Copy
THE DAILY SCAM NEWSLETTER — JULY 21, 2021
Content Director Doug Fodeman | Creative Director David Deutsch | Issue 361


THE WEEK IN REVIEW

We’re thrilled to announce an exciting newsletter collaboration between the creators of Scam Adviser and The Daily Scam!  Beginning on Wednesday, August 4, subscribers of the monthly Scam Adviser newsletter and weekly Daily Scam newsletter will receive a joint weekly newsletter called “ScamAdviser Weekly Review, Powered by The Daily Scam.”

Each week, this new focused collaborative newsletter will inform readers about current scams and threats targeting citizens of the world. It will be heavily focused on educating readers to recognize online fraud and malicious intentions. It is published weekly on Wednesday morning in North America and Wednesday afternoon in Europe. This collaborative effort will include contributors from both ScamAdviser.com and TheDailyScam.com.  Subscribers will have the option to read a weekly edition or a monthly digest version.

TheDailyScam.com began in 2013 with a mission to help people better understand internet-based threats, scams, and fraudulent practices, and learn how to avoid them.  ScamAdviser.com was founded in 2012 and helps consumers evaluate online fraud by rating websites with the Scamadviser Trust Score, an algorithm utilizing more than 40 independent data sources.  

Working together, the “ScamAdviser Weekly Review, Powered by The Daily Scam” will help you feel more confident in your skills to recognize online fraud and threats!

David Deutsch, Doug Fodeman, Jorij Abraham, and James Greening
 



We want to remind our readers how untrustworthy “likes,” “followers” and reviews can be.  Once again, one of our email accounts received an offer to purchase fake YouTube “likes” and “followers.”  For a mere $40, we can purchase 1000 Likes and 5000 video views to promote any YouTube video we own.  Even though this is technically legal, we think it is extremely unethical.  This practice means that the public cannot really trust what we perceive as public interest in the world of social media, or product reviews.  As we’ve said, ad nauseum, it is so easy to deceive others online!



 

“Take Legal Action Against You” Ahhhhh….those 5 sweet-sounding words…. “Take legal action against you!” They are certainly meant to grab your attention. You can almost feel your heart begin to race as you consider whether or not you should “press 1 to connect to the concerned department,” right?  This scam call has been targeting millions of Americans for at least four years, perhaps longer.  One of our relatives received three of these calls (using two different AI versions) in the span of a few hours.  In one of these calls, he was asked to call an untraceable phone number, 786-475-1045.  We’ve put the two recordings together into one audio file.  Enjoy!

Click to hear:

Daily Scam Home Page

 

PHISH NETS
UNLIMITED Phishing Emails and Paypal Phone Phish

One of our readers sent us a VERY artfully crafted and seriously smelly phish we’ve never, ever seen before! The email came from “EMAIL ADMINISTRATOR” to inform him that “you have 11 failed incoming Email…” The email came from a spoofed server name in Germany (“.de” = Deutschland = Germany) The link to “Resolve action” points to an online app at Netlify and contained the man’s email address at the end of the link.  What made this phish so remarkable was that the code on Netlify enabled the phishing page to grab the email  domain name AND logo of every single website that was entered after the @ symbol in the email.  We entered a variety of domains after “youremail@” and clicked the link.  Check out the results we got below!  It even pulled up our own logo and domain name from The Daily Scam!  Very clever, indeed!  We contacted Netlify and they took this phishing page down immediately.




 

A TDS Reader sent us both of these next two PayPal phishing emails, telling her that an “unauthorized transaction” had appeared on her PayPal account for an iPhone. The first iPhone cost $999.00.  If she didn’t make this charge, she was asked to call the scammers at 548-485-5618 so they could manipulate the hell out of her!  Notice that the email didn’t come from PayPal!  It came from a Gmail account belonging to “Ovril Smith.”  Also, the recipient’s name, nor account number, appear anywhere in the email!
 


 

Apparently, one iPhone wasn’t enough for this woman.  Six minutes later she received another email for the purchase of another iPhone for $738.99.  Only this time the email came from a Gmail account belonging to “Nick delledonne” and she was asked to call 712-248-2639 if she wanted to dispute the charge!

Delete!


Daily Scam Home Page

 

YOUR MONEY
Check Your Credit Score and Lowe's Reward Card

Lots of people likely wonder about their credit scores from time to time since that score can influence the ability to get a future credit card or help determine the interest rate on a loan.  Also, FreeScore360 is a company specializing in credit reporting services.  This next email appears to be from FreeScore360 but is actually malicious clickbait using information stolen from FreeScore360.  You can easily see that the email came from a bizarre domain name containing the word “realestate.”  There are two different links in this clickbait, both using the link-shortening service at Bit.ly.  This is very dangerous because you don’t know your final destination until you click, and then it is too late!  We used the tool “Unshorten.it” to see that one Bit.ly link will send us to a malicious domain called hockian[.]com, while the other redirects us to another malicious domain called  seedleafitem[.]com.  Virustotal had no problem seeing that both of these domains are malicious!
 


