Please support our effort by making a small donation. Thank you!

x

August 14, 2019

THE WEEK IN REVIEW

Overall, we have to say that it was a quiet week last week.  It wasn’t scam-free, by any means, but quieter than most weeks.  However, we did hear from many TDS readers that Google searches for Amazon Prime Customer support phone numbers are still badly poisoned.  People are finding and calling scam phone numbers instead. One woman was so angry because it was her elderly grandmother who found and called the criminal gang in India most responsible for this scam. The scammer on the other end of the phone tricked Grandma into going to her nearest CVS to purchase two $500 gift cards and give him the card number information over the phone.  However, her credit card company denied her the second card purchase. So she went home for cash and returned to purchase the second card when the cashier told her that it was very likely a scam. Sadly, her account was compromised with information she was tricked into providing the scammer and used to make nearly $1500 in purchases too.

Two other readers reported to us that they were both tricked into giving scammers the ability to get into their Amazon accounts, change the password and lock them out.  The criminals then purchased gift cards! They made this possible by first giving the “customer support help person” their email address when asked for it. The scammers then used the “Forgot my password” feature on the Amazon login page.  An email was sent to the real person’s account and the criminals pretended that this was a code that was needed to verify who the consumer was. The people who were duped didn’t look carefully at the information in the email. They just read the code over the phone to the scammers who then used it to access the account and lock out the real account owner.  We now have 121 fraudulent phone numbers listed in our article about this scam.

Based on pageviews alone, the other phone call scam that is ringing off the hook at households across the U.S. is still the 2019Cash[.]com money-making scam that sounds like a Ponzi scheme, or worse.  It’s too bad that our government, nor the companies that offer us telecom services can seem to do anything to diminish the tsunami of online and phone fraud.  Quite the contrary, much like ICANN (the governing body of people who make the rules of the Internet naming system and, supposedly, oversee the Registrars who lease domain names), our telecom providers likely make millions of dollars from the criminal gangs who purchase and use their products. That doesn’t seem like much of an incentive to stem the tide.

On another topic, this legitimate marketing email below is just another reminder to readers that it is important to be skeptical about everything you see or read online, including social media.  The price to purchase “likes” and “followers” has become very cheap. We know first-hand that teens as young as 13-years old are making these purchases to “boost” their popularity on Instagram and YouTube.  This, in our humble opinion, is a sad reality of the times we are in.

 


Phish NETS: Discover Card

We don’t often see phishing scams disguised as Discover Card.  We have no idea why but the last one we saw was just over a year ago and reported in our August 1, 2018 newsletter.  This one, quite obviously, didn’t come from Discover.com or Discovercard.com, the legitimate domains for Discover Card.  Charter.net is just another company offering email service to its users. Even the subject line makes it clear that this is a phishing scam! “Check immediately Account !”  The link may look like discover.com but it points a web page on the free web hosting service called Site44.com.  Check out the convincing web page that the criminals built to make it seem like you arrived at your Discover account.  It was EXACTLY IDENTICAL to the real web page at DiscoverCard.com when we visited on August 10, 2019!

 

YOUR MONEY:  Vacuum While Washing and Burn Fat Without Exercise

“Vacuum while washing for a one-step clean!” says this email about this Hoover product. But, as is so often the case, cybercriminals have stolen the graphics and content of another legitimate product in order to create malicious clickbait that will infect your computer with malware.  Notice that this email came from, and has links to the domain floorstep[.]proFloorstep[.]pro may sound official but it is not.  This domain was registered on July 30, 2019, the very same day that this email was sent.  You can see below that the Zulu URL Risk Analyzer says there is an 80% chance this is malicious.  Add 20%!

              

We are absolutely certain this next malicious clickbait was made by the same criminal gang as the Hoover “OnePwr” email above based on the design, coding and domain registration similarities of both.  It’s one small reminder that organized criminal businesses work hard to target netizens around the world, over and over, to make a buck at our expense. They don’t care about the damage, pain or loss they inflict or who they target.  Often, they successfully target the most vulnerable people and people who can least afford it.

This email is simple nonsense.  Whether you believe this is possible or not, keep in mind that it only takes a curious click to land on a web page designed to immediately download and install malware onto your computer.  “Burn fat without exercise” is clickbait to the domain fastestloss[.]pro.  This domain was also registered minutes before this email was sent and the web server hosting this domain is located in Moscow, Russia.  Criminals often recycle this content and the images again and again. They used half of these same bogus photos in a similar piece about weight loss that we included in our June 5, 2019 newsletter. Once again, add 20% to Zulu’s assessment of the risk!

