December 5, 2018


We have the BEST news to share with our readers!  In our four-plus years of exposing online fraud and educating readers, the worst scam we have ever documented has been the “underage girl sext” scam. Since 2016, more than 650 men have contacted us about this scam and we know that thousands more have been targeted. One man committed suicide as a direct result of this scam in December, 2016, according to his mother with whom we spoke.  Many other victims have considered suicide because their perceived consequences are so devastating. On November 28, the Navy Criminal Investigative Service (NCIS) announced that it was charging 15 people for successfully targeting hundreds of military men with this scam.  And guess what?  THE MEN PERPETRATING THIS CRIME WERE ALREADY IN A SOUTH CAROLINA PRISON!  TDS is thrilled to report that we turned over lots of data to the FBI about this scam and hope that it helped lead authorities to these criminals.  We don’t expect these scams to stop, but we’ve already seen a significant drop in the number of men reporting it. To read about this scam, visit our feature article Plenty of Fish Has Plenty of Sharks.

A common tactic of those who try to target us is to find a way to engage their target.  Even a negative response is a response. We always urge readers NOT to respond, NEVER click unsubscribe, and remain very skeptical of strangers who contact you across the Internet or unrecognized phone numbers and texts via your smartphone.  Here are two small reminders from TDS Readers sent to us last week…


“To STOP receiving these emails from us Just hit reply and let us know” says this email from “Douglas.”  It’s so important to learn to recognize 2-letter country codes. This unsubscribe email came from a server in Brazil, through another server in Russia.  And if we were to reply to this message, our reply would be sent to many email addresses in three countries!


“Hey , I wanna talk To you …” “DO YOU WANT ME TO KEEP CONTACTING YOU”

Just delete this BS!



Phish NETS: Netflix, Discover Card and M&T Bank

People don’t often realize that many types of online accounts can be monetized if a criminal gains access to them, including a Netflix account!  If you have a Netflix account, you have a credit card connected to it! Check out this email from “info[.]com.” “We’ve just detect unauthorized login from unknown user in Moscow,Russia using your account.”  A mouse-over of the “Login to my account” points to a website in the Czech Republic! (“.cz” is the 2-letter country code for Czech Republic) Don’t be fooled by that fake but authentic-looking login page!



This next phish was pretty lame… “As a security precaution for your Discover account, Please verify the temporary identification form prompted:”  However, the email came from the domain xmas[.]net!


M&T Bank is a financial service in nine states with hundreds of branches.  This email didn’t come from them and the link points back to a web page on the free hosting service called 000WebHost.  This free service is often used by criminals to post phishing pages.

Another big, fat delete!




YOUR MONEY: World Company Registry and Free Psychic Reading

Over the years we’ve seen many “vanity scams” targeting professionals with an invitation to join some elite group or to be listed in a “Who’s Who of Professionals.”  Sometimes these scams target business owners with an invitation to be listed in a professional publication such as this “World Company Registry” for 2018-2019.  Notice in this invitation that “updating is free of charge” but that doesn’t mean that entering is free of charge! The attached “form” was a very low resolution graphic file.  Look carefully at the paragraph at the very bottom of the form. The lines in it are purposely tucked up against each other and the resolution is so poor to make it extremely difficult to read.  But hidden in that paragraph are conditions saying that your signature is a legal agreement to pay them 995 Euros for entrance into this registry!

What’s more, this email’s FROM address says “Global Company Register” BUT the email appears to have come FROM Hagen Ford, a certified Ford dealership in Michigan!  And your reply will be directed to a domain (wb-l[.]top) that was registered last April.  This particular scam has been going on for years!  Here are just 3 of many links referring to it:


It’s hard not to smile when we think about someone offering to give us life-changing advice BECAUSE he or she claims to be a psychic.  But apparently there are people who believe in psychics and it has cost some of them dearly, such as this woman who very recently lost $12,000 to a psychic.  This “psychic” convinced her victim that she was carrying a curse from a former life as a mute Egyptian healer! (**sigh**)

Checkout this email for a “free psychic reading” by Chris Voyance.  Whether or not you believe that Mr. Voyance is a real psychic or a fake is not the point.  The point is that this email is just clever clickbait. It comes from, and has links that point back to the domain jobscout[.]club.  This domain was registered in Panama on September 28, 2018 and a Google search shows that there is a domain by this name but no website.  Also, using Google’s Site Command to search this domain, we cannot find anything at this domain when we search for Chris Voyance, psychic, or astrologer.  We may not be psychic, but we can see far enough into your future to know that you’ll end up with malware on your computer if you click that link!




TOP STORY: What Do Trump & Santa Have in Common?

Do you think you know what Donald Trump and Santa Claus have in common?  Could it be the red tie and red suit? How about that one of them gives gifts to children and the other gives gifts to billionaires and corporations?  Or that each one is famous for emitting a deep, loud roar… “Ho, Ho, Ho” and “You’re Fired!” Nope! What they most have in common is that they are often used as clickbait to online scams, fraud and malware!

The Christmas season is in full swing so let’s start with these annual invitations for parents to purchase personalized letters from Santa to be mailed to their children.  Except that these are not real, er.. We mean real fakes, not really the real fake Santa letters… This email came from the domain technogroovy[.]com and has links that point back to the crap domain focusedreality[.]stream.  The Zulu URL Risk Analyzer gives it an 80% chance that it is malicious.  How do you like those odds?




And then we received this “Make Christmas Magical for a Special Child!” email from the website launchcentro[.]com.  According to a WHOIS lookup, this domain was registered just 9 days before this email was received.  The email claims to have a “very special surprise” that they offer to their customers.  At least they are telling the truth there! (We also found images of “Payday Loans” on their web site.)


Now what about our esteemed President?  Here’s an email that seems to be a newsletter from “Roger” but comes from the domain healthypupil[.]com.  Google can’t find that website at all and it was also just registered via a proxy service in Panama nine days before this email was received.


And last, but not least, we offer this exciting email from Victoria for FREE MONEY, according to a tweet from Trump.  The email was sent from the domain dern[.]info, which was also registered in Panama just three weeks ago on November 8. “Your check cannot wait any longer.”  “Click now and see how to claim your Trump bonus check.” The links in this email actually point to a real live web page at visionmiracles[.]stream….




However, before you get too excited and click “Click to Play” for your “Trump Bonus Checks” you should know that the domain visionmiracles[.]stream was also registered by a proxy service in Panama, though it happened in January, 2018.  In fine print at the bottom of the email, we’re informed that this content belongs to “Seven Figure Publishing, a Division of Agora Financial, LLC.”  If that isn’t true, then we have a lot to worry about. And if it is true, who is Agora Financial? According to the Better Business Bureau, they are a financial services firm with at least 286 complaints against them as of December 2, 2018, including many people who complain they got hit with unauthorized charges from Agora Financial.  Agora Financial also has the special privilege of having an article written about it on the website gives Agora Financial a 1-star average from 17 reviews, with the latest complaint describing Agora Financial as “a huge scam boiler room that employs liars, crooks and clowns to pitch fear and greed while running penny stock scams.”

Poor Santa Claus and Donald Trump.  At least they can share a hot cocoa and commiserate about the misuse of their names.



FOR YOUR SAFETY: Adobe Flash Player and Fedex Delivery Problems

As long as Adobe Flash has existed as a downloadable add-on for computers, criminals have used fake notices to update your computer as a way to install their nasty malware.  Here’s another one sent to us by a TDS Reader… “Security updates for mac Adobe Flash Player is available for download.” This was meant to appear as part of an Apple computer newsletter.  Fortunately, it was easy to see that the email did not come from Adobe or Apple, and links didn’t point back to either of them. The email and links came from shopforever[.]eu!



Fedex is also often used as clickbait to malicious software since so many people expect to receive packages through this service.  Take this “delivery problems notification” email that came from “Natalie.” We liked her choice of words to get you to click the link, before looking carefully at the FROM address or where the “view details” link pointed… “confidential personal information was sent to you.”



Until next week, surf safely!