Spam, Scams, and the Scamming Spammers Who Send Them

Abby's Spam and Scam Awards

Spam, Scams, and the Scamming Spammers Who Send Them

Working with small businesses across several industries, I have eyes on dozens of websites every day so I see every kind of Spam there is. Spam scams come through website contact forms, blog comments, and via email, plus the good-old scams via mail and phone are still alive and well.

This constant barrage of scams makes it easy for me to recognize when something isn’t legit. However, I can totally see how small business owners get caught off guard by some of these.

I’ll give you my list of top scams – ones I see the most or that trick people the most and give some tips on recognizing scams and keeping yourself, your business, your computer, and your website SAFE.

A spoof on a phishing email claiming to be PayPal Customer Service, from email address <totally-not-paypal@scams-r.us>.  Says "Dear Hello ,
There has been suspicious activity on your PayPal Account. Please click here to verify or reject this recent purchase for $3,562.24." and links to http://stealingyouridentity.net/scam/trick34242-f98v/hahaha-got-you
A spoof of a spoof email I created.

Rule #1: Don’t click the link!

Any link – or attachments. If the email/message seems even 0.1% suspicious, DO NOT click anything!

“Oh crap, Abby, I clicked the link”

Make sure your computer’s anti-virus and malware protection are up-to-date and run a scan.

If you logged in on a phishing site, go to the real site and change your password immediately. If there’s an option to “Log me out on all other devices”, choose that option. Per the FTC, if you think sensitive personal information got into the wrong hands, such as “Social Security, credit card, or bank account number, go to IdentityTheft.gov. There you’ll see the specific steps to take”. And check out the other Resources below.

How to tell legitimate messages from spam:

  1. Well, 99.9% of the time, if you’re questioning it, it’s a scam.
  2. Look at the actual email address; is it from that company’s domain? Would PayPal use a @gmail.com email address?
An actual email I received.
  1. Is it a company/person you’ve never heard of saying you owe them money? If yes, it’s probably spam.
  2. Is it a company/person you’ve never heard of saying there’s something wrong with your website or Google indexing? If yes, it’s probably spam.
  3. Is it a company/person you do know but is telling you or asking you something that seems off? If it seems “fishy” it might be “phishing” – where they pretend to be someone they’re not (often PayPal). Checkout the FTC’s article on recognizing phishing scams. Whatever you do, again, don’t click the link.
    If you’re not sure if it’s legit or a scam, open your internet browser and actually type in the website, log in, and see if there are any alerts or messages.
    Forward phishing emails to the Anti-Phishing Working Group at [email protected], and check with the company being spoofed as some have a designated email address to forward phishing scams to (like [email protected]). You can also forward phishing text message to SPAM (7726).
  4. Was their greeting generic or did they use your actual name? If it seems like a message that was Copy/Pasted (more likely totally computer generated), it’s probably a scam.
  5. Is it in the form of a Blog Comment or a Contact Form, even though your email address is right there on your website? If yes, it’s probably spam.
  6. Did they provide their company name, website, or phone number? If it’s just from “Tammy”, consider it “spammy” 🤣

Why all these scams?

Most of them are trying to find a way to steal info/data from you, or are trying to get malware/spyware onto your computer so they can steal info/data from you. Either way, it’s about money. They either sell the stolen information or use it themselves to steal your money or your identity.

Scams I See the Most (and that get my goat the most):

#1 – “Your Google Business Listing has not yet been claimed” or anyone “calling from Google”

This scam comes in at #1 because it’s the longest-running and most persistent. I’ve stayed on the call to get more information on who these scammers are, but when I start asking questions they hang up on me.

Now this one is usually a phone call, not an email, but it certainly scares people (and fools some) all the same. Unless you’re paying Google (i.e., running Google Ads), they will never call you. Also note that Apple will never call you about your iCloud account. 😉

#2 – “Your website… is violating the copyright-protected images owned by me personally.”

This gets the #2 place for most wide-spread. I myself have gotten emails and blog comments, but I’ve also had several very concerned clients contact me about it too. The email/message is from a different name and email address each time, but the content is almost always verbatim:

Your website or a website that your organization hosts is violating the copyright-protected images owned by me personally.
Take a look at this document with the URLs to my images you utilized at www.insert-website.com and my previous publication to obtain the proof of my copyrights.
Download it now and check this out for yourself:
https://firebasestorage.googleapis.com/v0/b/[dwnld-yattayatta-numbers]
I do think you’ve willfully violated my rights under 17 USC Sec. 101 et seq. and can be liable for statutory damages of up to $140,000 as set forth in Section 504(c)(2) of the Digital Millennium Copyright Act (DMCA) therein.
This message is official notification. I demand the removal of the infringing materials mentioned above. Please take note as a service provider, the DMCA demands you, to eliminate and/or deactivate access to the copyrighted content upon receipt of this particular notice. If you don’t cease the utilization of the aforementioned copyrighted content a court action will be initiated against you.
I have a good faith belief that utilization of the copyrighted materials mentioned above as allegedly violating is not permitted by the legal copyright owner, its legal agent, or the law.
I declare, under penalty of perjury, that the information in this notification is correct and that I am currently the copyright proprietor or am authorized to act on behalf of the proprietor of an exclusive and legal right that is presumably infringed.

[Sincerely or Best Regards,

Angel Gulywasz, Sarah Grant, Gary Walters, Jane Doe, etc.]

The link is always a firebasestorage.googleapis.com link (though early on it was Dropbox or WeTransfer or something). I reported a few of these to Google – hopefully they’ll get caught. Again, do NOT EVER click the links! Not sure what they go to but I wasn’t about to find out.

#3 – “I came across your website and noticed a few errors that could be easily fixed and may be harming your rankings in Google.”

Coming in at #3 as an honorable mention for persistence (daily emails) and for irony (this is literally what I do for a living). I get more SEO spam emails than anything! This message also comes from different names and different email addresses/domains but remains virtually verbatim:

I came across your website and noticed a few errors that could be easily fixed and may be harming your rankings in Google.
I would like to send you a quick report highlighting these and offering some tips for improvement.
It’s completely obligation free and you should get some value from it.
Are you the right person to send this to? If so, I can send it to you sometime this week.
Thanks & Regards
[Ivy Lewis <[email protected]>, Julie Ryan <[email protected]>, Amy White <[email protected]>]

#4 – Fake invoices used as a marketing tactic

I see this tactic the most with domains renewals but sometimes for website hosting. I’ve known people who paid $100-$200 to some scam company to “renew” their domain – luckily they didn’t lose their domain and/or have it held for ransom (this happens more than you’d think).

Not technically a scam because it is totally legal, and that’s what makes it extra awful. These examples are actually totally legal methods of “solicitation” as long as they state “This is not an invoice. This is a solicitation.” While it is legal, it’s totally bad business. If your business is hurting for clients so bad that you need to try to trick people into doing business with you, it’s time to close-up shop and get a day job.

One example below was sent to a client, the other was sent to me (for hosting, which yes, ironically, is also a part of what I do for a living).

Conclusion:

  1. Keep your computer and website updated. For your computer, this includes things like core updates, driver updates, anti-virus, firewall, Malware protection, and anything security-related. For your website, this means plugins, theme, WordPress, PHP, firewall rules; if you’re not sure about anything, talk to your website’s hosting company.
  2. Stay skeptical. Estimates say 45-75% of all emails are spam and 1 in 99 emails are a phishing scam. Take everything with a grain of salt, especially strange warnings, errors, lawsuits, and invoices.
  3. If you’re being sued, you’re not going to find out through a comment on your blog.

Resources:

Formatted as “description linked to page: plain URL” so you can copy and paste it if you’re feeling extra cautious after reading all this.

Photo of Abby Lehman Buzon, owner of The Helpful Marketer

About the Author

Abby Buzon

I'm Abby (Armstrong-Lehman) Buzon, Lead Designer & Owner of The Helpful Marketer, based in Medina County, Ohio. I got my start in marketing and website administration in 2010, became a mom in 2015, and left my day job in 2017 to begin The Helpful Marketer. I'm happier than I've ever been and I truly love what I do, so I'm here to share my story and give some marketing tips along the way!

 

Leave a Comment