October 24, 2018


As hard as we try to back away from the crazy advance-fee scams described in the last two newsletters, we find it nearly impossible to ignore them since they continued to pour into our inboxes.  Sometimes we saw two identical scams, minutes apart, from two different email addresses such as these two from “tim” and “Rank”…

We promise to take a break from these scams soon but before we do, we wanted to point out one more very interesting “poker tell” that can be found in 99% of these advance-fee scams.  Learning to recognize this unique common feature is a good skill to spotting likely scams. Let’s use this heart throbbing short email from a 17-year old girl named Samirah. Remarkably, Samirah has inherited more than $3 million dollars, needs help, and is willing to pay for it!

Of course, any person with an IQ greater than a mushroom knows this is a scam.  Be that as it may, the “poker tell” to point out is what lies in the Header information about the sender and reply-to address.  In our Gmail view, this information is hidden UNLESS you click that tiny triangle next to “bcc: me.”  When we do that, Gmail reveals information about the sender and where our reply will be sent.  The email from Samirah comes from one email address and the reply to goes to a completely different address!  Moreover, Samirah’s name doesn’t seem to match the name associated with her “FROM” email address.  It is also worth mentioning that THIS particular reply will be sent to yandex.com, an email service located in Russia that primarily serves Russia, Ukraine, Belarus, Kazakhstan and Turkey.

We don’t know WHY advance-fee scammers (and other criminals) do this, but we see it often.  It is one of those characteristics we look for when evaluating the likelihood that an email is fraudulent.  You’ll see the same thing in the header information below of these two recent advance-fee scams. Email comes from one address but your reply is designed to go to a different email address.  Sometimes the criminals will simply tell you to email them or someone else at another email address. If you have some insights as to why criminals routinely do this, please share it with us!  We always like learning something new!




Our latest article about a text scam to recruit people for a “mystery shopper” at CVS!



Phish NETS: PayPal, Bank of America, Chase Bank and Email Phish

A TDS reader sent us this PayPal phishing scam.  The link was stripped away before we got this, so we can’t tell you where “Confirm your mailing address” pointed. But the fact that this email didn’t come from paypal.com AND contains awkward English along with poor formatting tells us everything we need to know.  The criminals sending this thought they were clever by listing service @ paypal.com  in the NAME field that appears before the real email address.  However, you can see right through this trick! The actual email follows and is listed as reneg “@” rds-elsecomm.com.  We believe this is a hacked email account for a home security company in Texas, or the security company itself is a sham.  In this case, we’re not sure which.

Another TDS reader sent us this phishing scam pretending to be from Bank of America.  What was interesting about this phish is that the FROM address was spoofed to look like it came from the email address it was delivered to!

We’ve reported on this next phish some weeks ago.  Subject line: “An important tax document” supposedly sent from Chase Bank.  Once again, it is easy to spot the fraud by looking closely at the FROM email address or mousing over the link for “Tax Documents.”  The link points to a shortened URL from tiny.cc.  We unshortened that link using Unshorten.it to learn that you’ll be redirected to a hacked website for a graphic designer from the Washington State area and identified as 100% malicious by the Zulu URL Risk Analyzer.


Finally, we leave you with these two sample phishing emails for generic web email accounts.



YOUR MONEY:  USAA Credit Card, Bank of America Survey Worth $50, and Pre-Approved Loan Offer

Another TDS reader sent us this USAA Bank Credit Card email.  The subject line is chopped up to help the criminals who sent it avoid scrutiny by anti-spam servers.  It came from a Yahoo email server in Japan (“.jp” = 2-letter country code for Japan.) All links in this phony-baloney point back to a crap domain called becaul[.]trade.  This BS is either malicious clickbait or a phishing trick asking you to give up a lot of personal information to sign up for for their fictitious credit card.

Not sure which, but both deserve a big delete!


Here’s another bogus customer survey, tempting you with promises of a $50 reward.  This one claims to represent Bank of America but it simply isn’t true! The email came from the domain plantorks[.]com, which happens to be a very suspicious website inviting people to “Submit their application now” but only offering an “unsubscribe” button and a field for an email address. Also, it shows a different name of another website on the top page: (smallergyll[.]com).  The links in this email point to the much abused Microsoft Outlook servers but then redirect to a website in the UK called arericattage[.]co[.]uk.  The senders of this crap say that they are not affiliated with Bank of America.

That statement is the only truth in this landmine!


“Your pre-approved loan offer is waiting” says an email from “Jake Hanson.”  Once again, all links point to safelinks.protection.outlook.com but contain redirects somewhere else on the Internet.  We believe that this malicious clickbait was created by the same criminals who created the BOA survey above, and so many more emails we’ve reported on.  This email redirects to the website serveminecraft[.]net.  At least VirustTotal.com reports one service smart enough to recognize that this link as 100% malicious!



TOP STORY:  Dividing Americans with Fake News

The Daily Scam is proud of the fact that we have Newsletter subscribers and readers from around the world.  And though Democracies in many countries are under attack by disinformation campaigns and propaganda wars, we wish to address American citizens in this week’s Top Story.  The concerted effort by Russia, Iran and other nefarious characters to manipulate American public opinion and divide us has been well documented. (Here is a link to a recent CNN article that nicely summarizes this effort.)  Last week our American Justice System indicted the 27th Russian citizen for meddling in our electoral process.  Even ultra-conservative Fox News is reporting on that indictment.  You may argue whether or not Russian meddling altered American politics in 2016, and by consequence American political policies, but you can’t argue that they have been trying very hard to do so.  And they are not alone. Recent reports in the media say that Iran and China have also been playing a part in trying to mess with our democracy, including alleged hacking of polling machines and voter registration information.  One of the most effective weapons used by these players has been fake news reports meant to alter our opinions and perceptions of each other, divide us as Americans, incite hatred, and even violence.  (Do you remember the story of the North Carolina man who showed up with a gun at a Washington Pizzeria back in Spring, 2017 because of fake news? Re-read “Pizzagate.”) The most common platform in our daily lives that these bastards weaponize is our social media! According to a November, 2017 report by the Pew Research Center, a significant percentage of American adults get at least some of their news on social media.

No matter WHAT side of the political spectrum you see yourself on, this destructive effort should concern every American!  (The Newseum in Washington, DC now has an Exhibit devoted to the documented cases of Fake News that damaged our 2016 electoral process.)  We are now less than two weeks away from our next set of elections. Do you think Russia, Iran, China or even some American trolls are no longer trying to manipulate your opinion by seeding the Internet, and especially social media, with fake news?  Think again. Here is one small example that appeared recently on Twitter. A Twitter account called @SourcedReports sent this tweet, along with the photo of an injured man.  In it, the tweet claimed that the man had been attacked in a coffee shop by a “liberal employee” because the man supported Judge Kavanaugh’s recent confirmation to the Supreme Court.  This tweet is meant to make liberals seem like extremists, continue to divide Americans, and build anger from conservatives against those with more liberal viewpoints. But it is all a lie!  Twitter removed this tweet and suspended the @SourcedReport Twitter account because of this tweet and other lies.


People might also incorrectly think @SourcedReports is a news source because Google searches for @SourcedReports often show news screenshots. Though we’re not certain, these images appear to be screenshots from CNN.  People likely see these images and think that Sourced reports is a real news service, but again, it is not!

We couldn’t help but notice that the very name “SourcedReport” is meant to sound like official news.  The word “sourced” implies that the information comes from a particular source… as in “confirmed to be true.”  Look at this screenshot from a recent Google search for @SourcedReport below.  It shows that @SourcedReport claimed, on October 9, that CNN reporter Kaitlan Collins mocked Judge Brett Kavanaugh.  This was also a complete lie. NO OTHER NEWS WEBSITE REPORTED THIS EVENT! Not even Fox news!  This fake report is clearly meant to discredit Ms. Collins, and thereby discredit CNN.

Online deception is exceptionally easy, no matter how hard companies like Facebook, Twitter and other social media services try to stop it.  It is OUR RESPONSIBILITY as Americans to be skeptical about the claims that appear in online media BECAUSE they are so easily manipulated. Don’t believe it just because you see it online, even if a friend sends it to you.  No matter which side of the political aisle you prefer to stand on, we are Americans. Our Democracy has been envied by people around the world. It has stood as a beacon, shining light on many freedoms we fiercely value and others don’t have.  But, for at least, the last five or six years it has come under attack in very subtle ways that our citizens and government were not prepared for. We don’t know who was behind @SourcedReports and likely, never will.  But they represent a drop in the bucket of the effort, energy and money that is behind the manipulation of our Democracy.

We at TDS believe strongly that it is critically important for all Americans to fight against this campaign of lies and disinformation.  When you see news items, especially on Social Media and discussion boards like Reddit, don’t assume they are true!  Especially if these news items are politically charged or leaning strongly in your political direction or against it!  Instead, conduct a Google search to look for these news items on legitimate news websites like NBC, ABC, Fox, NPR, CNN, LA TImes, Washington Post, Chicago Tribune, Forbes, Reuters, Politico, Wall St. Journal….  Practically, any big city newspaper, TV or radio station.   If you ONLY find that news item on obscure websites, or through the posts that appear on social media and discussion boards, then this “news story” is VERY LIKELY not true!

MOST IMPORTANTLY, EVERY AMERICAN (18 years or older) NEEDS TO VOTE ON TUESDAY, NOVEMBER 6.  But even this isn’t enough!  Talk to your friends and family and make sure that THEY vote!  Ask if anyone needs a ride to a voting place and offer to help them!  Exercising our democratic privilege to vote, while staying informed about the real issues and pushing back against fake and manipulative news stories, is the most important thing we can do as American citizens to participate in and protect our Democracy!  If you agree with us, please share this article with friends and family! Email the article, post a link to this article:  http://thedailyscam.com/october-24-2018/

FOOTNOTE: To our readers in Great Britain… We understand that there are many questions about Russia’s effort to influence voting decisions about Brexit.  Some say the Russian influence was very little, like in this BBC article, while others say that Russia meddled heavily such as in this article from The Guardian.  Either way, there is evidence that Russia is turning its attention to you as well.  We hope you find success in exposing their fraud and bringing to light the truth about what Brits want for Great Britain’s future.


FOR YOUR SAFETY: Critical Security Alert… NOT!

We’ve reported on similar “critical security alerts” before.  This one is so ridiculous that it isn’t even clear what account it claims to represent!

Just delete.

Until next week, surf safely!