July 3, 2019

THE WEEK IN REVIEW

Feast or famine.  Honestly, that’s what it sometimes feels like in our weekly scam reporting.  Last week we had uncovered enough malicious chicanery that it felt like we could have filled two weeks of newsletters.  Not so this week, in general. However, we have been hearing from many people about advance-check scams disguised as companies hiring through text interviews in Google Hangouts.  We now have more than 74 fake jobs posted in our article about this scam!  It’s all just a sophisticated ruse to send you a fake check and then ask that you keep some of the fake money and send your real money to the scammer!

We also added a list of 51 fake “shipping” companies that people have identified as scams in our article about Package Reshipping scams.  These were companies posted on an Indeed.com discussion board since early January, 2019. These “companies” hire people to receive, relabel, and reship stolen merchandise or merchandise paid for with stolen credit cards.  Some people are actually paid by the criminals, while others are promised payment at the end of the first month but get nothing, only to discover that the company has disappeared. Read about Package Reshipping Scams.

 

Happy fourth of July to our American readers!
Beware of clickbait disguised as July 4th celebrations or discounts.

 

FOOTNOTE 1: Interested to buy shoes from an online retailer?  Be careful where you shop! Read our newest article about “Victorious Shoes!”

FOOTNOTE 2: Bitcoin, the most famous digital currency, has been getting a lot of attention lately because it rose to a value of $11,905 US Dollars on June 29, more than a 55% increase since June 4.  Such a crazy increase in value is, of course, going to lead to online fraud as more people consider purchasing this very volatile currency for investment purposes. (We don’t recommend it unless you have money to burn!)  Such is the case in this very multilingual email a TDS reader sent to us from ClaimCashTransfer “@” list[.]info.  It is total malarky!  The shortened “payment link” for “Access Fund Transfer” will first send you to a server in Brazil which then redirects you to a website called TheBitcoin-Wealth[.]com, which the Zulu URL Risk Analyzer has identified as 80% chance of being malicious.  How’s that for being volatile?

 

 

 

[hr_invisible]


[hr_invisible]

Phish NETS: Hilton Honors Amex Card Application and Build A Container Home

One of our longtime readers sent us this phishing trick meant to collect LOTS of your personal information. Disguised as an offer from Hilton Hotels and American Express, this scam was so cleverly crafted that we couldn’t open the hood and dig into it to find out where it sends all your personal data.  There were only two signs to indicate that it was malicious clickbait…. The fact that clicking the link downloaded a set of files including javascripts (instead of sending you either to Hilton’s or American Express’ website), and the fact that this email came from an email address at the domain technocks[.]com.  Technocks[.]com is a parked domain with no existing website.

 

 

And now for something completely different in the phishing realm…  Hang with us here, though you are welcome to roll your eyes. One of our readers sent us this ridiculous claim that we were certain was malicious clickbait intended to infect your computer with malware.  “NASA’s Secret Funding Revealed” and tells the story of a 56 year-old teacher from Tennessee changing the world. Everything about this email screamed CLICKBAIT, especially the “watch this immediately” link all in caps.

 

However, we were surprised when Sucuri.net told us that the clickbank[.]net link will send you to a website called BuildaContainerHome[.]com where you can “turn your dream into reality” by paying only $47 (for a limited time and only offered to the next 6 customers before the price goes back to $247) to download the detailed plans for building one of these things.  However, according to BitDefender, this site is a ruse to collect your credit card information! Darn. We were really intrigued by the idea of building a container home!

 

[hr_invisible]

[hr_invisible]

YOUR MONEY:  Ink / Toner Offer and Amazon Shopping Survey

This next scam clearly falls under the category of “too good to be true!”  NOT ONLY do they offer compatible ink cartridges and toner up to 85% off, but you’ll also receive a FREE iPad or SmartTV with your order!  That’s right, order $50 or $60 dollars worth of ink and get a new iPad or TV. Yeah, right. And we have land to seel you in Atlantis. The very bottom of this email says it represents “Toner4Less” (A legitimate company) but the email came from the domain tonerandink[.]info.  (Notice that the scammers screwed up the email and left it saying “Dear <FirstName>”)  The links in this scam also point back to tonerandink[.]info which the Zulu URL Risk Analyzer has labelled as malicious.  The funny thing to us is that a search for that phone number (800-757-3562) turns up lots of complaints online about this ink scammer, going back to 2012, such as this set of posts on 800notes.com.

 

              

 

Fake malicious Amazon shopping surveys are so common and expected, like flies on dung!  They are deep-tooth, nasty bear traps, ready to snap once stepped on. This one came from, and contains links to a newly registered domain called onlinedirekt-ku[.]biz.  This domain was registered just one month ago in India without any Registrant information whatsoever! (How this is possible for someone to register a domain without even entering fake contact information is a mystery to us. It serves as just one more example of how broken our domain naming system is that ICANN governs.)

 

 

[hr_invisible]

[hr_invisible]

TOP STORY: Two Very Different Types of Deception

By any measure, online deception is so common and routine that one can legitimately describe it as a norm, even from everyday people who mean well.  Such practices are described in this article published in Psychology Today by Dr. Cortney Warren (in July, 2018) titled “How Honest Are People in Social Media.”  We have two very different forms of deception to throw onto this bonfire that we normally don’t share with readers.  The first is a very threatening email Doug received into one of his inboxes, with the subject line “Your account was under attack! Change your access data!”  The email appears to have come from a Chinese business identified as Zhejiang Zuoli Pharmaceutical Co., Ltd., but of course it didn’t.

 

 

This extortion trick relies heavily on a simple trick requiring a bit of research into the dark web.  The “dark web” has sites that sell stolen information from all kinds of hacked accounts, including email addresses and passwords.  This scammer has simply found a password associated with an email account of ours and tossed it into the email as if he learned this password (724172) through the alleged installation of RAT (Remote Administration Tool) software on our computer.  

Were this intimidating email true, it could be frightening! But, of course, this email is a bogus trick to extort money.  We’ve received nearly a dozen variations of this email in the last year and heard from other readers who have similarly received these fake threats.  Sadly, there are people who believe them and pay the extortionist. Other bloggers and community threads have written about this deception. Here is one link to a well written article about this scam…

 

https://botcrawl.com/email-scam-claims-that-your-account-was-attacked-demands-bitcoin/

 

Perhaps, at another extreme end of the deception spectrum is an email from someone who reaches out to you because they have an innocent request.  Such as this email from Katlyn that we received this past Spring:

 

Katlyn Eriksen <kat.eriksen “@” canismail.com> writes:

Hi there,

According to WebMD, the top diet scams include metabolism boosting pills, body wraps, herbal weight loss teas, and diet patches. In a sea of diet plans, ‘expert’ advice, and miracle schemes it’s sometimes impossible to know what is ok and what’s not.

While working in a healthcare clinic, I met hundreds of patients in a decade who’d tried a scam diet plan or gimmick of some kind or other who’d seen significant health side effects.

Did you know a simple, well-balanced diet with moderate exercise is all we really need? I came across http://www.thedailyscam.com/january-11-2017/ while researching a different topic and couldn’t help but feel your readers might be interested in my article idea.

I’d love to contribute a full article on this topic because your readers will be certain to find these diet scam warnings both intriguing and useful. I would be happy to do this in return for including a mention of a previous piece I’d worked on.

Please let me know what you think, I’d be happy to get started right away.

Best Regards,

Katlyn

 

If you’d like to make certain I don’t get in touch again, then please click the link below to notify me. However, I’d like to assure you you’re not on a database or contact list, so if I don’t hear from you I won’t be in touch again.

 

UNSUBSCRIBE [LINK REMOVED]

================================================================

What a lovely idea, right?  Except that it made little sense when we dig into it. Read our response below to Katlyn.   Also, The Daily Scam receives an email like this nearly every week, sometimes more. Here was our reply to Katlyn:

 

Dear “Katlyn”

I am intrigued by your offer because I don’t believe you are who you say you are.  I think it is more likely that you represent some marketing firm trying to promote a client’s website.

We often get emails like yours, suggesting an article or website for our blog, and in the last 2 weeks I have received 4 such emails from different people.  Do you realize that we write about online fraud and deception, including deceptive practices from advertisers and marketers?

  1. You reference our January 11, 2017 newsletter but there is nothing in that newsletter about the topics you address, except the scam subject line that includes the word “diet.”
  2. You use canismail.com for your email and it is CLEARLY meant to hide your origin. 
  3. You include an “unsubscribe” link?  We never subscribed to anything related to you.  And authors don’t do this. Marketers (and scammers) use subscription services.
  4. Finally, you ask us to post a link to your work on another website. That’s what you really want.  But what website? Your “reward” should be having our thousands of readers see your name as a guest author.

Prove me wrong.  Send me the following information and I will consider your offer, instead of writing an article about the deceptive practices of marketing firms who try to get links to their clients’ websites, or something like that.  Send me:

  1. Your website that you want us to provide a link to.
  2. Your phone number and skype name so we can talk or video chat (or Facetime) if I choose to consider your offer. Also, tell me your address.
  3. A link to your LinkedIn profile showing me your professional background and it should include Healthcare clinics that I can verify as your places of employment, as you say.
  4. Tell me exactly what you came across on our web page that you say is related to the topic you wish to write about.
  5. Finally, tell me that you do not work for a marketing firm.  And who do you work for? What is your profession? Are you a nurse, doctor, PA?

I look forward to hearing from you,

Doug Fodeman Co-Founder and Content Director TheDailyScam.com

**Dedicated to helping people reduce their online risks**

We never got a response from Katlyn, or most of the other people who have similarly requested link backs, guest posts, or references to their websites.  But then again, we’re not surprised! It’s all part of the Internet experience of deception.

[hr]

FOR YOUR SAFETY: You Have Unread Message (7)

“You have unread message.”  At least we know that the sender’s first language is not likely to be English.  If you look at the people to whom this automated email was sent, you’ll see that they are in alpha order.  The shortened bit.ly link in this email is 100% malicious. It will redirect you to a website called weightloss-health[.]world.  However, before you think this is just a trick to a weight loss promotion, check out what VirusTotal.com showed us below!

 

 

 

 


Until next week, surf safely!