scam?

  4. We don’t know this person at all 

  5. Though we’ve chosen not to show the business name in the email, we found it odd that this person misspelled the name of the auto business he is employed by.

The very next day, as our 24 hour invitation was about to expire, we received the following email from Sara at Alignable…
 


 

While this may seem considerate to some that Sara has extended our invitation, we’re skeptical because we see more things that simply don’t make sense to us.  

  1. Again, we’re not addressed by name

  2. Ashburn is not in the same state where the person who sent us the invitation is employed.

  3. We’re not located anywhere near the two states where there is a city named Ashburn (Georgia & Virginia -- this email doesn’t make it clear which Ashburn it represents!)

  4. Why would any business claim to limit the number of businesses who can join?  (And we’re completely skeptical when someone says “due to demand in your local area…”)

Alignable appears to be a legitimate online business.  However, we feel that their marketing practices are very deceptive, and we’re not alone.  The Better Business Bureau has given them the lowest possible rating: F.  We read 19 comments at the BBB.org website.  Our advice? If you get emails like these, reach for the delete key.

Ever wonder how a professional “love” scammer targets women?  We first wrote “I Love You, Bail Me Out” in July, 2019 after a woman contacted us about a man she met online. He called himself “David Aapro.” Five months later, a different woman found that article and believes that she was nearly scammed by the same man.  But this time the man called himself “Anthony Fausberg.” After some digging, we believe that David/Anthony has used several aliases to scam women. Read our latest article about his exploits… I Love You, Bail Me Out Again! 

Fake Amazon customer service robocalls are still targeting Americans.  Most often, the AI voice claims that a suspicious charge has been made to your Amazon account and you are asked to call a number to speak to Amazon customer support.  The call may be spoofed to appear that it comes from the REAL Amazon customer service number but that’s not the number you are asked to call! This recent message asks you to call 424-207-1039.  Helpful sites like Robokiller and 800notes.com show lots of people reporting this number as a scam call. 

Beware.


Daily Scam Home Page

PHISH NETS
Amazon, Netflix and Cox Communications

One of our readers sent us this email that showed up in her account claiming to be from Amazon. It clearly has many red flags showing that it is NOT what it claims to be, including incorrect grammar.  We opened the attachment (after making sure it didn’t contain malware) and you can see a screenshot below revealing where the link points to. Of course, it doesn’t point to Amazon.com! And also notice that the pdf letter doesn’t even identify the name or Amazon account of the person whose account has supposedly been compromised!





 

The link in this phish looks like it points to a t.umblr.com web page but hidden in that link is a redirect to the domain parg[.]co.  As VirusTotal informs us, parg[.]co is a VERY malicious website!




NOTE: Last week’s top story was titled “Day Old Domains.”  This malicious Amazon mimic was sent from the domain adminponaski[.]com which was registered just hours before the email was sent…



 

Fortunately, this next phish is an easy fraud to spot.  The email address following “Netflix” is melanie “@” brunet[.]bn and was sent from a server in Brunei! (“.bn” = 2-letter country code for Brunei)



Want to visit Russia?  Then click the link “ACCOUNT VERIFICATION” found in this email that was sent to a Cox Communications user about a “Reactivation notice.”  Notice the 2-letter country code in the link revealed at the bottom of this phish…. “.ru” = Russia!




Daily Scam Home Page

 

YOUR MONEY
Amazon & Costco Survey Rewards, Gucci Belts

Here’s an important safety tip....Don’t take any online marketing surveys that claim to represent ANY company!  We see hundreds of malicious clickbait disguised as reward surveys all the time, such as these two that pretend to be from Amazon and Costco.   

The Amazon clickbait has subtle grammar errors in it but most importantly didn’t come from Amazon and doesn’t have links pointing to Amazon or any legitimate marketing firm.  The link points to another link shortening service. The Zulu URL Risk Analyzer saw right through this BS.

 






The graphic in this next email pretending to be about a Costco survey has been reused over and over by the criminal gang who first created it.  (We don’t even need to look at the email source or embedded links anymore to prove malicious intent. The graphic says it all!) By the way, the malicious links in this email point to a misused account with Amazon’s web services. (Look at the very bottom of the email. We have no idea what “juicy recordings” are but we’re intrigued!)


 

We assume that most consumers are familiar with the term “Chinese knockoffs” (Visit Wikipedia’s definition) Some folks even knowingly buy counterfeit consumer goods because they are cheap and look so much like the real deal.  And so, this email may intrigue some consumers to go online to visit the website topbuy[.]online to purchase a Gucci belt for $19.99 that is, at best, a Chinese knock-off.  (For the record, we did not visit the website but used a screenshot tool to take a photo of it remotely.)






However, visiting that online store could be VERY RISKY!  It is quite possible that this is just a social engineering trick that could result in a malware infection or to gather your personal information including credit card.  Our prior experiences show us that websites that are newly created are often used for malicious purposes. Our WHOIS lookup of topbuy[.]online informs us that this domain was registered in China less than 2 months ago and the domain is for sale!  Does this sound reputable to you?


 

Daily Scam Home Page

 
 

TOP STORY
A Walk on the Whild Side

In 1972, Lou Reed wrote his song “Walk on the Wild Side” that has become part of a generation’s subculture.  Our very lame play on words is born out of a series of emails received into one woman’s inbox who was, very thankfully, smart enough to recognize them as malicious.  Let’s begin her wild journey with this email that appears to be from Capital One Bank to invite her to take a survey and receive a $50 reward! (OMG! Another malicious survey!)  The email came from ---wait for it---- support “@” whild[.]org.  Though our favorite WHOIS tool says that whild[.]org was registered back in June, 2019, it also says that the domain is hosted on a server in France. However, the links in this clickbait point to the domain meetinal[.]com and we see that this oddball domain was registered just 4 days earlier AND the address listed for tech contact doesn’t exist on any map!









Let’s take another walk on the whild side, but this time with a CVS survey!  Once again, the email came from whild[.]org and this time the links point to a bizarre domain called zbe-leasthurch[.]com which was registered 25 days earlier and also lists a street address of the Registrant that does not exist in Jackson, MS. (The address listed is for the tech contact on the registry information.) No matter, you won’t be visiting zbe-leasthurch[.]com for longer than a nano-second before you are redirected to the website pondepri[.]com.










Have you had enough of the whild side yet?  We’ll close out this lame disc spin off of a fabulous Lou Reed song by leaving you with just one more malicious survey pretending to be from U.S. Bank. By the way, it first sends you to an oddball website hosted in Amsterdam called andayouper[.]com. But then you will quickly be redirected to pondepri[.]com again! We’re not going to dip our toes into that pond for fear of hitting some nasty “Pond debris.” (Yes, we also tell horribly lame dad jokes to our kids.)






Daily Scam Home Page



 


FOR YOUR SAFETY
Invoice for Remittance


Not all email services are created equally and offer the same protections against spam or malicious content.  Here is an email sent to one of our longtime readers (and frequent contributors). We’ve opened it in a generic webmail account.  The email claims to be a remittance for payment and includes the invoice as an older version Word document. That is immediately suspicious to us but our webmail program doesn’t take any issue with it...




Here now is that same email as it looks in one of our Gmail accounts. Google detected that the attached document contained a malware script!  We’ve heard complaints from people who use Yahoo, Hotmail, Comcast and Cox email accounts that they allow a lot of malicious spam to enter their inbox.  While we cannot quote any definitive statistics to make those comparisons, we can say that Gmail appears to us as providing the best protections against malicious content.



 

Until next week, surf safely!

 

Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE


Produced by:
Deutsch Creative
 
Copyright © 2020 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp