Category: Scams

Well, this was one of the most random scam/spammer experiences of my baiting life/career.

Email address used: supportteam@daramail.com

I got an official email from Amazon Prime (haha it wasnt official) thanking me for my recent payment of £79.99 for my prime membership. Hmm, I do have prime but pay it monthly.. I wasnt really puzzled – I knew it was a scam before I even opened it, let me explain;

Ok, so for starters a company as big as Amazon would not miss a space between Amazon and Prime in the title of an official email.

Also, the grammatical errors are immediate, and inexcusable. Greeting not Greetings. No pound sign, missing dates, its just all wrong. Also £79.99 is the annual payment, then it refers to monthly. I think this was maybe to panic the reader and make them do something. Anyway, the email itself was obviously fake – but it wanted me to call a phone number;

This puzzled me. As literally 99 out of 100 other similar scams want you to click a link and they harvest some kind of credit card info or personal info from you.

So, I called the number.

Ring ring…

Ring ring…

“Hello?”

I played along a bit;

“Hello, is this Amazon Prime?”

He replied

“Yes, this is amazon prime how can i help”

Me: “I got an email, I think I need a refund or something?”

Him: “Yes ok [inaudible]”

Then I dropped the bomb.

Me: “How do you sleep at night knowing you’re scamming people out of their hard earned money?”

I fully expected him to hang up, but he didnt!

I asked him why he did this, and he told me!

He explained that he also worked full time, and that COVID has caused so many issues in his country, he needed to earn money to he turned to this scam. He tried to say he was a nice guy and that he didnt take much money from people he was just trying to survive.

I explained that he wasnt not going to know if he caused issues for people and £79.99 is a lot of money to a lot of people!

I asked him if he had grandparents, he said yes and I asked him how he would feel if someone stole their last £80, he went quiet.

Then, his manner changed. He seems to be less confident and more humbled. I asked him to think long and hard about what he was doing, and he said he would stop doing it.

A scammer with a conscious!

Update – I started writing this on the 3rd of June – its now the 16th and the number now just rings out. I hope this means hes stopped the scam!

Update – He called me back! I didnt answer, but it means hes still at it.

Update – Had a call today from 01324 409 887 and an automated lady said similar to the above “your prime membership is expiring etc” and press 1 to speak to someone, I pressed 1, through to – what sounded like – the same guy.

01324 409 887

DO NOT PAY THIS GUY ANY MONEY! HE IS NOT AMAZON PRIME!

My past is littered with instances where I have been sued, or people have tried to sue me. So when I received this email about a Subpoena I opened it with hesitation in case it was something legitimate.

Once open, it was quite clearly not. haha.

Came from the following address – looks propa legit innit;

The link in the email links to a hosted Google document, and then it wants you to download a file;

The download link takes the user to a really dodgy URL;

https://www.google.com/url?q=hXXp://193.0.178.46/m2Dj5W&sa=D&ust=1571397808415000

(obfuscated URL to avoid you getting e-aids)

This is really concerning as the use of Google docs to host this legitimises the scam, I have reached out to google to get them to remove the page.

These scams are starting to get more intelligent, and it seems some of the larger vendors (Amazon, Google,. etc) are seemingly letting things fall through the cracks which is, I guess, to be expected. Its still alarming and a worrying thing to be discovering especially as technology isn’t slowing down, I hope security and corporate responsibility/accountability can keep up!

Remember, if its too good to be true, its probably a scam.

Wow, this one took me by surprise to be honest. We use Mailgun for many of our customer sites, as it provides great logging and flexibility for delivering emails. It also means the outgoing emails aren’t tied to the same server the website is on, as emails can get people on blacklists and that can cause website access issues for customers.

Anyway, a customer emailed this to me this morning, they asked if it was a support ticket we had raised but straight away I knew something was wrong, as the format of the email/support ticket was all wrong.

This is the fake one;

To the novice user or someone not familiar with their email format would deffo fall for this. You should always hover over or inspect links in emails like this, before clicking on them;

Hovering over the app.mailgun.com link shows that it would actually take me to kapsicum.com which I can only assume is a hacked website. Normally I would click on it and screenshot the website it takes me to, but it’s early on a Monday and I have a bad feeling about this one so dont want to risk the malware infection to be honest! 🙂

Just FYI, this is the format of a support ticket notification from Mailgun;

And this is how newsletters come from Mailgun;

So none of the official emails look like the spam one, but to the untrained eye it would be easy to mistake and click on the link.

Be warned!

If you didnt ask for or request the email in some way, its probably a scam – so forward it to me so I can blog about it!

Don’t get it twisted, this isn’t FROM the .gov this is someone pretending to be them to get ya deets.

The email looks like this;

The page looks like this;

Even the footer is identical to the actual gov website;

The domain name, however, isnt;

hXXps://majesvehicle-onthereq.com (t’s replaced with X’s)

I clicked the link in the email (you shouldnt ever do that) and it was actually a legit Constant Contact URL which forwarded me to the above URL. So Constant Contact are helping these scammers. Well done.

Someone less savvy would fall for this.

Tell ya friends, share this article, repost, duplicate, idgaf, I just work here.