TOP STORY: Your Scam Story

Most people understand the expression “seeing life through rose-colored glasses” as having a very optimistic and positive view of life.  Unfortunately, the lens through which we look at our collective digital lives is anything but rose-colored. Recent stories shared with us by readers from the Caribbean to California to Australia are important reminders that fraudulent Internet and smartphone experiences impact real people in very hurtful ways. Just the other day, one TDS reader told us via email  “for the past week or more I have been getting a daily phone call in which my phone screen shows my husband’s name and our home phone number. I am then treated to a robo-call informing me that several countries have infiltrated my computer.  I don’t listen to the entire message. It’s as annoying as the daily robo-call telling me that because of my excellent payment schedule on my credit card, I am entitled to a zero percent rate. When I have actually talked with someone to verify that they are calling me and I tell the person I have no credit card – I may or may not get a polite response. The phone number that shows on the screen for these calls is never the phone number from which the call originates.”

Readers have often told us that they feel helpless to do anything once they realize that they, or their loved ones, are scammed.  In our opening paragraph, the woman whose Grandmother was conned into buying the $500 gift cards for a scammer told us that she’s called back to that scammer’s phone number over and over, just to tie up his line and annoy him!  That gesture, born of anger and frustration, brought her some small comfort.

Other TDS readers have contacted us to say thanks for the information we post about scams.  Such as this recent message from a man who was able to find our article and avoid an “advance-check” scam disguised as a new job interview via Google Hangouts.

“Man I was so thankful I found your site, so you are really helping to save people from falling for these leeches!“

We opened our virtual doors on August 3, 2014 as a response to having our own friends and families targeted by online scams.  Sadly, some of those scams were successful. In our effort to educate the public during these last five years we know we’ve made a difference in the lives of hundreds of thousands of people and that gives us a tremendous sense of satisfaction, though we know we’ll never really “win.”  We also know that our website has been noticed by online criminal gangs and that they are not happy with the educational resources we provide. Over the years, cybercriminals have tried to hack or attack our website many times! (You can read a little bit about their attempts to take us down in our article Why It Hurts To Be Right.)

We want our readers to know that the most powerful stories we can tell are YOUR STORIES!  We believe that our articles and information are most strongly received and understood because they are real life experiences told to us by people have been targeted by scams.  In an effort to raise greater awareness and encourage our readers to reach out to each other through us, we’re asking you to send us an email to MyScamStory@thedailyscam.com. (or call our phone number; see below.) As always, we will never publish your name or email address, without your expressed permission.  Your message can be as simple or complex as you wish. At the very least, send us an email with the answers to these two short questions:

  1. Have you or an immediate family member ever been targeted by an email, text, website or phone call that you strongly suspected was a scam?  Yes or No?
  2. Have you or an immediate family member ever been victimized by a scam or online/smartphone trick and suffered some consequence as a result? (e.g. loss of money, infected computer, fraudulent credit card charges, identity theft, etc.)  Yes or No?

If you would like to share your story with our readers, send us as much or as few details as you would like.  But most importantly, tell us what type of fraud you or your immediate family member suffered. If you would prefer to share your story with our readers via a voice message, call it into our Google voice phone: 781-990-6161.  (By calling our phone voice mail, you give us permission to publish your voice message.  We will NOT publish any names you may mention in your message, including your own!)

We look forward to hearing from you.

Doug and David

FOR YOUR SAFETY: Just be Honest

To be honest, we can’t find any measurable evidence from our many tools that this email, sent to us by a long-time reader, is a scam.  However, the hair on the back of our collective necks is standing on end and we’ve got this tingling in our feet that says “don’t click that link!”  Here’s why….

  1. Chirotouch.com is a legitimate electronic health records and practice management system designed specifically for chiropractic services to use with their clients.  As you’ll see below, chiropractic service is not the nature of this email. Also, the language used in this email is simply not right, says our collective guts.
  2. The recipient of this email does not have/use/need chiropractic service and never requested any such account.
  3. We’ve used several tools to explore where the links lead when “complete” or “attached inquiry” are clicked and both point to Google.com after passing through other unidentified websites.  This is VERY SUSPICIOUS activity.
  4. Notice in the email that the only words written in red and bold are “PS:// Unzip it before opening.”  This suggests that the link will lead to a downloaded zip file (compressed computer data) that is often used to hide malware.  However, once double-clicked to unzip the compressed data, malware is capable of launching!

 

 

 

 

 


Until next week, surf safely!