 









One of our TDS readers gets bombarded by these bogus offers to pay her to take a survey. This one appears to be about a Lowe’s survey, but again, this is malicious clickbait!  The FROM address is a ridiculous Hotmail account!  Also, there was at least 8 inches of empty white space below the email graphics.  When we clicked and dragged our cursor through it we found LOTS of gibberish white text against that white background. Virustotal.com was also able to see through this lie.

This is a BIG FAT DELETE!


 

Daily Scam Home Page

 
 

TOP STORY
A New Twist to Sextortion

We began to publish articles about sextortion emails back in the summer of 2018.  People were bombarded by fabricated emails claiming that malware had been installed on their computers allowing a cybercriminal to take control of their computer camera.  The extortionist goes on to say that he has captured an embarrassing video of the computer owner “pleasuring himself” while watching pornography of underage girls.  Of course, he threatens to publish the video unless the email recipient pays him in Bitcoin. This is obviously a form of blackmail.  It is also a complete lie.  Here is the latest variation...



In this variation, the extortionist provides the full name, email and home address of the recipient. He even includes a phone number which he threatens to post WITH the embarrassing video.  However, the recipient of this bogus threat confirmed for us that the phone number doesn’t belong to him.  Also, to increase the feeling of a personally targeted threat, the attached pdf file uses the name of the victim and the victim is told to use his first and last name as the password to open the file. Here is a screenshot of the text contained in this pdf, after removing the personal details of the recipient:



 

Though this is the first sextortion scam with an attached password-protected pdf file we have seen, there have been many variations of this scam.  In one effective variation, the scammer has found old passwords for people on darknet markets amongst hacked/stolen website data. The scammer then sends this password in the email to his victim, claiming it is proof that he has malware installed on the victim’s computer, recording many things…. Including this password.  Using the victim’s real name, a real  password, or using a correct address is meant to build credibility for the claim about malware capturing an embarrassing video.  However, logic would suggest that the best evidence to convince the recipient of such a video is to send a still shot SHOWING the face of the victim.  This real proof of a video NEVER happens because the video doesn’t exist!  

What makes this bogus extortion threat feel real and believable are several points...

  1. According to various sources, a large percentage of men and women view online pornography. Here is one article of interest on this topic from FightTheNewDrug.org. (Published 10/2020)

  2. Most people rarely update their passwords, and when they do, they choose passwords that are not considered strong.  MOST importantly though, people typically use the same password for multiple websites and online services.  So when one service/website is hacked and passwords are stolen, it puts ALL your other accounts at risk! (Read our article about how to create a set of strong passwords that are also easy to remember!)

  3. Though rare, it has been possible for some malware to take control over the cameras on many different types of computers, tablets and smartphones, including Apple computers!  Here are a few articles about these threats:

 

Keep in mind that online services are routinely hacked and data is stolen! This has included Yahoo, Microsoft Windows accounts, Steam (a gaming community) and Snapchat servers, as well as Macy’s, Marriott Hotels, Lord & Taylor, and Saks Fifth Avenue, for example. Most adults who have had online accounts for at least ten years have probably had five or more accounts compromised by hackers.  You can actually see a list of many of these accounts by visiting the outstanding website called HaveIBeenPwned.com and enter your various email addresses. (Yes it is safe to do this!  And yes, we recommend you do this at least every 6 months!)  For example, one of Doug’s email addresses has been compromised 9 times between 2013 and 2020.  Personal details have been stolen and posted on various darknet markets.

We dug under the hood of that pdf file and learned that it was actually created on June 13 using a pdf creator called SYLD, version 6.39.  This seems to be a really obscure pdf creator and, as far as we can tell, associated with foreign countries like Germany and Sweden.  However, this assessment is based on only a few breadcrumbs we were able to find across the Internet.


 

Finally, we don’t recommend scanning the QR code of any suspicious email because such a scan will automatically send your browser to a scammer’s website. This site may have REAL malware waiting to infect your device!

As we always say, don’t believe everything you read online!  Especially a bogus threat meant to intimidate you into paying extortion money for a threat that doesn’t actually exist!

Daily Scam Home Page


 

For Your Safety
Your Shipment is Still Waiting For Instruction

One of our longtime TDS readers received this VERY malicious email pretending to be from the United States Postal Service. It actually came from a personal Microsoft account and contains a link to the free web service called Blogspot.com.  The Blogspot page contained a redirect that will send you to a malware-laden page on a website in Russia!  Step away from the ledge...






Until next week, surf safely!

Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE


Produced by:
Deutsch Creative
 
Copyright © 2021 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp