Copy
THE DAILY SCAM NEWSLETTER — FEBRUARY 24, 2021
Content Director Doug Fodeman | Creative Director David Deutsch | Issue 340


THE WEEK IN REVIEW

A couple of days ago we received a very interesting email from someone who identified herself as a woman to tell us “You people have some very inaccurate information and you are hurting innocent people.  In the Bible it's called slander and defamation of character.  Have a good day.”  Assuming she is a real person who is legitimately concerned about some of our work, we reached out to ask for details.  She told us briefly that we were partly wrong about one of our articles concerning Love Scammers, and that we were giving a real person, who had done no harm, a bad reputation.

We want our readers to know that we take our work and investigations VERY seriously!  We will only publish articles for which we have ample evidence to back up the claims we make, or believe in the sources we quote because of the experiences they describe.  In six and one-half years of doing this work, we’ve only been contacted twice with legitimate concerns about content we posted.  Both claims were related to the fact that criminals had misused the legitimate names of a business. Though we stated this fact in our articles, each time someone conducted a Google search for the business, our article about a scam popped up in the first set of returns. The business owners expressed a legitimate concern that the public considered them to be fraudsters because they wouldn’t bother reading the articles.  We agreed and modified the pages.

We reviewed our article about Love Scammers in light of the limited concerns and details expressed by the woman who contacted us.  We completely stand behind the work in this article and, it’s important to point out, she never told us that SHE is represented in any way by photos or information on this page.  We replied to her saying that if she knows someone who appears in photos or is named, and is misrepresented by this article, to please have him contact us directly.

Onto a different thread… Many schools, organizations and businesses have been spear-phished by scammers pretending to be the leader of the organization and asking “for a favor.”  The favor translates into asking the person to go out and purchase gift cards to reward some employees because the said-leader is tied up in a meeting.  The tricked employee is asked to scratch and send the numbers on the gift card to the head of the organization.  We’ve seen this trick tried a dozen times against schools in the last few years.  Here again, is such an email sent to a group of employees at a school.  The Head of the school is a woman named Nancy but this email didn’t come from her personal or school email address!
 


 

During the last week, we were flooded with information about MANY fake business websites pretending to be shipping businesses.  Some of these fake websites were registered less than 2 weeks earlier and others were more than three years old!  We’ve published two new articles about these scam sites because these fake businesses are being used to “hire” American citizens to become mules for moving stolen merchandise or merchandise purchased with stolen credit cards.  Do you think YOU can tell a REAL business from a FAKE business?  Check out:

https://www.thedailyscam.com/package-reshipping-scams-are-like-whac-a-mole/  (5 fake businesses)

https://www.thedailyscam.com/quality-control-inspector-shipping-scams/ (3 fake businesses)

 


Daily Scam Home Page

 

PHISH NETS
Amazon Order Confirmed Today, Microsoft Office 360, and Whatever This is

Unbeknownst to Doug, he ordered an expensive Canon camera through Amazon!  But it is scheduled to ship to the wrong address in another state!  Oh my! But wait, if he calls 808-470-7867 there’s still time to correct this mistake!  No doubt, he’ll have to provide the scammers…. Err, we mean Amazon customer support specialists with his credit card or Amazon account information. This phone number was recently reported as an Amazon phone scam on the website BobRTC.tel. If you were to click the small drop-down arrow next to “to me” in a Gmail email, you would see details of the FROM address.  “order@amazon.com” is actually text in the name field.  The email from which this scam came comes after. 

It appears that “Jerry Seinfeld” sent this scam!


One of our readers sent us this next scam email. Though it is missing the FROM address information and a mouse-over to see where the link “CLICK HERE” points, we’re certain it is a scam. The text is a drop dead giveaway of that!  “Your in-coming Emails were placed on-hold due to lack of our recent upgrade…”  Thank God for their bad English skills!

Now delete!
 




Another reader sent us this lovely email with the subject line “...Significant Message.. !!! 97849”  The text field in the FROM address says “-American-Express-Card” but the FROM address shows a server in Germany.  This fraud was so poorly constructed, we couldn’t tell if it were pretending to be about a Google or American Express account.  One thing is irrefutable… The link for “Resolve this issue now” points to a hacked and misused website for a small hotel in Korat, Thailand.

We’ve notified the owner!



Daily Scam Home Page

 

YOUR MONEY
Mcafee Subscription and Best Buy Survey to Win a MacBook Pro!

This warning that “Your Mcafee subscription is expired...Renewal Notice!!” is malicious clickbait.  Check out the nonsensical domain name that it supposedly came from!  The links in this email point to a domain called flavorswift[.]com which was registered in July, 2020 and appears to be hosted on a server in Dhaka, Bangladesh. 

Step away from the ledge!


