April 10, 2019


U.S. tax filings are due in just a few days!  In case it isn’t already obvious, cybercriminals use this fact to target Americans with malicious clickbait disguised as tax assistance emails.  We’ve seen this trend since we launched our website nearly six years ago! This pattern is similar to the malicious clickbait disguised as Christmas promotions that hits our email inboxes in late November and December.  Here’s an example. Though “Optima Tax Relief” is a real and legitimate service based in California, this email didn’t come from them despite the logo at the top. This email was sent from the domain theacademyplatform[.]com. (A hacked website hosted in Pescara, Italy.)



Speaking of malicious clickbait, here’s a list of a few more that hit our honeypot server in a short period of time.  Often used themes by cybercriminals include health related topics and products, online dating, finances/income and lately… CBD oil!





Phish NETS: Cox, Regions Bank, American Express and Wells Fargo Bank

Cox is one of many Internet, cable TV and related services provider including email.  Here is a phishing scam sent to us by a TDS reader who uses Cox. The email contains at least five punctuation, grammar or other errors indicating that the sender is surely not Cox and likely not a native English speaker.  The link for Cox.com points to a free web hosting service, 000WebHost.com, that is often misused by criminals to create phishing pages. We’re pleased to say that Chrome immediately recognized the threat when we clicked the link! (See below.)



Regions Bank is a financial services company based in Birmingham, Alabama.  Though small compared to national banking companies like Bank of America, consumers of small banks are also targeted by cybercriminals.  This email appears to have come from ebay.com!  The errors in the email are so bad that we can’t imagine anyone falling for this phish.  


Even more incompetent is this phish created to look like a card alert for American Express.  The cybercriminals seemed to be incapable of obfuscating their link or including a misleading graphic.  It’s easy to see that the link is not for American Express and points to a hacked website in Colombia, South America!  (We’ve previously identified malicious emails from the domain “suddenlink[.]net”)


Wells Fargo Bank account holders are fast becoming the highest targeted consumers by phishing scams over the last few weeks.  Check out this alert that came to one of our readers through a hacked Comcast email account. The link points to another shortening service.  When we unshortened the link we discovered that it pointed to a hacked website called BoxTruckStudios[.]com!  Even Google can easily see that this website has been hacked!  So why is there no system set up across the Internet for immediate and automated reporting of suspected hacked websites AND an authority to investigate and deal with them or demand that Registrars take immediate action?  Unfortunately, we know the answer to this question…. The governing body that controls the dissemination of all internet names and numbers, and sets the rules for licensing Registrars is ICANN.  They have demonstrated again and again that they don’t give a damn for the safety of netizens around the world and only appear to make decisions that line their own pockets with many millions of dollars.

Shame on them!








YOUR MONEY:  Burger King Gift Card, 1Tac Water Bottle Money Saver, and Get Your Credit Score

This clickbait disguised as a $100 Burger King Gift Card is actually very funny if you look very closely at it.  It came from a Gmail account and has links that point to a conservative news website that appears to have been hacked.  Look at the unsubscribe notice at the bottom!



“Bottle Water Scam — What You Need To Know Now” says an email from 1tac-support “@” meshusdn[.]world.  This email seems to be from the company 1Tac.com but it is another wolf-in-sheep’s clothing.  The email came from the domain meshusdn[.]world and links point back to it.  This domain was registered on April 4, the very day this email was sent.  Our longtime readers know that this is a dangerous red flag! (Notice the random 2-word directory name found at the end of the link you’ll be sent to if you click anything. That’s a “signature” of one of the most active cybercriminal gangs targeting netizens.)



Last week we wrote about the spam tactics (and possibly malicious clickbait) used by an International marketing service called “Clever Reach.”  We continued to get a few more emails that contained links to them such as this email titled “Get Your Credit Score Now.” These have the hair on the back of our neck standing on end.  Don’t risk clicking this suspicious junk mail!




