I don’t know if this is happening to me and some of the people in my close circle, but it feels like there have been an increased number of spam attempts lately.
The other day I received an email that caught my attention, and upon discussing it with friends, they told me about recent scam attempts they’ve experienced.
Sadly, spammers are only getting smarter and constantly changing their tactics. It’s becoming harder to decipher what’s genuine and what’s not, so I encourage you to question everything and stay alert so that you don’t fall victim to their phishing schemes.
In this article, I will discuss my experience and the steps I took that led me to determine I was being scammed.
I will also mention the latest scams my loved ones experienced, which I believe you should also be aware of and protect yourself from. And finally, I will offer a few tips on how to stay safe under those circumstances.
Email phishing scheme
Email phishing scams originated in the mid-1990s, specifically with the use of America Online (AOL) at the time, as a means of getting people to hand over their private and sensitive information voluntarily.
Technology has allowed these hacking methods to advance in unbelievable ways.
Typical signs of spam email
These are several common signs of email scams, several of which you may have experienced yourself.
- They contain misspellings, poor grammar, or strange syntax
- They contain excessive punctuation or special characters
- They are sent from unfamiliar or suspicious email addresses
- They contain attachments from unknown sources
Now, as I mentioned earlier, scammers are becoming smarter in the techniques they use, and it’s likely that the scams you receive may become a little more polished, so to speak.
This of course means that we must remain on alert and always second-guess everything. It’s sad that we’ve come to this point, but I digress.
Recent email phishing scheme
I want to share the email I received on September 22, 2022.
Yes, if you noticed, it did get filtered into the spam folder (good job Gmail!). The reason that folder gets checked periodically is that I’ve had important emails wrongly sent to spam in the past, and we want to avoid that.
Did you pick up on any of the typical signs of a spammy email mentioned above? At first glance, I didn’t. So I began digging, and digging…and digging! Let’s walk through my process together.
Important: At no point did I click on any of the links on that email- not even the ones supposedly linked to my website. I recommend you never click on links, archives, or attachments.
Things that caught my attention in the email:
- The sender is supposedly Kristy Barrett from Nationwide Legal. Nationwide Legal is a legit company but if you pay close attention to the email address, it’s not from Nationwide Legal but rather Nationwide Law (whoever that is..?)
The second bizarre thing about the sender is that the email was sent from firstname.lastname@example.org but at the end of the email, the signature she uses includes a different email: email@example.com.
- The email was not sent to the owners of Crisis Equipped. The email this was sent to was firstname.lastname@example.org, which is the department responsible for handling the subscriptions to our Emergency Family Plan.
An attorney who is handling a copyright case can easily find the information of a website’s owner and I would assume they would contact that person directly.
- She doesn’t refer to the owners of Crisis Equipped by name. The email begins “Dear owner of https://crisisequipped.com/best-food-for-a-bug-out-bag". Again, a lawyer who is filing a claim against a person or party would address the individual or business by name.
There are online tools to help you find information on website owners, but even if going that far is too much work, a simple search on our “About us” page would have led anyone to discover that in less than 5 seconds.
- She claims that we have not given credit to the appropriate owner of an image that appears in one of our articles. Supposedly, using the image is fine so long that her client receives the credit.
First of all, the images in the article in question were either taken from Unsplash or Pexels. Both of these sites provide royalty-free images without the need to credit the author.
Secondly, the images in the article are of muesli, cereal, soup, and ramen noodles. You can have a look for yourself here if you’d like. The client wanting credit for those photos is “CSG Beach Gear Ltd”. I definitely questioned which of those images had anything to do with a beach gear company.
- She wants us to give credit to her client through a link versus the photographer or company. This was suspicious to me because it looks like they’re only fishing for backlinks.
- The client (CSG Beach Gear Ltd) and the website link provided are different entities (cheapsurfgear.com/collections/beach-stuff-sale). You would think that if your company name was CSG Beach Gear Ltd, then your website would match its name, especially since that domain hasn’t been taken yet.
