Category: Scams

  • Greystar Apartments PPC Scam

    Firstly, I am not suggesting Greystar Apartments are a scam, but this scam itself is doing the rounds and these people are pretending to be Greystar Worldwide LLC. This is the Greystar Apartments PPC Scam.

    Greystar Apartments PPC Scam

    It started with an enquiry, the domain looked a bit dodgy but I actually thought it was another marketing agency at first. This is a tactic used by them sometimes, like “Oh we are looking for agency partners for a big client” but all they are really trying to get you to do is join their super secret lead-gen club.

    I replied, with the utmost professionalism;

    As I knew this wasnt a legit request.

    Greystar Apartments PPC Scam

    Hmm, I Googled the name and this guy is the managing director, but this screams scam to anyone that knows what they are looking at. That said, I wasnt sure how they were gonna try and scam me yet – I still knew this was dodgy AF.

    Its written to literally make a small digital marketing agency owner weak at the knees – $70,000 budget a month?! That management fee will be the equivalent of someone’s WAGE! Oh SHIT!

    Also the Greystarppc.com domain name was registerd 7 days prior to me writing this article.;

    Anyway, like I always do, I baited them;

    My new friend Christopher replied;

    And I got this email through;

    Email it was sent from was adspromonoreply@googlemail.com – Greystar Apartments PPC Scam

    The email they have sent from is wrong, although fairly convincing. Also, the Fwd: bit at the end of the subject is something you would not see. These emails are auto generated, not forwarded.

    The button itself also shows us our next clue, as it links here;

    Again, they have done a good job with this planning, they used a Googlemail email to send a Google email, and have hosted a fake Google ads page, on Googles server.

    This scam WILL trick innocent people.

    Clicking the CONTINUE button and Nord stepped in;

    It was trying to send me to google.accounts-signin.com – again, looks convincing, but the domain is www.accounts-signin.com and that doesnt look like a Google domain.

    I bypassed Nord but it looks like the page has been taken down now anyway.

    In short, this is a fairly well thought out scam, they are trying to get you to add your Google credentials into a fake login page I suspect – and then once they have your Google login they would proceed to ruin your life.

    There may be more to it along the way – but if you are a digital agency owner, dont fall for these scams. There are a few variations, a few where they get you to quote for work and, and a few other variations.

    Greystar Apartments PPC Scam

    Greystar Apartments PPC Scam

    UPDATE: I had to restore the Greystar Apartments PPC Scam article due to a software glitch, and in doing so I had to take some of the screenshots again. One of them was the WHOIS lookup, and when I did the first one it seemed to show me more information that it should have done – i’m not sure what is happening here but i’m sure this info should be redacted;

    Contact Information Registrant: Name: bui van Dong Organization: None Email: lskfoods@gmail.com Status: active Phone: tel:+84.898402000 Kind: individual Mailing Address: bach nga, xa nga son, tinh thanh hoa, 100000 ISO-3166 Code: VN Administrative: Name: bui van Dong Organization: None Email: lskfoods@gmail.com Status: active Phone: tel:+84.898402000 Kind: individual Mailing Address: bach nga, xa nga son, tinh thanh hoa, 100000 ISO-3166 Code: VN Technical: Name: bui van Dong Organization: None Email: lskfoods@gmail.com Status: active Phone: tel:+84.898402000 Kind: individual Mailing Address: bach nga, xa nga son, tinh thanh hoa, 100000 ISO-3166 Code: VN Registrar Information Name: Nhan Hoa Software Company Ltd. IANA ID: 1710 Abuse contact email: hdung@nhanhoa.com Abuse contact phone: tel:+844 73086680 DNSSEC Information Delegation Signed: Unsigned

    So that’s interesting!

    I’ve emailed lskfoods@gmail.com to see what they have to say for themselves. I will update the post if they reply.

    UPDATE 2: Their email has been disabled – this lead is dead 🙁

  • PayPal Scam – Anh Trung Dương

    Got a weird scam email through, so obviously fake/dodgy but I figured id post the info anyway in case it catches someone else off guard.

    Hasnt come from an official PayPal email, the entire content is in an image attachment – so its clearly not legit.

    Usual crap, ive been billed for an iPhone, and I need to call them to cancel. I wont call them as its a waste of time, but generally speaking they will ask me if I want to cancel, they assume I will say yes (when ive called in the past, I usually say no actually. That confuses them so much) and then they will take me down some process where I have to give them my PayPal details or access to my bank.

    These are always 100% scams, PayPal will never contact you like this.

    Dont call them.

    Stay safe.

  • Office 365 Business Premium Quickbooks Scam

    Online scams constantly evolve and thanks to AI its now getting harder and harder to spot what is legit and what isn’t. That said, there is still a real-world danger from simple email scams – as they seem to be evolving too, and are also getting more and more daring/sneaky

    FACTURA NO. MOSA-876543 DETAILS Invoice DUE 09/10/2025 £545.88 Print or save Powered by QuickBooks Dear Subscriber, We appreciate you for choosing us as your business needs. Please find your invoice details here. Feel free to contact us if you have any questions at +44 (33) 3880-8005. Have a great day. Bill to Subscriber Terms Due 09/10/2025 365 Business Premium £545.88 1 Year Plan 1 X £545.88 Balance due £545.88 Question's or Need Help ? Contact us : Helpline +44 (33) 3880-8005 Print or save Invoice Calle Felix Rodriguez de la Fuente 9 Cádiz, Andalucia 11688 no-reply@ms-365bills.co.uk

    The email from/to info;

    From: Invoice quickbooks@notification.intuit.com
    Sent: 10 September 2025 10:40
    To: cubismbuildup@gmail.com
    Subject: Here is your Invoice #MOSA-876543 for account

    Reply-to address is the same as the To: address here.

    The “Print or Save” buttons actually seem to go to Quickbooks, so this scam seems to actually use the Quickbooks system and payment methods to actually rob money off people.

    Crazy!

    The domain name listed next to the email address doesn’t resolve to anything, and the link to Quickbooks has been disabled but the fact they are scamming via a legit accounts package is insane.

    We really have to stay on our toes, as these scammers are getting more and more sneaky and will do anything they can to steal your hard earned money.

    A few FAQs below to help you if you have found this post and are unsure what to do.

    I got an email from Quickbooks with an invoice, I dont recognise it, what should I do?

    Dont pay anything, contact the company listed and ask them what the invoice is for. Ask them to send you confirmation of the services you have with them. If in doubt, contact me!

    Is Quickbooks a scam?

    No, absolutely not. Quickbooks is a legitimate online accounting package.

    365 Business Premium Quickbooks Scam

    365 Business Premium Quickbooks Scam

    Get your free link in bio tool

  • We attemрted to рrocess уour рaуment foг уour сhatGPT рlus subscrіptіon

    An associate of mine messaged me, warning me of an email doing the rounds that was claiming to be from OpenAI and was relating to ChatGPT plus subscription renewals.

    ChatGPT Plus Subscription Renewal Scam

    So lets go down the email and look at the obvious red flags;

    Sender email – if this was a legitimate email from OpenAI it would normally have an OpenAI sender address.

    Look out for punctuation and capital letters – If OpenAI were going to send an email like this, the mentions of ChatGPT would be written as such, they wouldn’t be written like this: chatGPT. This may seem like a small thing, but brands are usually quite strict when it comes to their brand name or their product names so this kind of mistake can often mean the email hasn’t come from them. Look in the footer of the email too, they wrote Openai – and this would never be formatted like this on legitimate emails from the company.

    The button – (WARNING: do not click buttons to test – let me do that!) The button links to;

    hxxps://www.bing.com/ck/a?!&&p=902c8aab5979ec1d5288669e24e0303164055e89ad40e958cb87f6472fecd73eJmltdHM9MTc1MjE5MjAwMA&ptn=3&ver=2&hsh=4&fclid=1aa6acb9-1517-6bad-1c52-b8d914516ab2&psq=site%3asanjaybapu.com+https%3a%2f%2fsanjaybapu.com%2f&u=a1aHR0cHM6Ly9zYW5qYXliYXB1LmNvbS9zaGlua2FyLw&ntb=1&mode=resetPassword&oobCode=9JQH7TMhiSNMSDxD0Gh1AJXGI2c-bIyLNvrSmnOlU-gAAAGYE1AqJg&apiKey=AIzaSyDwgfhGwcIlhC5qK3vhOHkVTbAjo1Ce3BM&lang=en

    The link is complicated but it essentially takes the user to sanjaybapu.com/shinkar/ which seems to just be a black screen;

    I assume this would have originally been a clone of the OpenAI website and load initially in some kind of user account section or a screen stating it was for a ChatGPT Plus Subscription Renewal and they would have taken some info and payment details and then probably sold your card info and/or your identity on the dark web.

    NB: To check a link without clicking on it, hover over the link or button and in the bottom right hand wide of your browser window it should show yo where the button or link points.

    Thankfully the Phishing website is now down, so no one can be scammed from these particular emails, but they have probably already made a new website and updated the button on future emails.

    So, if you get an email from “OpenAI” about any kind of renewal, check the above things carefully (or forward to me if you are unsure) and if you smell a rat, then double check by logging into your OpenAI account by visiting their website and if its legit the renewal should appear in there too.

    Be ScamWise folks!

    ChatGPT Plus Subscription