TOP STORY: Bridal Show Shenanigans

Last week we heard from a young lady named Lauren who is engaged to be married this summer and very excited about this, as you can imagine!  She told us that she had just received a phone call from a caller labelled as “No Caller ID.” No caller ID usually means you should let it go to voicemail.  However, she took the call thinking it was from one of her mother’s friends concerning her upcoming Shower date. Surprisingly, she found herself speaking with a woman who told her that she had been selected at random from entries at a Bridal Show hosted at the Davis Center at University of Vermont.  The caller informed her that she had won a gift card worth $800 for wedding bands, crystal champagne flutes engraved with the couple’s names and wedding date, along with a 3 night stay to a resort in the Bahamas! WOW! Sounds exciting, right? The caller knew her name, email, and obviously her phone number.  

How would you react to this call? We think most people would be thrilled to hear that they had won all of these gifts.  However, that’s not what happened in this story. Lauren was immediately skeptical for one simple reason… She had not attended the bridal show.  Lauren asked the caller “how did you get my name and phone number?” Again, the woman at the other end of the line said “from the drawing that you entered at the Bridal Show.”  Lauren corrected her. “But I didn’t attend that event. So how did you get my name and number?” The caller stammered just a bit and said that someone else must have entered her information for her. Lauren was skeptical and actually asked to speak to the woman’s supervisor.

Once again, the caller stammered a bit and said that the supervisor was not available.  Lauren was undaunted and asked for the supervisor’s name and when would be a good time to call back to speak to him or her.  Again, she got a less-than-satisfying answer. The caller said that the supervisor doesn’t normally call back the people who enter the drawing.  Lauren reminded her that she didn’t enter the drawing.

We were very impressed with the fact that Lauren was skeptical and didn’t overlook the obvious facts about this call. She had the temerity to question the legitimacy of the call and dig more deeply. (Think about how many times we’re asked for personal information and just hand it over.  For example, on the website “HomeExchange.com,” account holders are asked for their birth date. Why do they need that? Most people have no idea how valuable that bit of information is and can be used by criminals to commit identity theft.) Lauren pointed out to the caller that the call felt like a scam and asked the woman for some kind of credentials to support the legitimacy of her winning this Bridal Show drawing.  The woman told her that the rings she had won come from a wedding band company called JVL Jewelry and that she can visit their website. (JVLJewelry.com)

Lauren also pointed out to the woman that her phone rang as “No caller ID” and asked for the caller’s phone number to help her feel the call was legitimate.  She was told that the phone number was “800-80BRIDE” or 800-802-7433. We find an old thread on 800Notes.com going back to 2008 about this phone number being connected to free wedding offers. Someone posting in April, 2018 said that she believed she and her fiance were required to “attend an event” in order to get the “free dinner.”  This sounds a bit like the “free vacations” that were connected to very high pressure timeshare sales tactics. As we follow this rabbit hole deeper by using Google to search for the phone number 800-802-7433, we discovered a Facebook page created in October, 2010 that lists this phone number.  The Facebook page claims to represent a cookware company called RP Health Spectrum. (We found a very nasty complaint against RP Health Spectrum on ComplaintsBoard.com about their misleading and high pressure sales tactics, and a drunken sales rep.) In addition to the phone number 800-802-7433, the Facebook page also provided a link to the website dinner4two.com.  Again, using Google, we quickly found a July, 2016 discussion on WeddingWire.com in which people are questioning the legitimacy of these free dinner offers.  Comments included one from a “Mrs. RATR” on July 11, 2016 who described the free dinner for two as “largely a scam. You have to sit through a really aggressive sales pitch for a couple hours to get anything.”  The sales pitch is for cookware that is overpriced, according to other forum members.

Despite the caller from 800-80BRIDE giving Lauren her phone number and the JVL Jewelry website to add legitimacy to the bridal event award, nothing felt legitimate to Lauren and she declined the caller’s offer.  We conducted a Google search for “JVL Jewelry reviews” and found 4+ star listings for this jewelry store on the WeddingWire.com.  We also found links on the community discussion forum of TheKnot.com saying “beware of JVL Jewelry scam.”  To JVL’s credit, there are many customers saying they are very satisfied with the rings they received.  On the website ShowBridge.com, they list two wedding bands that can be won from JVL Jewelry as door prizes and valued at $600.  But who determines this value and how? In a discussion on The Knot, we find people talking about the low value of the rings (described in cents to a few dollars) as well as the fact that many others have “won” gift cards from JVL Jewelry at Bridal Shows. What seems clear to us is that JVL Jewelry appears to be giving away a lot of these rings BUT you have to pay for the cost of shipping.  And that cost appears to be $25 per ring! People’s comments about the rings are a mixed bag. In June, 2013, a community forum post from “1LuckyEwe” said this…

“I too am concerned it may be a scam. Our rings just arrived and had to have a customs declaration to get across the border (we also got the gift card through a company promo at a local bridal show). The Detailed Description of Contents lists two Costume Jewelry pieces valued at $3.00 a piece. It also says it was sent from a Jose Salazar instead of JVLJewelry (odd). The extra free gift card is also very fishy and makes it look like they only make profit from the shipping charges (I mean, if they give these away at the drop of a hat, how do they actually have anyone pay the ‘full’ price? It seems that everybody here used a card…).  However, it could be legit because listing it at $3.00 may be just be a good way to reduce duty.”

On this Reddit thread from 2017 people are saying they, too, received “free” titanium wedding bands from JVL Jewelry but had to pay $25 for shipping for each ring, and a $20 engraving fee.  There are many positive comments. We are, however, skeptical by nature and wonder if this is really as good a deal as people think it is. Why does it cost $25 to ship a wedding ring? In early April, 2019 we checked with UPS and Fedex to estimate the cost to ground ship a 4x4x4 half-pound box (valued at $25) from California to Massachusetts and found prices ranging from $11 to $16. If the ring is sent via the USPS in a pre-paid cardboard envelope, shipping costs are as low as $7.35.  A quick look on Amazon.com (on April 6, 2019) shows us many different titanium wedding bands are available for sale between $9 and $20. They look beautiful and many have excellent reviews from more than a thousand reviewers. So how does this “free” deal from JVH feel now?

We commend Lauren for not accepting her “prize” at face value, especially when there were so many clues suggesting that this prize may have been nothing more than a clever marketing play at best and not worth the dollars or time she would likely have been required to spend. Many online complain about the hours spent sitting through a high-pressure cookware sales pitch for over-priced kitchen products.  Or the fact that the “free” 3-day vacation has so many blackout dates and restrictions that they couldn’t use it or it wasn’t worth the effort. We all need to think more critically and not take things at face value. Caveat emptor! If you want to read longer threads about these “free” bridal/wedding offers from this shady collection of marketers, read this 2018 thread on WeddingWire.com and this 2012 thread on TheKnot.com.


FOR YOUR SAFETY: Phony Extortion Email

On January 23, 2018 our Top Story was titled “Sextortion on the Rise.”  Since then we’ve heard from other TDS readers who have received threats.  We received threats ourselves!  Below is one more of these bogus threats to expose a video that doesn’t exist, supposedly collected through malware on our computer that also doesn’t exist.  Threats like these can be frightening and they remind us of another series of threats that originated with a criminal gang in Mexico in 2016-2018 (and may continue today.)  Mexican criminals were calling U.S. citizens, claiming to have kidnapped their children and demanding money to set them free. But these calls were lies! The children had not been kidnapped.  The scam became known as the “Virtual Kidnapping” scam. Here are links to a few news articles written about this scam in 2018. And below is a screenshot of the extortion email sent to us recently.

  A Caller Says He Has Your Child and Demands a Ransom

  Virtual Kidnapping Extortion Schemes Targeting the Wealthy

  Houston Woman Heads to Prison for Her Role in Virtual Kidnappings



Until next week, surf safely!