- The email says that I have 5 days to add that link to my website or legal action will be taken against me. The interesting thing is that she already provides me with a case number.
How does she already have a case number if she supposedly hasn’t started a legal case against us? Also, did you notice how she mentions the DMCA and Wayback Machine as a tactic to scare us into thinking she has sufficient proof that we’re somehow in violation?
The email alone didn’t convince me that this was a scam. So I continued investigating.
The tools I highlight below are free and available to everyone, so I recommend you use them to your advantage and perform similar searches if a suspicious email lands in your inbox.
1. Search the website(s) on an incognito window.
Without clicking on the email itself, do a simple search on an incognito window of the website(s) in question to see if they are real.
I’ll use my experience as an example.
At the time I got the email, nationwide-law.org was up and running. As of the writing of this article, however, the website has been suspended.
These are a few snapshots of some of the content on their site:
The first thing I did was call the 1-800 number at the top of the screen. This call went nowhere. So I continued scrolling.
The text on the website felt generic but not scammy per se.
On the other hand, most of the lawyer images are awkward and it looks to me like they’ve been generated by AI. Perhaps they used this face generator tool?
Kristy Barrett of course appears on this list but her specialty is corporate law, whereas three other people on that list specialize in copyright law. If we’re in violation of Copyright Infringement, as the subject of Kristi’s email suggests, why wouldn’t we be contacted by the appropriate attorney?
At the footer of their page, there was a secondary phone number and an address. I called this number too and that went to a random person’s voicemail.
The address on the website matched the address on Kristi’s email signature. I looked it up on Google Maps and it showed that over 315 businesses use this as their address. I scrolled through all of them and none were named Nationwide Legal, Nationwide Law, or anything resembling that.
The website they wanted me to link to, cheapsurfgear.com, is still up and running and they seem legit, however, there are a few things that were odd to me.
Have a look:
This is what caught my attention.
The contact number on their header is 1-800-555-5555.
Also, their website specializes in beach water sports equipment, but their latest article (from October 5, 2022) is titled “Trendy Maternity Outfits for 2022”.
Why would a company publish content on their website that is completely unrelated to its niche?
2. Search the website(s) on the Wayback Machine.
The Wayback Machine provides previous internet archives of websites.
As for nationwide-law.org, it shows only 4 snapshots taken as early as September 6, 2022. This tells me that this is a relatively new website.
The other site, cheapsurfgear.com, shows 35 snapshots taken as early as April 1, 2004. I went down a rabbit hole trying to find the owner of this website. I discuss what I discovered below.
3. Find out how old the domain is with the Domain Age Checker.
Since nationwide-law.org seemed like a newer website (based on the data from the Wayback Machine), I looked it up on the domain age checker and found out that it was created on August 3, 2022.
What’s funny is that we received an email from them on September 22, 2022. I’ll let you do the math there but really..?
Also, did you read the text on the screenshots of their website? Specifically, the part that says they’re “known for their persistence in finding solutions for the effective completion of diverse legal actions…” Who’s gonna believe that statement coming from a 2-month-old company?
4. Look up the website owner with the ICANN Registration Data Lookup Tool.
The website cheapsurfgear.com dates back to 2004 and for a long time, the domain would redirect you to saltwaterdreams.com. The owner of Saltwater Dreams, Inc is Ethan Akins from Ventura, CA.
A 2007 lawsuit pertaining to other domains he owned revealed that Akins operated more than 400 “active websites” and owned more than 1500 domain names at that time. It is believed that he used many of his domains to provide backlinks to the others.
Many of the domains he owned in 2007 are no longer in use, but cheapsurfgear.com remains active. I don’t think the owner of either of these sites is Ethan Akins, because the ICANN tool reveals the current owner’s personal details as:
- Address: Kalkofnsvegur 2, Reykjavik, Capital Region, 101, IS (That is, Iceland).
- Telephone number:+354.4212434
As for the owner of nationwide-law.org, their address and phone number are the following:
- Address: Kalkofnsvegur 2, Reykjavik, Capital Region, 101, IS
- Telephone number: +354.4212434
Coincidence? I think not…
But let’s not end there.
