Copy
THE DAILY SCAM NEWSLETTER — DECEMBER 2, 2020
Content Director Doug Fodeman | Creative Director David Deutsch | Issue 328


THE WEEK IN REVIEW

Cybercriminals target netizens with impunity.  It seems that few, if any, are brought to justice and there is little political will by governments to demand more protections for their citizens, including in the United States.  We’ve detailed many ideas on ways that major tech giants like Google, Microsoft and others can do a better job to protect those who use their free tools, but why would they listen to us?  We’ve repeatedly pointed out a remarkable lack of concern by ICANN.org to better safeguard citizens, even though their mission statement makes it clear that they have a responsibility to do so.  Instead, ICANN takes a cut every time cybercriminals purchase crap domains from Registrars who don’t have to care who they sell domains to and what they are used for.  The entire system for registering, buying and hosting domains is deeply flawed.

Why are we angry about this….again?  The bogus email addresses used in these two Nigerian 419 scam emails should be exceptionally easy for Gmail, Hotmail, Yahoo and other free email services to flag as “HIGH RISK OF FRAUD.”  The first email begins with a typical scammer’s greeting of “Dear Beneficiary” and has the subject line “YOUR PAYMENT VIA ATM CARD DELIVERY.”  The recipient is told to contact a Mr. Charles Lucas from DHL.  His email address is listed as dhl_deliveryagent077 @ deliveryman[.]com.  Deliveryman[.]com is a free email service offered by GetMailSpring[.]com.  This free email service provides lots of sketchy domains for email use that are loved and frequently used by scammers!  Another example is “workmail[.]com.”  Another email address offered in this scam is to the Chief Executive Officer of Union Bank of Nigeria.  His email is listed as remittancedept249 @ gmail.com. Why can’t Gmail notice such an email address and flag it for human eyes, or just prevent its use entirely?

In the second Nigerian 419 scam below, you’ll see that the email was sent from ukgovhm @ gmail.com, and the NAME field contains an ALMOST real UK Government email address at hm-treasury.gsi.gov.uk.  The real UK Government domain and subdomains are: hmtreasury.gsi.gov.uk.   

Web browser software like Google’s Chrome, Internet Explorer, and Safari, or Google’s email rules should make it exceptionally easy to identify all of these email addresses as likely fraud and cause a warning to appear for netizens.  But companies that produce web browsers, or free email services don’t offer these types of protections.  Perhaps it is because they don’t have to.  And that is a shame.  We should all expect better of the companies that collect our data in exchange for using their services!

To read more suggestions how the Internet can be made safer for netizens, read our article titled How to Make the Internet Safer for Everyone.


 

Daily Scam Home Page

PHISH NETS
Square Up, Amazon Order Confirmation and Wells Fargo Bank

Square Up is a U.S. mobile payment service centered in California.  This next email was sent to us by a TDS reader who has never used Square.com. It came from a free email service at Kajabimail.net and the links point back to that free service.  It is standard manipulative clickbait to send someone an email and say that there is a disputed charge against them or that their card has been charged.  What makes this particular phish a little more unique and interesting is that the link in it will forward visitors to a bogus website called squarensdispute[.]org.  This site is not associated with the real SquareUp.com.  Fortunately, VirusTotal.com can see that it is malicious!

Just deeeeleeeete!









We have noted in the past that many scam emails inform the recipient they have been charged for something and their order will soon be on the way to them.  Only they didn’t place any such order!  The email offers a phone number to call if there is a problem with the order.  Of course, most people call and are manipulated by the cybercriminals over the phone!  Here is exactly such an email sent to us by a TDS reader. It claims to be about an Amazon purchase for an item valued at more than $1350.  You are invited to call the scammer’s number at 210-200-7919.


 

Wells Fargo account holders are getting hammered with phishing scams for several weeks now!  Here are two more that are very similar.  Links in the first phish point to a website for a business in India and the second point to a blog.  We’ve notified the owners of both services that their websites have been hacked and are hosting phishing scams.  Below is a screenshot of the login page for the phishing site.  You can see that it looks IDENTICAL to a real Wells Fargo Bank page! 

Delete!

 









Daily Scam Home Page

 

YOUR MONEY
Student Loan Forgiveness, Charity Project and Bank Loan Confirmed

This week’s Your Money column looks at a different variety of scams involving money.  The first email concerns student college debt.  It was sent to an older woman with no college debt.  It sounds a bit like a clever advertisement.  However, the email was sent from a generic Hotmail account created with a random string of letters, despite the name “Cyndi Hoffner” appearing in the text field of the email address.  The email offers the phone number 833-271-4504 and an address for “Student Services” in New Mexico.  

The problem is that a Google search for this phone number turns up nothing at all, let alone a business serving student loans.  A Google search for their address at 6300 Riverside Plaza Ln NW quite #118 P.M.B. Albuquerque, New Mexico 79784 shows a single link for a business called “Focus Ventures, LLC” listed as management consultants on YellowPages.com.  This business has no reviews of it and their domain, focusventuresllc[.]net, is a parked domain with no website whatsoever.  

