January 3, 2018


Happy new year!  We are proud to say that 2017 was a fantastic year for The Daily Scam and we feel really good about the help we have brought to our readers.  Our page views jumped from 85,000 for all of 2016 to more than 282,000 in 2017!  We have personally helped hundreds of people during the year after they contacted us for advice about scams targeting them online.  We have also given information to local police and the FBI on several occasions to help them in their investigations of online fraud.

It is sad that there is no practical help for people who are being scammed online.   So we do this work because we feel it is so important!  We know firsthand how much pain and loss online fraud can cause because we have family members and friends who have been targeted, just like so many of our readers.  Maintaining our web site, and its many layers of protection against hackers who try to take us down, costs money each year.  Would you please consider clicking the DONATE button at the top of our website to donate $5 or more?  Thank you for considering!

Doug & David.


Sample Scam Subject Lines:

ATTENTION REQUIRED: A weight loss aid supplements backed by visual proof



Get Natural Lower Back Pain Cures

Here’s a gift from us to you!

Highest Rated Mattress By Sleep Experts

Quiet the ringing in your ears in just hours

Make all your wrinkles disappear in no time – Amazing Video

My First Project – 3 Easy Project Plans

PayPal Security


Simply try the H2O Power Cell today. You risk nothing

The Most Realistic Flight Sim On The Market

Sample Scam Email Addresses

Ancient Remedies <ancient.health @ amazingtodaynow-DOT-co>

“Atomic Charge Wallet Deal” <chargewallet @ niceteeth-DOT-com>

Confirmation <confirmation @ walmartholidai-DOT-com>

“Holiday Gifts” <holiday.gifts @ mypharmagift-DOT-com>

“Holiday Vouchers” <holiday-vouchers @ amazngiving-DOT-com>

“Notification Center” <notification.center @ bluesamsgift-DOT-com>

“Notification Center” <notification_center @ samsclubxl-DOT-com>

PayPal Security Department informs <noreply @ paypalmessage26-DOT-ml>

Samsclubcom <samsclubcom @ samsclubholiday-DOT-com>

Seniorpeoplemeet <Seniorpeoplemeet @ yatch1-DOT-club>

“Smart Energy Source” <contact @ getsmartpower-DOT-bid>

WoodProjectDesigner @ gipygrwl-DOT-bid



Phish NETS: Wells Fargo Bank, PayPal, and Blockchain

“We think that someone else might have accessed your online account” says an email from support @ web-DOT-com.  Obviously the email didn’t come from Wellsfargo.com and it also doesn’t contain a shred of personal information to identify the account holder in question!  Mousing-over “Recover account” shows that it points to a shortened link created at bit.ly.  We used our favorite unshortening service, Unshorten.it, to show that this link will send you to a hacked Italian website being hosted in Amsterdam, Holland.  Certainly not the Wells Fargo bank we know!  But look below at how painstakingly identical the phishing site appears!



Would you likely take notice and say “what the…” after receiving this email thanking you for your Paypal payment to Farmville Games for $49.99?  This phish even spoofs the from address to look like it came from paypal.com!  This phish is truly one of the best we’ve seen.  If you read through every word of it you’ll find only one spelling error.  No grammatical errors, errors of punctuation or capitalization at all!  The ONLY real give-away is by mousing over the link for Cancel Payment to find that it points to crap domain zarouikx-DOT-beget-DOT-tech.  The website BeGet-DOT-Tech is a tech support site in St. Petersburg, Russia. Kind of embarrassing when a tech support site gets hacked… Unless of course they are part of the phishing scam group.

Blockchain is part of a network of computers managing the bitcoin currency.  So this email from vagroup.com with subject line “Blockchain Wallet Confirmation Required!” is phishing for access to your bitcoin account. (See fake login below.) Like the Paypal email above, this phish was very cleverly crafted.  Besides a mouse-over pointing to the domain raisoni-DOT-net, the only other content to make us suspicious is the sentence “If the details entered are inaccurate your account will be suspended.” (Details to your account.)  That’s pretty harsh and no service would actually do that.




YOUR MONEY: Sam’s Club, CVS, Walmart, and Amazon

Here’s the perfect trifecta plus one!  These businesses are heavily targeted by criminals, sending malicious emails to our inboxes every week.  First is this $50 gift voucher for complimentary shopping at Sam’s Club.  The email came from the domain endofyearbonus-DOT-com and links point back to it.  This bogus domain was registered by someone named “David Free” on December 26, the same day the email was sent.  We’ve seen malicious emails registered to Mr. Free recently.


In case it wasn’t already obvious, this next malicious email was created by the same criminal gang as the Sam’s club email above, and again registered by David Free. We always marvel at the keen interest this gang has for using $50 as their dollar amount to entice a click.  That amount rarely ever changes.  Whatever.


See a pattern here?  This next scam was also registered by David Free on the day the email was sent.  These criminals have a template they use to create these similar emails, in addition to the file path leading to their malicious software.  If you look at the links revealed by the mouse-over, they contain two random words or names connected by a hyphen like “superseding-striven” and “backspaced-conversation.”

Finally, we’ll leave you with one more artful “David Free” creation pretending to be a “huge thanks from Amazon.com.”  Happy holidays, indeed!




TOP STORY: Never Call Tech Support!

We’re noticing an increase in scam tech support redirects and pop-ups online.  It may simply be our good misfortune to find these rather than any real increase, however we offer three important words of advice to anyone presented with a sudden and unexpected message on their computer screen to call tech support…  DO NOT CALL!   No legitimate anti-virus software will use threats, scare tactics or intimidation and insist you call a phone number.  Not one.  There is no reason for them to do this.  Their anti-virus, anti-malware software will work and block the problem… or it won’t.  Every time you are pressured to call a number, you can be certain it is a scam.

For example, here’s a recent redirect that hit us.  “Call Windows Help Desk Immediately at +1-888-843-1126”  The “Joe Scambait” YouTube Channel has just posted an audio file about this same popup and phone number to call.  He offers instructions to Windows owners how to exit this popup.  He also called the phone number and had a great time speaking to the scammers at the other end as well as berating the guy.   Surprisingly, the scammer stays on the phone trying to have a conversation with Joe Scambait and convince him that the scam is legitimate!  Unsurprisingly, the scammer at the other end of the phone has an Indian accent.  (sigh)

“The following data will be compromised if you continue:

  1. Passwords
  2. Browser History
  3. Credit Card Information

This virus is well known for complete identity and credit card theft.  Further action through this computer or any computer on the network will reveal private information and involve serious risks.”

Right, and we have land to sell you in Atlantis.


The phone number used in this scam, 888-843-1126, is also listed on this Microsoft web page list of scam numbers: https://www.microsoft.com/en-us/wdsi/threats/support-scams


FOR YOUR SAFETY: FedEx Notice, View Messages!

This email may appear to come from Sarah at FedEx International but the actual email address that follows is not fedex.com!  “FedEx No. 19738  We’ve got a new message for you.  An email containing confidential personal information was sent to you.”  Of course you are given a button to click and View Messages.  Clicking that button will cost you dearly.

Now delete.


It must be the week for viewing messages.  We saw several other varieties of malicious emails enticing you with messages, such as the two below.  “Can you send me your picture?” Hell, no!



ON THE LIGHTER SIDE: Special Email From Pope Francis

TDS readers know that we get emails from the most important people!  We’ve heard from Ivanka Trump, Rex Tillerson, the Head of the FBI, and many other political figures from around the world.  Today we are supah thrilled to say that we’ve received a personal email from Pope Francis himself!  That’s right.  We’re tight with the Pope!  Just to prove it was he, he included 2 photos too.  He obviously has an ironic sense of humor because his email came from the domain “church of ill repute” DOT org.  But he’s not a very good speller.  Well, no one is perfect! He wants us to donate money by contacting him via an email at Priest.com.  We see online that lots of “Priests” in Nigeria use this domain.  How heavenly!


From: ” Catholic -Rome ” < uyt8@churchofillrepute.org >
Date: 2017-12-27 01:28PM

francis POPE (1).jpg (60 KB)
francis POPE (2).jpg (87 KB)

Dear Sir /Madam in the lord,

I (Catholic pope francis) humble myself before God and you all to wish you happy christmas season and new year in 2018 .

It is my pleasure to plead with you all in also remembering the poor and homeless children to donating sum of USD,EUR ETC of your various country for the motherless children and also homeless and poor childrent .

If you are willing to help please kindly contact my below email of my department of charity and donation world wide.

EMAIL ID: world.catholic.charity@priest.com

May the peace of our Lord be with you, in the name of the father and of the son and of the holy spirity.. Amen

Thanks and regards
Pope Francis
Catholic – Rome


Until next week, surf safely!