If you do a simple Google search for that phone number (+354.4212434), you’ll find several pages worth of websites that this scammer also owns, as well as forum threads of people complaining.
Here’s a report from the US Cybersecurity and Infrastructure Security Agency (CISA) with other scammy websites this phone number is tied to.
Please beware and stay aware, my friends!
How to stay safe from an email scam
That’s easy — question everything!!
Remember these steps:
- Be suspicious of any unsolicited email that asks for personal or financial information. If you weren't expecting an email from the person who sent it, be extra cautious.
- If you receive an email that looks like it's from a friend or family member, but something about the message seems off, be wary. It could be that they were scammed, and the hacker gained access to that person’s contacts.
Do not reply to the email. Instead, reach out to that family member or friend through a different means and ask them if they sent it.
- Be wary of email scams that try to create a sense of urgency. Scammers will often try to trick you into taking action right away by saying that your account has been hacked or that there's some other emergency.
- Don't click on any links in a suspicious email. These links could take you to a fake website that's designed to steal your information. Any link could be malicious!
- Don't open any attachments on emails sent from unknown senders. These attachments could contain malware, which is software that can damage your computer or steal your personal information.
Always verify the source of an email before replying to it or clicking on anything.
- If an email doesn’t look too suspicious, but it comes from an unknown sender, verify that it’s legit. Try out the following suggestions:
eBay phishing scheme
There are lots of different eBay phishing schemes, but I’m only going to mention one that happened to a friend of mine recently.
My friend ordered a camera through a seller in the United States. Once a sale is completed on eBay, the product description shows that it was sold, as well as the date the transaction was completed.
This is an example of what it looks like:
In my friend’s case, a scammer contacted the seller shortly after my friend bought the camera. In the message, they stated that they had just bought the camera, and they forgot to change the shipping address. They claimed the product was a gift for their niece, so it needed to be shipped to their sister’s house.
The seller overlooked the email address it was sent from and shipped it to the “updated” address. Then, he sent the shipping confirmation and tracking number to my friend.
My friend noticed it was being shipped to a different city and state, so he contacted the seller right away. That’s when they realized that what had happened was a scam.
The problem was that the package was already on its way to the scammer’s address, which turns out was a warehouse where stolen items like these are shipped and then sent overseas.
Luckily, they were able to track it and reroute it to my friend.
How to stay safe from an eBay scam
When shopping on eBay, it's important to be aware of the potential for scams.
There are a few simple things you can do to protect yourself from becoming a victim of fraud:
- Only purchase items from sellers with a good reputation. Check out the seller's feedback rating before bidding or buying.
- Be cautious of sellers who are new to eBay or have few feedback ratings.
- Never take the sale off of the platform. Do not pay for an item outside of eBay, such as with gift cards or through a wire transfer service like Western Union or MoneyGram.
These methods are often used by scammers and it will be very difficult, if not impossible, to get your money back if you're defrauded.
- Pay close attention to the listing description and photos to make sure the item is exactly what you're expecting. If something seems too good to be true (specifically in terms of its price), it probably is!
- Never give out your personal or financial information to a seller you don't trust.
- To avoid what happened to my friend, you may want to confirm your shipping address with the seller as soon as you purchase a product from them.
Facebook phishing schemes
There have been a number of reports of people being scammed on Facebook, particularly when using the site to buy or sell items and through messenger. I have witnessed both.
The following are situations that occurred to me.
A few months ago, I stumbled upon a 2015 teardrop trailer in mint condition on Facebook Marketplace. It was being sold for just $800 and not just that, the seller offered free delivery too!
I looked at the location it was being sent from, and they claimed to be in South Carolina.
I inquired and the seller redirected me to a strange email (which apparently was their aunt’s email— obviously it was not).
During the email conversation, the person gave me a sob story about how they needed to sell the trailer immediately because their husband had died recently and it brought them too many memories. Plus, they had gotten hired in a different state so they were in the process of moving.
