We work behind the scenes for threat prevention and protection. We believe threat prevention is a group effort with the goal of shutting down scammers. Phishing and these scams are out of control, and we feel we can make a difference by working actively as a secret superhero against crime.
July 2024
Another SCAM successfully shut down!
Initial Examination
Our team at US Service Cetner received this phishing email claiming there were potential trademark infringement. After some research and due diligence, we discovered this domain was created about 2 weeks prior and the referenced attorney was incorrect.
Phishing Email
From: eric@[redacted].com
Sent: Thursday, July 25, 2024 12:33 PM
Subject: Urgent Notice Secure and Safeguard Your Business NameI trust this message finds you well.
I’m urgently contacting you regarding potential trademark infringement of your business name, “US Service Center” Another party has applied for trademark registration through us for the same business name, despite your long-standing use of it.
Trademark infringement is a serious issue that demands immediate action to safeguard your rights and protect the integrity of your brand. Without federal registration, your business name is vulnerable to unlawful claims, potentially jeopardizing its recognition and credibility.
Without federal registration, your business name is at risk of being unlawfully claimed. This could lead to the loss of recognition and credibility for your business name. We need to act swiftly to prevent this.
We are committed to assisting you in navigating this situation swiftly and effectively. It is crucial that we act promptly to prevent any further complications.
I urge you to contact me urgently at [redacted] or reply directly to this email to discuss the necessary steps forward.
Your prompt attention to this matter is vital. Let’s work together to secure the full ownership rights of your brand name and ensure its protection against unauthorized use.
I am looking forward to your prompt response!
Results
Our findings were reported to the registrar of record immediately, and within 1 day confirmed to us the domain was shut down. Working with the registrars is how we stop and prevent these continued threats.
April 2024
Phishing emails originating from valid Xero accounts
Initial Examination
There were several threats originating from Xero servers. Because Xero.com servers are validated, these phishing emails were passing spam and malware filters. The criminals were being creative in attempting to circumvent email security.
Phishing Email
Hi,
Here’s your statement for the period Apr 1, 2024 to Apr 30, 2024.
For any inquiries concerning refunds or order cancellations, please call customer service at: +1 (xxx) xxx-xxxx.
Thanks,
[redacted]Attachment was a fake PayPal invoice [removed]
Results
Xero was very helpful and quick to respond. They were able to shut down the affected accounts to help contain the spread of the scam.
March 2024
Domain Impersonation Shut Down
Initial Examination
Our client’s vendor was compromised with a bad actor monitoring their email account. Once they noticed a $41,000 wire transfer, they decided to act on their crime. Basically, what the criminal observed was an invoice email from our client requesting a wire transfer of $41,000 to be sent to a specific bank routing and account number. This is when the crime began. They registered a new domain name with an extra “i” in the name. This is called domain impersonation (a version of type squatting). The criminal copied the original email along with updating the routing and account number to THEIR account.
On this new invoice email from the impersonated domain, they stated, “Effective immediately, our terms of payment have been revised for electronic remittances tentatively, and we won’t receive paper check payments anymore. All outstanding payments are to be remitted via ACH only. I will provide our banking instructions upon request.”
Our cybersecurity experts reviewed the emails and discovered the crime. We reported it immediately to the authorities.
Phishing Email
From: [redacted]
Date: Tue, Mar 5, 2024 at 2:23 PM
Subject: Revised- Inv#4134-J10414 45% Progress Payment
To: [redacted]
Cc: [redacted]Good Afternoon [redacted] ,
Please note, Effective immediately, our terms of payment have been revised for electronic remittances tentatively.and we wont receive paper check payments anymore.
All outstanding payments are to be remitted via ACH only. I will provide our banking instructions upon request.
Can you confirm when the below statement will be paid?
STATEMENT OF ACCOUNT: #20-10414 February 29th , 2024
Transaction: Inv#4141 New Adjusted Pricing Total: $41,186.54
Kindly revert back to me as soon as possible.
Thank you
Results
The results are Cisco: “After manual review, Talos has concluded that the impersonated domain is indeed malicious. Talos has identified behavioral indicators of involvement in phishing attacks. The issue has been rectified and the domain/URL has been added to the blacklist.”
Also, with the domain registrar, “Listed abusive account(s) has been suspended.”
September 2023
Fake LinkedIn Job Recruiters
Findings
Our cybersecurity team discovered these fake LinkedIn job recruitments were originating from scammers posing as job recruiters on LinkedIn. Their goal is to transfer the dialogue from the LinkedIn system to your direct email account. If this is a request, it is more than likely a scam. It is the gold standard in scams to move conversations from the platform to direct email or text conversation. If this happens to you, note this is probably a scam.
Phishing Email
From: [redacted]
Sent: Sunday, September 17, 2023 1:25 PM
To: [redacted]
Subject: Re: Job ref No: 00859Dear [redacted],
Thank you for your application for this position. [redacted], is an industrial company, engaged in the manufacturing and selling of custom-order products and general standard rubber, plastic, and associated metal products. Our head office is based in Tokyo, Japan.
In line with our business organization, we wish to have a company representative and contact point in the USA and Canada. This position will not affect your current job, We will be seeking to engage your services in the area of financial coordinator as our representative in your region. We aim to project real-time service delivery to our customers. More importantly, we wish to eliminate the delay in receiving check payments from our customers in North America by our local banks here in Asia which is approximately between 4-6 weeks against a couple of days over there. This position requires you to have Good communication and accountability skills.
The main duties/responsibilities will be for you to;
-Act as an intermediary between [redacted] and our customers in your region.
-Manage the end-to-end accounts receivable process, including invoicing, payment tracking, and collections.
-Communicate with customers via email and phone to follow up on outstanding payments.
-Maintain accurate records of customer accounts, invoices, and payment history.
-Monitor and analyze accounts receivable data, prepare reports, and provide insights to management.
-Received payment from our customers in Canada and America, processed and remit the same to the company
As our partner, you will be entitled to $7,000 USD monthly and (plus) a 10% commission on any payment that is made to you from our customers and remitted through you.
If interested in moving forward, we kindly request that you click on the link below and fill out the form to enable us to proceed.
Many thanks and kind Regards
[redacted]
Recruitment Manager
[redacted]
[redacted]This email and any files transmitted with it are private and confidential and are intended solely for the use of the individual or entity to whom they are addressed to. If you have received this email in error, please let us know by replying to the sender, and immediately delete this email from your system.
Results
We examined the emails and the domains. We discovered the emails were originating from Zoho email servers. We provided our findings and reported the scam to Zoho. They took immediate action. “Our Abuse team has taken necessary action on the mentioned user and there should be no issues now.”