So my email (edited) was at the end, I assume so on the page that would load it would say “your email – info@domain.co.uk needs bla bla”. Unfortunately the page didnt load, so someone beat me to it.
If you get an email like this, forward it to your web person or support person and ask for help. If you have never seen anything like this before, then its probably a scam.
It was only a few weeks ago when I blogged about a car tax scam a friend sent me, when this morning a different friend sent me a different DVLA Car Tax Scam!
Red flags;
Email is obviously not right
If you hover over the button it goes here: hXXps://taxreminderservicewebbapps.urbanconcepto.com/?alwasyw – doesnt look very government-y does it!
Its also not addressed to my friend – “Dear Vehicle Owner”
Etc….
The button takes you to a fake website, interestingly after I had visited the website once, it would not let me view it again. I did try clearing cache and changing IP and it still didnt work, but then i switched to my phone and it worked again. They had screenshot blocking technology on the website so I had to take photos of it on a different phone. This made me feel about 78 years old but I didnt have time to get it working on my laptop again so I could take proper screenshots haha.
Same as usual though, fake website on a hacked domain, once you fill those details out it will send them to someone and then boom, you are short a few ££ in your bank account.
Take your time and read things, look out for red flags and if you are unsure – give me a shout 🙂
Honestly, this one was scary! There were ZERO red flags, apart from the fact I know this email address doesn’t exist. Absolutely EVERYTHING ELSE was 100% convincing.
Fake Google Doc Share Email
So I got this email to my work email, from an account with the same domain as my work. So this looked like a 100% convincing internal document share;
So we had another fake Google email as part of a scam recently, but that had a Googlemail.com email as the sender, and a few other things that indicated it was dodgy – this one didnt. This one was VERY professionally put together.
There is nothing there (apart from the fact I know finance@mydomain.url doesn’t exist) to indicate this is not a legitimate email.
Breaking Down the Fake Google Doc Share Scam
So, the email itself looked legit, the URL the button wanted to take me to was this (url obfuscated to avoid it being crawled or clicked);
So on the face of it, it isnt screaming SCAM as it came from what appeared to be a totally legitimate Google email!
NEVER CLICK ON LINKS IN EMAILS OR BUTTONS IN EMAILS IF YOU ARE UNSURE OF THE LEGITIMACY OF THE EMAIL. LEAVE THAT TO IDIOTS LIKE ME.
The URL itself (opened in a controlled environment) opened a page with what appeared to be a Captcha;
Looking into the source code, the page was quite simple and in fact looked like it had been ripped from a template somewhere – there were placeholders like this;
Which is quite surprising, considering how much effort they had put into the rest of it. That said, the implementation of this scam is quite advanced in that they are using an SVG (which is essentially an image) to contain the Base64 encoded payload.
What the page is trying to do is this; the captcha is there to stop Bots and stuff from finding their fake Google Login page, which is what the page was going to redirect me to once I filled in the Captcha.
hXXps://accounts.authenticationsystems.cloud
That is the URL that I decoded from the Base64 hash you can see in the above screenshot. The URL doesn’t work, so maybe had they had already been shut down by the time I got to it?
Why This Scam Seems to Go Nowhere?
So it seems strange that the final step in this puzzle is a dead end. Why go through so much effort, to then fall at the final hurdle?
Well in some cases, that the point. These scams are like a burn-and-rotate kind of scam. The first step is the super convincing email, the second step is like a “gatekeeping” step to stop bots and stuff from following links and flagging the website as malicious.
The final bit of the scam is the piece that can link the perpetrator – and this is the bit that get burned quickly after the scam has taken place. I have reached out to the Cloud domain registrar to see if that domain was in fact registered, and if so – who to – but due to GDPR I dont suspect they will give me any info. I’d like confirmation on whether it was ever registered or not though.
If it had loaded, it would have probably looked identical to a Google login page, and at that point if I had input my details, it would have pretended to log in, send my Google details to some dodgy person somewhere or store them in a file on their server, and then redirect me back to a legitimate Google login page.
I will update this post if I hear back from the Cloud registrar.
UPDATE 15/12/25
I received this on Friday – result!
They confirmed afterwards that the domain was already suspended by the time i had emailed them – which I sort of suspected to be honest anyway. I dont think it was registered long, and in fact there was no WHOIS info available, so its likely it was only online for a very brief period of time. At least its not just me fighting the good fight!
My take-away from all this, is that with the rise in AI and tools that can help you make phishing sites with the click of a button, we are gonna have to be on our toes 100% of the time to ensure we stay safe. This particular scam was so detailed, and had almost no red flags at all. This would have fooled even the most switched-on user.
Things seem to be coming at me thick and fast at the moment. A customer of mine recently signed up to use my agency as their cbd payment gateway partner, we have been integrating it for a while now and we were about to go live when he got this Trustwallet Systems SCAM email;
The Trustwallet Systems SCAM Fake Email
Now most of you reading this may not have heard of a payment company called Trustwallet Systems – but the supplier I work with literally has the word Trust in their name. The similarities between the wording used here and the wording used by my supplier is spooky. Trustwallet systems seems to be actually crypto related, but the similarities between their name and the name of my payment partner are scary.
So what is this Trustwallet Systems SCAM?
I’m afraid this time I wasnt able to find out. All the warnings (Nord, Chrome, etc) suggested that it was Malware related – which would mean visiting the links would result in your PC being infected. And then you would probably get popups about how your device was infected and you had to pay some fake support company in Amazon gift cards to “fix it” for you.
The link at the end of the trail was already dead, so well done whoever reported them 🙂
This was spooky, well timed, and could have fooled my client – but thankfully my clients are switched on and always double check things like this with me first.