Now here’s the catch. They only wanted to receive payment in eBay gift cards. When I asked for alternative payment options, they stopped replying.
I’m sure my situation is not unique and there are many other scams like these floating around Facebook Marketplace.
The following thing has happened to me twice in the last couple of months, so be aware of it in case it’s becoming common.
The first time I received a friend request from a family friend. I accepted. Then, they started sending me private messages about winning something and they wanted to share the experience with me.
It was bizarre because this family friend wouldn’t be the type to message me that kind of information out of the blue, so I consulted with them over the phone and they assured me it wasn’t them. A scammer had copied their name, main profile, and background images and pretended to be them.
A while later, I received a friend request from someone who was already on my friend list. I didn’t think much of it because I figured they could have created a new profile. Shortly after accepting their request, I received a message that read, “Hello how are you doing”. That’s verbatim.
I had seen this friend about a week prior, so definitely it was strange to receive this message, especially since there were no punctuation marks and she didn’t mention my name.
I texted her a screenshot of the message, and sure enough, someone had built a fake account using her name, profile photo, and background photo.
I stopped communicating with both of those profiles immediately and blocked them, so I don’t know what their intent was, but I don’t need to know.
If you receive any suspicious messages like those, don’t entertain a conversation with them.
How to stay safe from a Facebook scam
Here are some tips to help you stay safe on Facebook Marketplace:
If buying an item:
- Meet the seller in person to inspect the item before handing over any money.
- If a seller is behaving strangely or giving you another point of contact (such as an email to contact their aunt, brother, cousin, etc) to complete the sale, then stop communicating with them right away.
- If a seller is trying to rush the sale of their product, don’t be so quick to trust it.
- If the product price is unusually low (especially for a one-of-a-kind item), search for the product name on Marketplace to make sure the seller hasn’t posted it in multiple different cities or states.
- Do not pay for a product through gift cards, wire transfers, or crypto.
- If a product and the price it’s selling for seem too good to be true, it probably is!
If selling an item:
- Be wary of anyone who asks you to ship the item to them before they have paid.
- Be cautious of anyone who contacts you out of the blue and offers to buy your item for an unusually high price.
- Do not reply to anyone who sends you a message with a screenshot of their text, versus actually texting you.
- Never give out your personal or financial information to someone you don't know.
Tips on how to stay safe on Facebook Messenger:
- Do not communicate private information with people you don’t know. Do not share personal contact or financial details.
- Be wary of strange messages coming from friends and family members. A hacker might be impersonating them.
Phone call phishing scheme
I used to get phone calls from scammers quite often.
Occasionally I would answer and talk to them about completely unrelated things. I would pitch random ideas to them, ask them about their life overseas (to which all claimed they were based out of the USA, of course), and mess with them to have a laugh.
Among all the conversations I’ve had with these people, there’s one that I’ll never forget. I asked the person on the other line what his job/ career was. Without any hesitation, he replied, “I’m a scammer”. 😲
I was shocked but obviously not surprised.
How to stay safe from a phone scam
- Ignore the call if you don’t recognize the number. If it’s important, they’ll leave you a voicemail. Even if they leave you a voicemail, question if you don’t recognize the caller.
- Never ever ever give out personal information or money.
- Oftentimes, a scam call will begin with a pre-recorded message. In such cases, never answer with a ‘yes’ or ‘no’. If you’re concerned about the message being legit, say ‘operator’ and wait until someone gets on the line.
- If the caller seems pushy or aggressive, hang up.
- If the caller says they’re from the government, the utility company, or any other business and is demanding money, tell them you’re busy and will call back as soon as possible. Do not entertain the conversation.
Hang up, Google the phone number associated with the organization or company they claimed to be, and call them. If there is an issue indeed, you can resolve it with them at that point.
- Finally, and I’m not saying this to discriminate, but if a caller from a US government organization has a very strong international accent, there’s a high chance they could be a scammer. Hang up the call, Google the organization, and call the number on their .gov website.