Who wouldn’t want to win a MacBook Pro for free, right? All one has to do is take a short Best Buy survey in their “Loyalty Program.” Don’t believe this nonsense!  This email came from the domain packetzany[.]com (which was registered anonymously in late August, 2020) and the links redirect to the domain panjoin[.]com (which was registered anonymously in early September, 2020.) Most importantly, visitors clicking these links will be further redirected to a malicious domain we’ve cited before called namelesname[.]com. (It was registered anonymously in mid-December, 2020.) Does any of this sound like Best Buy to you?


Daily Scam Home Page

 

 
 

TOP STORY
WHY It Is Important to be Skeptical Online

We know, we know!  We sound like a mom nagging, over and over! (Well, at least like our nagging mothers.) But it’s true! You have to be skeptical of everything online because it is simply too easy to deceive others and there are PLENTY of bad actors doing just that!  Here’s a few recent attempts that got our attention…

A year ago we began to publish articles about malicious clickbait or fake businesses posing as information and products related to protecting us from COVID-19. (There are many articles about these scams near the top of our website, including Coronavirus Clickbait.)  These scams have not abated!  Check out this email advertisement for KN95 masks.  It came from a misspelled and inappropriately named domain called mostbeautyfulboy[.]com. And if you look at the directory in the link that follows the domain name, you’ll see that this malicious clickbait was created by the infamous Hyphen-Poopy Gang! (Two random words connected by a hyphen. In this case harms-ratifies)  It’s so important to pay attention to the details of an email!
 


 

Fortunately, the Zulu URL Risk Analyzer was able to identify this clickbait as malicious. When we dug under the hood of this scam, we discovered that this beautiful boy is being hosted on a server in Istanbul, Turkey.  Just the place you imagined getting your PPE from, right? However, were you to click the links in this email, you would not likely know anything malicious happened to your computer because after downloading malware you will be redirected to a legitimate website that sells KN95 masks.







OK, so you can’t trust all sources of PPE to stay safe in this crazy prolonged pandemic we’re all in.  What about Costco?  Can you trust them to ship you the important things you’ll need to sustain you in this pandemic, like peanut butter and toilet paper?!  One of our readers sent us a screenshot of an email (minus the FROM information) with information to track his package.  Except that he hadn’t ordered anything from Costco AND it was being sent to his name at a wrong address in another state! (Sound familiar?) He doesn’t live in New Jersey.

Once again, this is NOT what it appears to be!  The important links, such as “Track My Package” and “My Orders” all pointed to a domain called infobip[.]com.  A subdomain in front of infobip, and the name of a directory that followed DOT-com, were created to make this look like an email tracking service.  This was very clever.  However, we’re absolutely certain this is malicious clickbait because the domain infobip[.]com was registered anonymously in Croatia and is being hosted on a server in Hessen, Germany.  Adding to the cleverness of this is the fact that, were you to click these links, you wouldn’t suspect that you’re being hit by malware because you will be redirected to the real Costco website.








 

Most people have probably heard of the “Who’s Who” directory of professionals.  And whether or not you think these directories are worthless or not isn’t the point.  The point is that this email was sent to a very savvy retiree who knows a thing or two about scams!  She’s been sending us her scam emails for a few years now! (And we are grateful!) Nothing gets past her eyes!

She pointed out to us that this invitation for her to join the Who’s Who of America didn’t even know her name!  And then there’s the bogus domain the email came from and the domain the “Click me” link points to.
 


Finally, in this column of deceitful emails, comes a frightening email that can really raise alarm bells and some people’s anxiety level. The recipient is informed that he or she has malware installed on his/her computer and it was used to capture him/her “pleasuring” him/herself.  If $950 isn’t paid via bitcoin, then the video of said performance will be released to friends, family and colleagues.  

But don’t believe everything you read! This long-winded diatribe is meant to threaten one into believing a complete lie.  None of this is true.  There is no malware on your computer that controls your video camera and has captured your personal activities on video.

And so, once again, like a nagging mama, we urge our readers to be skeptical about everything they see online!  And following that we say…. Verify, verify, verify!


Daily Scam Home Page

 

FOR YOUR SAFETY
Hello Doug

Doug received an email from someone he knows with a Comcast email account.  However, clicking that link offers a quick trip to Russia (“.ru” = 2-letter country code for Russia).  Also the email was sent via a server in Japan!  No thanks, we’re good!



 

Textplosion: We’re Hiring Payroll Clerks!

Know anyone looking for work as a payroll clerk for a company called AXP Payroll, which is supposed to be related to the legitimate company ADP?  One of our readers got this random text inviting her to apply for a job and the hourly rate looks great!  Except that there is no company called AXP Payroll according to Google.

So where does that link point to that is found at the bottom of the text?  We followed it to the free formbuilder site calle Power.io.  Apparently, this job begins by turning over your personal data to the scammers!











Until next week, surf safely!

 

Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE


Produced by:
Deutsch Creative
 
Copyright © 2021 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp