Please support our effort by making a small donation. Thank you!

x

March 6, 2019

THE WEEK IN REVIEW

Heartless.  Without any care about who they target or harm, or how much pain they cause.  This is what we often hear from victims about the scammers who target them, especially people who can least afford the financial loss or feel the deeply emotional sting.  Just recently we heard from a pregnant woman. She and her spouse were looking to rent a 3-bedroom house and found the perfect home in a nice neighborhood for a very reasonable price… $800.  Too reasonable, actually. Using Zillow, we found comparable homes in that area going for $1200 – $1400/month.

The young woman reached out to DYER JAMES SHAUN  (Email: dyerjamesshaun “@” gmail.com) who claimed to own the property and had posted it for rent on Craigslist.  He says he now lives in Florida and has the keys to the property with him. He wanted the woman to send a deposit of $600 before sending her the house keys. Dyer said he didn’t have a way to show the house in person and had no representative.  All communication took place over texting. Not a single voice phone call.

Based on this little information alone, our readers can see many “red flags” and so did the young lady who was interested in this house.  Check out these two brief peeks of their text exchanges. Notice in the first text screenshot how the scammer quickly paints a picture that he is trusting and was victimized as a result of his trust.  By doing so, he “flips” the expectations on his victim suggesting that she may not be trustworthy and must prove herself to him by including the deposit before he sends her the key to his home. And in the second screenshot, the scammer tries to brush aside the fact that the house he claims to own has a “For Sale” and “SOLD” sign on it!

 

     

Their communication got to a point where the young woman could no longer ignore so many suspicious and odd exchanges in her conversation with Dyer James Shaun!  Ultimately, the young woman was astonished that someone would try to take advantage of her effort to find a better home for her growing family. She was lucky and came to this realization before losing $600.  Others have not been so fortunate. Don’t try to convince yourself that the facts add up or make sense when they increasingly do not! Also, scammers LOVE text-based communication only and are video-chat averse.  Any excuse why you can’t meet someone in person or over video chat is a red flag!


Phish NETS: TDBank, Paypal, and LinkedIn

TD Bank is amongst the top dozen banks nationwide.  We’re surprised that it has taken us so long to see a smelly phish targeting these account holders. This phish was sent to us by a TDS reader. She easily recognized that the email did not come from either td.com or tdbank.com.  “Urgent Security Update” appears to have been sent from cmn[.]org.  The link for click “Here” points to a website called radi8creative[.]com.  Yet, visiting this link shows a TD Bank login page that is indistinguishable from the real deal!

Deeeleeeete!

This next phish was correctly spoofed to appear as though it came from service @ paypal.com. “Hello, We detected multiple failed log in on your account.  We need your help securing your account to prevent unauthorized access.” The slightly awkward English should raise recipient’s suspicions enough to look carefully at the link associated with the blue button “Log in to PayPal.”  It points to a hacked photographer’s website called tomasmartins[.]net.

This next LinkedIn phishing scam is very multinational….  The email came from a server in Italy (“.it”) with links that point to a server in Kenya (“.ke”), and cite a contact who is a Fellow of the Royal Institute of Management in Bhutan, South Asia!  “You have 3 unread business message from Gloria” Both Kaspersky and Netcraft recommend that we leave those three new messages unread!

YOUR MONEY:  One Cent Sale on Winter Coats and Costco Reward Expiring Soon

We’ve seen our share of varied clickbait but have never seen anything like this crazy clickbait sale.  Women’s parkas on sale for a penny! Does that make any sense? It should come as no surprise that the crap domain responsible for sending this email, jbybq[.]com, was registered in China last June.  Or the fact that the links in this email point to another crap domain vluz[.]cn that was also registered in China.  However, the real issue is that this is just malicious clickbait to an infected computer!  Check out the Zulu URL Risk Analyzer score below.

We used to see these phony rewards emails every week, for months!  And then they dried up, until this week. Now they are back as “Costco Rewards.”  “You have been selected to take part in our anonymous survey about Costco” and earn $50. Not bad for 30 seconds for your opinion, right?    But before you jump in to claim your $50, take a look at what two security services learned about the link in this email to a file located at that ow[.]li website…

TOP STORY: Avalanche of Scam/Spam Phone Calls

If your phones are anything like ours, you have our sympathy.  We’re nostalgic for the occasional scam or spam call of just a few years ago. By 2019 the number of such calls has become a weekly avalanche of pain.  On some days we get as many as six to eight scam or spam calls coming from states all over the U.S. Sometimes the Caller ID doesn’t even identify the state but simply says “United States.”  Many calls hang up after one or two rings, while others don’t even wait for the voicemail box to begin recording the message and we hear half a scam or spam message. We thought we would share just a few of these blankety-blank messages with you.

“Hello, this is Amber in regard to your most recent Eversource bill.  Please call me back with your bill at 413-213-7080. Make sure you have your bill with you when you call me back. Again at 413-213-7080.”

Click here to listen

We found lots of people online talking about this scam phone call such as these threads on 800notes.com and WhoCallsMe.  Never, ever give out your account information just because someone asks for it.  If this were the real Eversource company, they would have your account number!

“Open enrollment has passed but luckily that doesn’t mean you’ll be without coverage this year. New laws in place still allow you to get an affordable health insurance plan from an A-rated insurer at a price that you and your family can afford.  Press 1 now to speak to a licensed insurance agent.”

Click here to listen

Check out this November article in the Washington Post titled “Annoying Robo-Calls are at Epidemic Levels This Health Open-Enrollment Season”  or this warning about such scam calls from the FCC.gov website.

“We called to tell you that there’s a legal enforcement action filed on your social security number for fraudulent activities.  So when you get this message, kindly call back with the earliest possible on our number before we begin with the legal proceedings. That is 281-899-0417. I repeat, 281-899-0417. Thank you.”

Click here to listen

As of our writing, three people had marked this phone number “Unsafe” on CallerName.com.  Also, a Twitter account just tweeted about this new scam call as well.  The TDS reader who sent us this scam call actually got two of them in the same day, though they are a little different.  Here’s the second call but asked you to call a different number… 915-800-8981. Someone posted this phone number as a tax revenue scam on the website FindWhoCallsYou.com.

Click here to listen

And finally, we just received a charity solicitation call from the “National Coalition for Police and Troopers.”  “Randy” asked to speak to the head of the household. He described it as a “Political Action Committee that lobbies to help support officers across the country.”  Randy said they were making their annual call drive that will raise money to help lawmakers promote legislation to punish criminals for committing violent acts against police officers. Randy also said they will be providing some kind of kit of “much needed safety equipment to help keep these brave men and women safe.”  Of course, Randy wanted a donation.

This all sounds like a very worthy cause and noble effort.  Who wouldn’t want to help keep police and state troopers safer?  However, when Doug asked Randy if he could find his organization listed on CharityNavigator.org as a registered 501c3 organization, what do you think Randy’s response was?  He hung up on Doug! Normally, we would have dismissed this call as one of dozens of solicitations.  But the immediate hang up made us curious and so we started to dig into this “National Coalition for Police and Troopers.”  We found a crazy rabbit hole…

First of all, a search for the “National Coalition for Police and Troopers” turns up a single page website called NationalCoalitionforPoliceandTroopers.org that appears to have been registered on August 28, 2018 by the International Union of Police, located in Florida.  The “NCPT” organization lists the following address on their one page website: National Coalition for Police & Troopers, 1549 Ringling Blvd, 6th Floor, Sarasota, FL 34236.  CharityWatch.org shows that this address is the registered home of an organization called the “International Union of Police Associations, AFL-CIO.” CharityWatch.org also shows that this so-called charity goes by many names, at least eight if you include the name Randy used in our call.  However, as we dig deeper into this charity organization, we find a lot of people online are calling these charity organizations a scam.

SmartAsset.com lists the “International Union of Police Associations, AFL-CIO” as the 7th worst charity in America in their May, 2018 article “The 50 Worst Charities in America- How to Keep from Being Scammed.”

WFMY Channel 2 News of Greensboro, North Carolina did a story in July, 2016 titled “What You Need to Know About This Police Charity.”  Though the article focuses on an organization called the “American Police and Sheriff’s Association (APSA),” the reporter in her newscast lists ten other names used by this charity.  Both the International Union of Police Associations, AFL-CIO AND the National Coalition for Police and Troopers are in this list of other names. The key point of the news report is that 94% of all donations go to the salaries and organization raising the money for police and troopers.  Only 6% of the money raised actually made its way to police! (WHY IS THIS EVEN LEGAL???)

We found this blog post from June, 2013 by William Barrett lambasting the National Police and Troopers’ Association as among the scuzziest charities trolling the Seattle region.  He got hold of this organization’s financial documents from 2012 and also confirmed that 6% of donations make it to police. But probably the best analysis we’ve seen about how little of your donation goes to the intended people you want to help, is this blog post by Anne Paddock from February, 2018 titled “Where Does $100 to the International Union of Police Associations AFL-CIO Go?”  Ms. Paddock’s very clear analysis shows that 76% and 9%, accordingly go to the fees, salaries and benefits of the scumbags raising money.  Only 10% makes it to police and troopers they claim to help. The May 3, 2018 comment at the bottom of the article by a former employee of this shady charity organization is also fascinating to read!

If you would like to hear what one of these solicitations sounds like, visit this NoMoRobo web page or this short video posted on YouTube.   We invite you to send us your favorite scam/spam calls!

FOR YOUR SAFETY: Approved Purchase Order Attached

Small businesses are heavily targeted by malicious emails every week.  Here’s a perfect example. The subject line is “RE: Approved Purchase Order” and the sender writes about an attached purchase order as a Word document.  Word documents, like any document, can hold a malicious script while disguised as something else. This is called a “Trojan Horse” after the famous Trojan war trick.  We invited VirtusTotal.com to scan that attached document and it reported that 20 different online services identified the trojan threat contained in that attached Word doc! OUCH!

 

 

 


Until next week, surf safely!