Text message phishing scheme
Text message scams are very common nowadays. Here are a series of interesting ones that were sent to my friends.
The following one is a little different because it was sent to someone I know who works in real estate. The scammer found their contact details through Compass, the agency they work for.
The conversation was the following:
This is how the conversation continued on Whats App.
How to stay safe from a text message scam
- Do not respond to text messages that are clearly scams.
- Be wary of unsolicited messages with misspellings or grammatical errors.
- Do not click on any links or attachments sent through text messages.
- Never reply ‘yes’ or ‘no’ to unsolicited texts from unknown senders. If you feel that it might be legit, reply with a question like ‘how may I help you?’
- Never ever ever give out personal information (such as birth dates, passwords) or money (through credit card or bank account numbers).
WhatsApp phishing scheme
The most common WhatsApp phishing schemes come from unknown numbers.
On the rare occasion that a friend’s phone or laptop is stolen or hijacked, you may receive the message directly from that person’s account.
If the messages they’re sending don’t sound like them (as in the way in which they’re speaking to you, the context, the grammar, etc) then I would be very cautious to engage in a conversation with them.
Most of the scam messages I received on WhatsApp were from Nigeria (+234) and China (+86). Usually, they start with a ‘hi’ or ‘hello’. Other times, they’re a bit more conversational.
The messages I’ve gotten weren’t too direct about needing money but I Googled ‘Whatsapp phishing messages” and under ‘images’ you can see an endless amount of phishing attempts.
A lot of them pose as loved ones saying that they got a new phone (hence the new phone number) and that their bank is blocking transactions temporarily but they need to pay certain bills right away. They assure the other person that they’ll pay them back real soon but they need help now.
Always question messages that are urgently requesting money transfers. If they’re in a rush and trying to instill fear in you somehow, it’s likely a scam.
Also, speaking of changing numbers. WhatsApp usually notifies you if someone in your contacts has changed their phone number.
In fact, they provide a link so you can message them on their new number, as was the case here:
How to stay safe from a WhatsApp scam
- Ignore messages or calls if you don’t recognize the number, especially if it comes from a different country code than where you’re located.
A simple Google search of the country code will reveal where the sender is from. If you don’t know anyone in or from that country, then ignore the message and block the number.
- If the sender claims to be someone you know (i.e. your parent, sibling, etc) without providing a name, profile picture, selfie, or personal details you ask them about in order to assure you it’s really them, then ignore it or block the number.
- Be wary of unsolicited messages with misspellings or grammatical errors.
- Never ever ever give out personal information (such as birth dates, passwords) or money (through credit card or bank account numbers).
- If the caller seems pushy or aggressive, stop communicating with them.
Other online phishing schemes
The world of phishing schemes is so advanced that it’s difficult to keep up. In this article, we’ve barely scratched the surface and only highlighted common scams from a very small and personal level.
Large businesses and government organizations have entire teams dedicated to protecting them from hackers.
The most important thing is to remain aware, never let our guard down, and question everything (especially when something seems fishy).
How to stay safe from other online scams
- Do not install pirated software or download pirated movies or music off the internet.
- Do not visit illegal websites and websites that are known to distribute malware.
- Do not complete online surveys or pop-ups that request personal information.
- Do not enter sweepstakes contests.
- Do not post personal information on social media or other websites.
- Keep your operating system and software up-to-date.
- Be cautious when using public Wi-Fi networks.
- Back up important files to an external hard drive regularly.
- Use strong passwords and two-factor authentication for all online accounts.
- Don’t use the same password for all your online accounts.
- Encrypt important files.
- Use a firewall, antivirus, or malware protection software on your computer.
Cybercriminals are constantly finding new ways to exploit people and businesses online. When it comes to online security, there's no such thing as being too careful.
Phishing scams are becoming more and more common, and they can be very difficult to spot. Be sure to stay informed about the latest scams and cyber threats so you can protect yourself and your loved ones.
I hope this article makes you aware of the ways in which you can stay alert and remain safe. Don’t be caught off guard!
Share this Post