MOST importantly, a search for their address in Albuquerque, New Mexico pulls up four people reporting this email as a scam on 800Notes.com. These people report this scam as using other email addresses and phone numbers such as 866-609-3580.  One writer on 800Notes.com says “this is a scam they trick (you) into resetting your FASFA ID password by asking (you) to provide your email for the acct and (your birthday.) They say (you) should be receiving an email to verify (your) identity with us and ask for the 6 digit code (you) receive. The email is from (your Federal Loan) acct to reset (your) FASFA ID. They are trying to hack your acct.”

This is a BIG FAT DELETE!


 

Our next email claims to be from “The Robinson Charity” project.  The recipient is invited to receive more than a million dollar donation to distribute to the “less privileged people within your community affected by the pandemic…”  A Google search for the “The Robinson Charity” project turns up ONLY information about this scam, rather than any legitimate charity. (For example: StopScamFraud.com and FraudFYI Blogspot.)  A search on CharityNavigator.com for this charity turns up two possible 501c3 candidates but they don't explain why “Lisa Robinson’s” email came from a crap domain in India!


 

This “US Bank Notice” is anything but!  It was sent from a domain called rootsstyle[.]net.  This domain was registered in June, 2020 and is being hosted on a server in Chisinau, the capital of Moldova in Eastern Europe. The links in the email point to another oddball website called tankwelldone[.]com.  Does ANY of this make sense as a US Bank loan?  That’s what we thought!

Daily Scam Home Page

 
 

TOP STORY
Murky Waters of Cam Girls?

Recently, we heard a story from a young man in his late 20’s whom we’ll call Gary.  Gary is single and uses a variety of dating apps, including Plenty of Fish (POF).  Gary found a profile of an attractive woman on POF named “Nancy J Smith.”  Nancy posted her phone number on her POF profile, which is not common practice.  Gary was very suspicious because of that fact.  He tells us that the only women, in his experience, who post their phone numbers on dating apps are either scammers or women selling something.  But Gary is a curious fellow and Nancy was very attractive so he texted her.  Below are two screenshots of part of their conversation.

Nancy informed Gary that she does “shows on cam” and that she was “preparing for a free cam show in a few minutes and I need a guy to view.” Apparently, there are many women who offer live video “shows” of themselves naked or nearly so.  You can imagine the content of their performance.  Gary was HIGHLY suspicious and thought this was a scam to get his credit card and other personal information.  Nancy, asked him to “chill out” and said she would give Gary a promo code resulting in no charge at all after-the-fact.  She just wanted him to “rate” her show so she could climb into the “top models” spot…




 
 

During follow up texts, Nancy tried to get Gary to accept her invitation, create an account on her site and provide his credit card information.  Gary didn’t bite!  He kept playing along, then saying there was a problem with the site’s payment method.  After a brief exchange in which it became clear to Nancy that Gary would NOT be making an account on her site, nor entering his credit card information, Nancy thanked him anyway and signed off.

So why are we writing about this story between two adults, including one who possibly engages in a modern-day variation of “one of the oldest professions” in the world?  Because life online is often not what it appears to be and our long-time readers know this.  We can’t say for certain whether or not Nancy was telling the truth and Gary’s credit card would be charged only $1 and then credited for $1, just so he could rate Nancy’s cam show.  However, we urge extreme caution in these circumstances and here’s why….

  1. Nancy sent Gary an email with the link to her cam show, which required Gary to create an account and enter his credit card information.  The links to her show pointed to a website called hookupsinvite[.]com. This website has a VERY poor trust rating (1 out of 100) on ScamFoo.com, a service that rates sites as possible scams. (see screenshot below. This rating is about a year old and details for the low rating are not provided.)






     
  2. Also important, there are many articles/links online that describe how emails and texts from women online are actually bots designed to trick men into signing up for services that charge their credit cards monthly, or direct the men to other sites that result in affiliate fee charges.  Here are two articles including one from Mashable.com that describes this fraud on the dating app Tinder.

    https://mashable.com/2013/07/12/tinder-scam/


    https://www.theguardian.com/technology/2014/jul/16/tinder-spam-adult-webcams-fake-prostitutes

    Apparently, Tinder is notorious for users to be targeted by scammers.  This article on TheStreet.com first published in March, 2019 but updated in October, 2020, identifies 5 types of scams targeting Tinder users.

    Our advice to readers who are using dating apps should be obvious…. Be skeptical! Be cautious about where you provide your personal information, including credit cards.  And finally, take Gary’s advice… If a woman posts her phone number on her dating profile, stay away!

Daily Scam Home Page

 


FOR YOUR SAFETY
Hello Dear Customer!

“Hello Dear Customer” “Your Amazon account is locked for security reasons.”  says this email that came from sidebarjosbro[.]com.  The “Update Now” button actually points to an address at LinkedIn.  However, looks can be deceiving.  We found that the link will cause a redirect to two different websites on which malware waits for you! 





 

Textplosion: 

The malicious texts continue.  “Your Netflix account will be locked because your payment was declined” includes a link to a domain that was registered just 4 days earlier and is hosted on a server in Hong Kong.
 






Doug is being sent a new PlayStation 5, or so it would seem….

 

Until next week, surf safely!

Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE


Produced by:
Deutsch Creative
 
Copyright © 2020 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp