Copy
THE DAILY SCAM NEWSLETTER - APRIL 22, 2020
Content Director: Doug Fodeman | Creative Director: David Deutsch


THE WEEK IN REVIEW

Last week we saw a slight decrease in malicious emails and texts that we believe originate from cybercriminals in India, Eastern Europe and Russia.  (Just a hunch.)  However, we saw a bump in “Nigerian 419” advance fee and job scams from African countries. (At least, we believe that these scams are most popular from criminals in African countries based on what we have read and the scammers whom we have personally tracked.  There are several ways to use technology to track people.  Marketers and scammers often track people they target.  They know when you’ve opened an email, how many times you’ve opened it, what time of day, and your general location.  If you want to learn one method for doing this, read this article on How-To Geek.com.

But one of our readers didn’t need to do this because he had a very strong hunch that the job he was interviewing for through Google Hangouts was actually a scam coming out of Nigeria.  Read this short dialogue when he calmly asks a question of the scammer that takes apart his scam.  It’s brilliantly simple! He then follows his question by providing a link to our article that has exposed 123 fraudulent job interviews through Google Hangouts (and similar text-based tools.)




We know that many people are still confined to home during this pandemic.  Many are using Zoom to work remotely or connect with family and friends.  Zoom is a great tool but there are many Zoombombers (hackers and pranksters who have been doing their best to crash meetings in inappropriate ways. (Just Google the word “zoombombing” to see articles about this phenomenon.)  We found this graphic on the internet which sums up 10 ways to secure your Zoom meeting.  The graphic appears to have come from a good article on PCMag.com about Zoom security.



 

Finally, a reminder that malicious actors around the world are still using content related to the Coronavirus pandemic as clickbait to malware, phishing tricks, and other scams.  Here’s just one example.  Please visit our article about these scams: TheDailyScam.com/coronavirusPolice in Thomaston, Maine have posted a scam text on their Facebook website that says “you’ve come in contact with someone who has COVID-19” blah, blah, blah… click the link.  No doubt, the link is malicious.  This April 19 CNN article highlights a variety of scams and robocalls themed around the pandemic.

Don’t fall for these tricks!
 




Daily Scam Home Page

PHISH NETS
JP Morgan Chase Debit Card, Amazon Account, Paypal, and Office 365

Lots of phish in the sea last week!  Check out the “FROM” address in this email.  We found three grammatical or punctuation errors in that short email but we loved their effort when saying “due to… uncharacteristic activity.”  That “is[.]gd” shortened link redirects visitors to a hacked website in Morocco! (“.ma” is the 2-letter country code for Morocco)
 




 

Nary a week goes by without seeing some scam pretending to be related to the commercial giant Amazon.  Though this email begins with FROM “account-alert @ amazon.com,” that address is set into the name-holder place.  The actual email follows and is surrounded by the symbols <>.  This email was sent from a domain that doesn’t even seem to be registered according to several WHOIS tools we checked…. “Amaznsekutinyo[.]com.”  The Amazon account verification link at the bottom of the email actually points to a website in India called “deped[.]in.”  The opening sentence gives away this fraud if you are paying attention…



Fortunately, every service we checked knows that this is fraudulent, but it is also much more than a phishing email!  The website in India contains malware before redirecting you to the phishing site!

OUCH!








 

Another banking service very commonly phished is PayPal.  This email from “Admin PayPal” was sent from a fabricated, non-existent domain called “shankikamusexy[.]com.”  The link for PayPal login points to the subdomain of the domain “page[.]link.”

Deeeeleeeete!


 

Finally, we received this email to “update” our Office365 password and also followed the link to the phishing page. The language used in this phish is hysterical!  Take a moment to read it!





Daily Scam Home Page
 

YOUR MONEY
We Want to Give You Money!

Advance-fee scams are as ubiquitous as weeds.  We all get them in our inboxes if you’ve had an inbox older than 6 months or so.   What they all have in common is the fact that someone wants to give you money but the hitch is that you have to pay fees in advance!  And, of course, you never get “your” money.   Here are some recent favorites taken from the many that poured into our inboxes last week.  Enjoy them for what they are….fictional narratives.  It is important to point out that it is STANDARD OPERATING PROCEDURE for these scammers to send an email from one address but ask for a reply (or arrange it via the reply-to field) to a different email address.  This is true for all four scams below.  If our addition is correct, these 4 emails have informed us that we are to receive a total of $19,527,000!  Nearly $20 million dollars from awards, COVID19 donations, anti-fraud compensation packages and because someone thinks we believe in God and will do good work with her funds after she’s dead and gone.  Like we said… great fictional narratives.









Daily Scam Home Page

 
 

TOP STORY
Target's Online Spider Web

Have you looked in the mirror recently?  We have.  It’s not a pretty sight, people.  After serious consultation with our spouses we went digging for the hair cutting shears and buzzers only to realize we had none!  Amazon hair-cutting products are sold out or have shipping dates in June!  But Amazon is not the only game in our virtual town.  Walmart had a great hair buzzer that was very reasonably priced.  After selecting our much-needed tool we couldn’t help but notice several things that gave us a sigh of relief.  (Check out the screenshot)

  1. Walmart did not require us to create an account we neither wanted, nor needed.  We could simply enter our shipping and credit card information and make a purchase.  Also, to the best of our understanding, this information was not stored on a forward-facing server that the world could probe because we did not create an account.

  2. Look in the lower right corner of the check out screen for Walmart.  They provide their customers with links to copies of any personal information that Walmart has on them.  (The link that says “Do Not Sell My Personal Information” is ONLY available to California residents since California passed better privacy restrictions than any other state in 2018, called the California Consumer Privacy Act.)



 

In this brave new world where consumers have ZERO privacy, it is somewhat reassuring to know that Walmart makes this modest, but important effort, to give consumers these options.  Contrast these options with purchases made through Target.com.

We went looking for a reasonably priced pair of hair cutting shears and found what we needed on Target.com that promises to be delivered before the coming of the Messiah.  We found it and added it to our cart.  However, when we clicked “checkout” we were informed that WE WERE REQUIRED to create an account on Target.com.  Reluctantly, we did.  That’s when bad went to worse and Target took the liberty of taking and holding our personal information without asking us.  Not only did Target create an account that we didn’t want after asking for our email address and physical address, but Target required us to provide a phone number (which we made up) for this account. Target also decided on its own to take the credit card data we used for our purchase and stick it into our new Target account as our “credit card on file.”  We didn’t ask them to do that and it now meant that our credit card data was sitting on their outward-facing server for someone to hack.

Now we were pissed!
 


 

We went through every setting and link available in our newly-created account to figure out how to delete it.  Deleting this created account was not an option!  YOU HEARD THAT RIGHT!  Target forced us to create an account we didn’t want, collected and posted our personal data to it, even a phone number and credit card information, and then made it impossible for us to delete it!  We even used their “Help” feature to search for some instructions on how to “cancel” or “delete” our account but got bubkis!

NOTHING!
 


 

The only thing we were able to do was to go into the account and delete our credit card they had stored in our account and delete our address.  We find these consumer practices absolutely offensive and Target needs to do a much better job at being sensitive to the data privacy of customers.  We tried to tell Target this by actually calling a support phone number on their website.  Of course we were asked to enter our account number and were then told that our wait would be at least 30 minutes.  We hung up.

Target is very obviously a legitimate commercial service.  However, that doesn’t mean this legitimate business engages in consumer practices that offer appropriate protections and choices to the consumers who make online purchases.  They don’t.  Instead, they acted like a digital spider trapping you in their web, collecting and keeping your data to feed their own money-making purposes. That will be the last time we’ll ever purchase anything from Target online.  Maybe we’ll try calling them again to complain, when we have an hour to kill.

 

Daily Scam Home Page

 


FOR YOUR SAFETY
Passive Income Data

Business email accounts and websites get hacked every single day around the world, and are then misused to target netizens.  We never believed that this email from an auto/boat/trailer detailing business would send us an email about their “passive income” success story to raise $10K every month.  And we never contacted them to begin with.  So we were not the least bit surprised to see that the link we were sent for collegefootball-live[.]com leads to a phishing site AND malware infection.  Step away from this ledge...






Until next week, surf safely!
Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE

Produced by:
Deutsch Creative
 
Copyright © 2020 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp