Categories
Sneaks and Scammers

Pandemic Unemployment Assistance Scam email

I recently received a scam email claiming to be from the Department of Labor, saying my Pandemic Unemployment Assistance (PUA) has been temporarily restricted. Now, I’m not on PUA, so I knew immediately that it was a scam, but this one was tricky, because the scammers used a legitimate bulk email service1 to send it, and the return address seems to belong to a dol.gov account.

Text of email: Dear PUA Customer, We’re writing to let you know that your access to your online account has been temporarily restricted because of suspicious activity and require your immediate attention: Please log into your account immediately to verify your recent activity: Verify Your Recent Activity It is very important that you follow all instructions included in each document when responding. If you do not respond timely, you may miss important deadlines, and the agency may make decisions about your PUA benefits based on the information available. If you'd like to unsubscribe and stop receiving these emails click here.

What are some problems with this email? Well, the dol.gov address (Department of Labor) looks pretty good, but:

  1. The “To: Customer Service” return line is a tell. That should be my email address, not the sender’s.
  2. Emails that start with “Dear…” Unless it’s my grandma, no email starts with “Dear”, especially from a business or the US government. “Dear…” is generally my first indication that the email I am reading isn’t legitimate.
  3. The greeting doesn’t have my name. If the US government is going to send me something that requires my action, it will use my name. Fraudulent bank/credit card scams also omit the name, because they don’t know it, whereas legitimate bank and credit cards email do put my name in the greeting. Seeing your name is not a guarantee of legitimacy! But if there is no name on something that you, yourself, are supposed to take action on, it’s most likely a scam.
  4. The extra spaces between “your  online” and “and  require” in the first paragraph. Legitimate emails go through more than one person before they are sent out. Typographical errors are a sign that no one proofread the email.
  5. What can’t be seen here is the link under “Verify Your Recent Activity.” If it were legitimate, it would go to a dol.gov (US Department of Labor) website. This does not. It links to a very complicated URL, which is from a bulk email service. See below for more details.
  6. The link to unsubscribe. If this were a government email, it would probably have a whole lot more text at the bottom, but it wouldn’t offer a way to unsubscribe as if it were from a mailing list.
  7. The entirety of the email being just text and oddly indented. Scammers are extraordinarily lazy. This doesn’t look anything like an email that you would get from the federal government. The lack of polish is a giveaway.


The link presented by a bulk emailer essentially hides where you’ll end up, in this case a URL starting with themooregroupofsc.cxx/wordpress/ If you’re unsure about the providence of any link, do not click or press on it. Often hovering over the link with your cursor on a computer will reveal the link’s URL without clicking it. I haven’t found a good solution on a mobile device, as you have to press the link to expose where it goes, and that pre-loads part of the website.

This (with redactions) was the link under “Verify Your Recent Activity.”

hxxps://u######.ct.sendgrid.net/ls/click?upn=HUlVlvE0NTGfmvKMRAeHOabb459Zmn4-2F05MDbjItZi4-3DB9Df_IYQgkcewnfgdL-2B1g8T-2FISryWQbRgm5CHR4aUqu-2FNqaI41yO6leoxDZnaMya5uE6R0C1aB-2BZ6Tq52Wql4YZwmg3FOYUTr1eDgfI-2BOrqgwBNKRsLQ-2BhsaYKkta7hMpLblBgjbAggxBjyhAQNosJH8lSwGoaNyEhcoto9h-2F446UqQ3AA1WY7UUw4puPG7S9GYWBaISrKfiX1FfFWDo1TwKedYEGxRzrY-2FdsS-2Bcpwu31CYw-3D

This led to a site that looked like this:

Website excerpt of scamming site containing fields asking for Social Security Number, password, and Zip code.

Entering any information in these fields would go directly to the scammers. This is particularly problematic because it asks for a Social Security number. There are a few checks to make before entering information on a website like this. 1 is that the URL does not contain dol.gov/ or as it would imply login.gov, which means that this site is not a Department of Labor nor a US government site. And 2, a more subtle clue is that the site is not SSL secured. The technical aspects of that are not important, but the browser would show a (usually green or grey) lock icon before the URL. In this case, there is a strike-through over the lock icon, which essentially means the browser cannot determine who owns or is responsible for the website. Never put personal or financial information in any field of a website that isn’t showing a lock.

If you have any questions, I’m opening the comments on this post. DO NOT SHARE PERSONAL OR FINANCIAL INFORMATION. But feel free to ask general question, point out errors in my logic, or to check if that email that just doesn’t seem right is really a scam.

  1. No one likes bulk emails (spam), but a legitimate bulk emailer is not a criminal. ↩︎
Categories
Sneaks and Scammers

Sneaky advert for car company

So a couple of weeks ago, I got an official-looking mailing, apparently from “County of Suffolk.” Now I knew that it was not actually from Suffolk County, let alone from the government of the county, because the postage came from Fort Lauderdale, Florida. A scan of the outside of the mailing is below.

Advertisement for Hustedt Hyundai

Let’s enumerate the warning signs:

  • “County of Suffolk” is not an actual entity. Something from the county clerk would say “Office of the Suffolk County Clerk.” Something from the sheriff would say “Suffolk County Sheriff’s Office.” And so on. “County of Suffolk” is no one.
  • There is no insignia. County offices have shields and other symbols representing official documents. They even put these on the outside of envelopes.
  • Jury notification or the like would have printed on the envelope, “Jury Notification,” or the like.
  • The cancellation was from Florida. Suffolk County, Long Island, New York, officials don’t mail things from Florida.
  • Many mass-mailing services are located in Florida, where it’s cheaper to print tons of crap than it is in New York.

And so, of course, this was an advertisement for a car dealership in my town.

Categories
Short Subjects Sneaks and Scammers

Monster Target

I posted a resume on Monster.com about a year ago and never got any job offers. I’m not surprised or bitter about this. It’s just a statement of facts. My resume reflects my general knowledge of all aspects of graphic design, and, as such, is targeted towards nothing in particular.

But a couple of weeks ago, I got a call from Primerica. Lo and behold, someone there got my resume from Monster.com and I was a perfect match for their company! That was amazing to me because my sales experience can be summed up by the four months I worked in Sears selling hammers. But the message was funny, because the nice, well-spoken, eager young lad on the phone never once said how I’d be a perfect fit for Primerica. Did they need a new ad campaign or something? Were they entering the printing market and needed a decent paste-up artist?

I knew of Primerica long before this phone call. Before Citigroup purchased them, and gave them a needed veneer of legitimacy, the Primerica guys would come to Kinko’s to get their business cards printed, and they would chat up all of us in the Computer Services department. Just like the Amway guys. And much like the Amway guys, they’d ask us if we’d like to make x-amount of dollars per year, but the Primerica guys always made that figure 10 times greater than the Amway folks.

And the Primerica guys were always slicker, with their suits and nicely shined shoes. And they were always in that 25 to 35 year-old range. And they were always male.

But, unlike the Amway folks who pretended to sell products, the Primerica guys were terrifically vague with what Primerica actually sold. Oh, sure, Primerica was the fast way to financial independence. It was for go-getters like me (and the rest of the wage-slaves working at Kinko’s). It’s based on proven business techniques. Sure it was hard work, but the rewards were multitudinous. It was certainly not illegal or a scam. …oh, multi-level marketers. When will you ever learn?

Anyway, these well-pressed clones all sang the same song, and on my voice-mail the other week, I heard that familiar tune. But this one bothered me a bit more than the slick-suits who were so hard up for contacts that they bothered the slackers working in a copy shop. I mean, this guy was pretending to offer me a job. All he really wanted was for me to return his phone call, so he could sell me on Primerica. Did I mention that Primerica was a subsidiary of the Citigroup? Because he did. Twice.

On that same level of cheese, I get this email today with the subject, "Your Resume" (emphasis mine):

Your resume reflects the type of experience needed to be successful at American Income Life Insurance Company. That’s why I was excited when I received your resume but was disappointed when you did not reply to my e-mail. We currently have an immediate opening in your area and I believe you are the perfect candidate for this position.

Our unique marketing niche enables us to supply our sales force with leads of union members who have indicated an interest in reviewing our products. With American Income, there is virtually no prospecting for leads.

Many new representatives are shocked by how quickly their earnings escalate. Selling insurance is not hard. There are no education degrees necessary, only minimal licensing requirements. You don’t need prior sales experience, just a desire to succeed. In fact, we offer an in-field training program, flexible hours and full support.

Your earning potential is unlimited. Many new representatives earn from $60,000 to $90,000 or more their first year. There’s no more depending on someone else for a raise. You are in control of increasing your earnings.

Please CLICK HERE [link removed] to learn more about this important opportunity. We are eager to speak with you as soon as possible.

Sincerely,

Roger Smith

President And Chief Executive Officer

American Income Life Insurance Company

1200 Wooded Acres Drive

Waco, TX 76710

P.S. You received this E-mail because you responded to our ad or placed your resume on one of the internet job boards. To unsubscribe from future E-mails follow the link below.

We would like to keep you updated on exciting job opportunities at American Income; we will continue to alert you when we have openings at our local offices.

Click here [link removed] to unsubscribe from further communication regarding job opportunities at American Income.

Please allow two to three business days for the removal process of your E-mail address to be complete.

American Income Life Insurance Company

1200 Wooded Acres

Waco TX 76710

This message contains information which is privileged and confidential and is solely for the use of the intended recipient. If you are not the intended recipient, be aware that any review, disclosure, copying, distribution, or use of the contents of this message is strictly prohibited. If you have received this in error, please destroy it immediately and notify us at PrivacyAct@torchmarkcorp.com.

A couple things to note: My name is nowhere on this email, and it has nothing to do with the jobs that I’m interested in–they just harvested the email address I left on Monster.com. But Roger tells me that he was excited to receive my resume, and so was upset when I didn’t email him back, an amusingly blatant lie. Why would I trust a company like this when they can’t even be honest with why they’re contacting me? This supposed insurance company is an MLM, too, because they want to sell me the privilege of selling the company to others. The no-repost notice at the end is a fine bit of irony, too.

I also find it humorous that they tell me that I received their email either because I spoke to them in the past or posted my resume on a job board, a job board where I specified not to be contacted by third-parties, I might add. I don’t blame Monster for this, but it does serve as a lesson to job searchers out there. There are sharks searching for you, too.