Punchbowl is a legitimate website that offers online invitations, much like Evite. And scammers are phishing for victims, by sending out email that looks like Punchbowl invites. Don’t be fooled! Here are the details:
A Good-Looking Fake
Here’s what some folks are receiving right now:
This message, should you receive it, may come from an email address known to you. But please don’t trust this. This is all a sham. Anyone tricked into clicking the Open-button will be taken to a website that looks similar to Punchbowl. That impostor site will ask them to sign in with an email and password. That info is then passed on to cybercriminals, who will log on to that email and use it for other nefarious purposes.
Dos and Don’ts
If you receive this message:
Don’t reply to this message.
Don’t Block the Sender (because it really did come from one of your friends).
Don’t click on any links.
Don’t type in any passwords or other important info.
Call the sender, or contact them outside of email, to let them know about this.
Encourage the sender to change their email password or otherwise secure their account. They have likely been compromised, and someone bad is abusing their email address!
If problems persist, mention to the sender that they can reach out to BlueScreen for direct help!
Someone recently asked about a business page on Facebook: “Hey, is this company legitimate? Am I going to be scammed by them?” I took a quick look and quickly saw the danger. Please check out the details below to become better at spotting a fake company on Facebook.
On the surface, this looks like a perfectly ordinary business profile. I see a local phone number and address, plenty of good reviews, and solid English used on the posts and descriptions. No obvious red flags for the casual observer!
Digging In
On this profile, I started by clicking About and then Page Transparency. This asphalt company showed:
From this, we see that the page was created only 5 months ago, and is managed by people in the US… and Spain? A rural West Virginia paving company with a connection to someone across the ocean?
Checking the Basic Contact Info
Next, I copied the phone number and threw it into a Google search, and also into DuckDuckGo. And these searches immediately connect with paving and sealcoating services. But the results link to companies with different names. And different locations. Nothing matches up with the contact info on the Facebook profile.
So I regarded the address. Copied & pasted it into Google Maps, Bing Maps and Mapquest (yes, they’re still around!). Each mapping service quickly put a pin down and offered directions to that location. But none of them mentioned a business at that pin. And something’s seemed off, satellite imagery didn’t show buildings right at the pin drop.
So I got a bit analysis-retentive. I learned that the address was in Berkeley County, WV. Most counties have a handy GIS/mapping website for their properties, and Berkeley County’s was easy to find. It wasn’t the easiest to use, but I persevered and found that the address shown on Facebook doesn’t exist.
Where’s 198 Hatchery?
Digging Deeper
I returned to the Facebook profile to admire their posts and photos. The logo looked like an AI creation, but I see that happening more and more with real businesses, so I moved on. Browsing through the photos, I picked a fairly unique one, showing a man finishing a driveway job. I right-clicked that photo and chose “Search Image with Google”.
Google quickly popped out a side panel, showing similar photos and one exact match. The exact match was on a different paving company’s page. A company in Michigan.
I repeated this with a different photo on their Facebook profile. And that photo tracked back to a Craigslist post:
It was starting to look like their images were all copied from other websites. A business that’s copying images, as well as contact info? Definitely shady, enough for me to be sure about this outfit and turn them in to Facebook. But I found one more bit of copy-fraud:
The Glowing Reviews
This profile showed a high rating, from the get-go: 4.9 Stars, from 57 reviews! Pretty good for a page that’s not only a year old. And most of the reviews are wordy and very detailed and using proper English. But the devil is in the details.
Scrolling through these reviews, I soon noticed repetition. Different people had posted the exact same verbiage as each other. Next, I clicked through to look at these people posting the reviews. Most of them seemed off. They appeared to be posting various glowing reviews for a wide variety of services. I started to wonder if they were sock puppet accounts. And that perhaps all of the companies they were reviewing were bogus, like our Asphalt fakers.
By the way, this fake review technique has a name: Astroturfing. It’s sort of the opposite of review bombing.
Case Closed
I’m convinced that this Asphalt profile smells of fraud, so I did report it to Facebook. If somehow this is a real business, then they’ve been dealing with fraudsters to get reviews and other people’s photos on their profile. Please be ready to report anything shady to Facebook… even though it doesn’t do much.
Facebook is like the wild wild west. There’s a pretense of law & order, but it’s just too big to police. Or perhaps they don’t care to. Keep in mind that this scammy page is actually paying Meta to run their ads, while you are using Facebook for free. In other words:
Please keep an eye out for any text messages, alerting you to “unpaid tolls”. While there are legitimate ways to inform you of overdue toll fees, texting is typically not one of them. If you receive the SMS message below, you’re probably looking at an Unpaid Toll Collection Scam.
The FBI started seeing this scam circulate in March 2024, and it is still making the rounds. This smishing scam is simple: it tries to dupe people into visiting a bogus website and paying for a toll that doesn’t exist.
Have you gotten a copy of the unpaid toll collection scam yet? Here’s my advice:
And if you have any doubt about legitimately owing on a toll, find a legitimate phone number or website for the toll authority and contact them. Don’t rely on anything you receive via text.
Extra Commentary
This scam changes every week or so. The website URL and name of the Toll Company keeps shifting. This is probably because when the FBI gets reports on this scam, they work quickly to shut down the criminal website. But it is a game of whack-a-mole. Cybercriminals will just create a new website for the next money-grab. Still, this is why reporting the scam to the FBI is helpful!
People ask me often: How do these scammers get our contact info? For this scam, my best guess is a recent data breach exposed a large number of cellphone numbers, and a criminal outfit bought them up to use in scams like this. Data breaches happen everyday in the USA. Consider:
But a useful phone list could come from any of the big companies in our country that collect our personal data. It’s unlikely that we’ll learn who’s to blame and even unlikelier that there will be consequences for them.
If you have a Dell computer, you may have recently received an email notification of a data breach. Millions of customer records were recently stolen from Dell. Here’s what you need to know about the Dell 2024 Data Breach:
At this time, Dell claims that no payment info or phone numbers were taken. We can be grateful that there’s no worry about any financial accounts being invaded. But this breach is still a big deal, far bigger than Dell is letting on in their blanket email. The potential for phishing scams, using this stolen info, is high.
What To Expect
We’ve been through this before. It is generally known in the tech community that Dell has had other data breaches, and just not fessed up about them. How is that, you ask? Over the past several years, various Dell scams have been reported on or discussed, and those scammers used inside info, like Dell Service Tags and PII. The customer data they used was specific enough to have only come from Dell’s records.
These scams work well, and here’s an example of how it plays out:
Joe Scammer runs some quick searches against pubic information databases, and finds phone numbers to go with the names and addresses he’s holding. Then he starts cold-calling those numbers, with a plausible story.
“Hello, Ms. Vanderbluth! I am John Snordwrangler from Dell and I see that your Inspiron 3450 is overdue for a BIOS security update. If your service tag is BXT459A54, then I am authorized to perform this fix, free of charge for you! Do you have 2 minutes for me to remote-in and secure your system?”
This is often their schtick. And it is very believable, because the scammer already has all the answers. He’s not asking for sensitive info, he already has it, and many people would not think twice about saying Yes to a free fix. But anyone duped by this scheme will soon be taken for a horrible ride and bilked out of significant money. Or have their computer ruined after they refuse to pay up.
Based on past scam attempts, we might expect these to come via phone calls, email messages and even postal mail! Yes, you might even get a letter in the mail; it has happened before in other schemes.
How to Protect Yourself
This is a tough one to guard against. Again, the scammers will come armed with a lot of your personal information. They may employ the Dell logo on their printed materials. They have the ability to falsify their CallerID. Their email address may be spoofed to show “support@dell.com” or the like.
I have to prescribe extreme dubiousness for any Dell communications you receive. Maybe this should also apply to any unexpected contact from big tech companies. If you didn’t initiate that surprise call or email, mistrust is a good first option.
But there is always the slight chance that you will receive a legitimate Dell notice. So we’ll want to be suspicious but not impolite. Don’t respond to any Dell emails directly. Don’t interact with a Dell rep who called you on the phone. Never dial a number shown in an unexpected email.
If Dell is asking you to take any particular action, end the call or step away from that particular email. Next, you are safe to reach out to Dell, using trusted means, as shown on their website. The various phone numbers and chat methods on that site are safe. Using them will help you verify a real request, as well as reveal a phishing attempt.
Please also discuss anything strange with your friends, family or other trusted people. Remember: scams reveal themselves and fall apart when you talk about them with others!
Also, Dell asks that you report their impersonators to them. They have a page for reporting phone scams, and you are welcome to forward phishing emails to security@dell.com .
If your computer is going to dip its toe in the internet ocean, you need protection. There are hazards everywhere, and nothing is sacred on the wretched worrisome web. But antivirus isn’t enough. Whether you are using Microsoft’s free Windows Defender Antivirus, or shelling out big bucks for Snotron McAffeinated 420 Ultra SmartWare Gigaplex Security Suite 2025 Excruciating Edition, you need more. No antivirus is going to keep you 100% safe from the hazards of the internet.
After your antivirus is squared away, you need an ad-blocker. This is software that suppresses or blocks advertisements from ever appearing as you surf the web. And you really need to be blocking ads, on (almost) all websites. They can be dangerous no matter where you go.
Irresponsibility
Websites everywhere look to make a buck through advertising. But they often don’t want the tedium of finding advertisers, collecting ads and payment and other managerial minutiae. It’s much easier for a company to hand that task off to ad firms, who will place and rotate ads on designated places on their website.
But that leads to trouble. If the ad firm doesn’t vet their customers well, or if they suffer a data breach, or if they just don’t care, then you wind up with this nonsense:
To be clear: This screencap is taken (today!) from a Valley newspaper’s website, that most people in the region visit for local news. Directly under their masthead is a large banner ad that will lead people to two different types of undesirable software downloads. I cannot tell you how many computers I have cleaned of OneLaunch this year. And EasyPDF is a well-known search hijacker. Some people are going to ignore that junk. Other people are going to click on it and foul up their computers and have to call a professional to clean things up.
As much as I like to earn my pay, this isn’t right. This is irresponsible, although it is debatable whether the fault lay with the newspaper or the ad agency they’ve hired. Whomever we should wag the finger at, they are unlikely to be sympathetic or helpful when it comes to fixing your computer. And this sort of thing happens frequently, on many of the mainstream websites you visit.
Hence my stance: You need an ad-blocker! An ad-blocker is the second layer of protection for your computer, after your antivirus.
Ad-Blocking Options
There are a lot of options for blocking ads, and they usually do not come from your antivirus vendor. And there are even scammy and spammy ad-blockers out there, so let me suggest some that I know to be legitimate and safe:
uBlock Origin: Also a quality ad-blocker extension, but this one is fairly unique, as it does not ever ask for money, even a donation.
The Brave web browser: Brave is not an ad-blocker, it is an entire web browser with ad-blocking, baked in. It is a modified version of Google Chrome, with lots of privacy and other protections added into the mix.
I should mention it is best to pick only one ad-blocking solution and run with it. If you need to change, remove one before adding another. Multiple ad-blocking softwares can conflict or cause system slowness.
A Final Caveat
Using an ad-blocker may change your life. If you haven’t used one before and this is your first time, you may be amazed at how much more pleasant the internet becomes, with all of that chaff eliminated from your news, your webmail, your shopping websites…
But some websites don’t like that you are running an ad-blocker. They can tell. Those sites may pop-up messages when you visit, exhorting you to disable your ad-blocker, so that “we may continue to rake in those sweet sweet advertising dollars!” Most of these messages you may safely ignore, but a few websites are a bit more rigid than others. They may prevent you from using the website, until you turn off your ad-blocker. In those instances, you have a choice:
A) Disable your ad-blocker for that one website. Usually, you would find the icon for your ad-blocker, click it and then toggle it off. After you refresh the website, ads will show for that one webpage, but the ad-blocker will still function everywhere else you surf.
B) Don’t visit that website. Just leave. If they won’t respect your need for computer security, then perhaps they don’t need your patronage.
The hits just keep coming. I’ve got even more Facebook scams to describe, so that you’ll be able to recognize and dodge these if you meet with them:
Concert Tickets for Sale
This is as simple as they come: Someone will ask for a Venmo or CashApp payment for some concert tickets, and then ghost you as soon as they receive the cash.
And once they’ve stolen your money, they will also Block you. This prevents you from reporting them to Facebook.
Garage Door Repair
Now we can add “garage door repair” to the list of service scams on the internet.
Working on garage doors is not for the faint of heart and is dangerous if you don’t know what you’re doing. I think it important that you be sure to have a properly licensed and insured person performing this service for you.
Missing Child Notice
I’ve blogged before about missing child alerts on social media, but this adds a new angle to that. These posts are fakes. These children are not missing. They’re not even located in the named town or region.
From missing people to found items, these scammy notices work the same way. If they can just get their post to be shared far and wide, they’ll later change it to something scammy.
Used Car for Sale
Many people sell their cars on Facebook, so this scam is hard to spot until you start dealing with the poster.
But I know this is a scam, because this person’s account was stolen from them. Once a scammer entered this user account, they changed the password and all other security info. And Facebook did not help the rightful owner of the account. The scammers are still in there as of today, posting about this car on all of the groups that they can.
For those who reach out about this car, they’ll be asked to make a small payment to “hold” the car for them. Or they may be offered a “too-good-to-be-true” price to get the car sold quickly and delivered to you. In any case, it’s just another way to get your cash before they block you.
Red Flags for These Scams
The poster asks you for payment or a holding fee before you have seen the product or received any proof of the item’s existence.
No company name is given, no local phone number or website is shown for offered services.
Real missing-persons notices would include the name and phone number of the relevant police station.
Scammers tend to Like their own posts and often Turn Off Commenting.
The internet is a great place to meet people. But are you you meeting real people near you or scammers who are out to steal from you? Let’s go over Romance Scams, so that you’ll be a little safer making friends and finding that special someone online.
Red Flags
Is that person you are chatting online looking for a serious relationship, or just your money? It can be really hard to tell! But look out for these red flags:
They won’t have a voice or video call with you.
They are very far away and cannot meet with you.
Meet-ups are planned, but always fall through or are cancelled.
Things move very fast, e.g.: they profess their love too quickly or ask for marriage very soon after your first contact.
Requests for money come up, to help with medical expenses, travel costs or investment opportunities.
Communications move to privacy-oriented apps, like Signal or WhatsApp, and you cannot learn the person’s physical address or true phone number.
Honest people that you have just met may exhibit some of these, too. It can be hard to know who’s legit and who’s lying to you. As the red flags pile up, you should trust the other person less and less. But then you may also see if you can knock down any of those flags by:
Verifying Someone’s Legitimacy
This is easier said than done. Not everyone wants to cooperate with requests for personal info, and with good reason: How do they know that you aren’t a scammer?! Still, these items can go a long way to helping you believe that you’ve met someone like you:
Have a call with them, where you can see them and hear their voice.
Meet with them in a public place (library, coffee shop, high-traffic building).
Perform a reverse image search of any profile picture you have of them. That picture may track back to who they say they are, or it may turn up on a ton of stock photography websites.
Ask to postal mail something to them.
Do your own research, looking up tax records and court records through trustworthy government websites.
Talk with family or friends about your new online acquaintance, to see if they think things are kosher or sketchy.
What Can Go Wrong
I can’t tell you how to create a successful relationship or make lasting friendships online. That’s going to be a challenge for many people, even when everyone is being honest. The hope with this post is that I can help you avoid the worst of the worst and their scams, that are out to take advantage of lonely, trusting people. And to that goal, you should understand what these schemers hope to do:
Earn your trust to the point that you’ll send them some money. And then they’ll ask for more. And then more and even more money. This repeated money extraction is sometimes referred to as a pig-butchering scam. Once the victim is bled dry of cash, the criminal will ghost them and move on to the next mark.
Convince someone to engage in romantic written/photographic/video content. Once the scammer has enough adult or illicit material, they use it to extort money from their victim. The extortion can be as simple as “I’m going to tell your wife” or as devastating as “I’m actually 16 years old and I’m going to the FBI with those photos you sent.”
In rare instances, romance scammers urge someone to travel to visit them. If this happens, it could be a trap. When the romantic hopeful arrives in a foreign country, they could be robbed or kidnappedor worse.
Already In a Jackpot?
If you find yourself in the midst of such a scam, cut off communication ASAP. If you’ve been sending them anything of value, you have got to get a tourniquet on things. Don’t send any more money, and consider any previously-sent gifts or cash as gone and unrecoverable. If you have any other worries, find a trusted person (friend, family member, police officer, pastor, counselor) to consult with.
If you know someone who is in the midst of a romance scam, gently confront them to say how you are concerned for their well-being. Show them this blog post or the many other articles that are out there, describing how romancescamsfunction. Be prepared for and understanding about their resistance. The scammers may be in their heads, and have secured their trust. It can be an uphill battle to convince a romance-victim of the larger truth. In extreme cases, you may have to arrange an intervention.
Logo Design scams on Facebook are the latest to appear on group pages. These scams are brought to you by the same people who offer duct cleaning, mobile car detailing and more. Here are the deets:
What This Scam Looks Like
Again, this scam usually appears inside of Facebook Groups. The wording may vary, and can actually be a bit engaging:
This time around, the scammers are onto something. The forthright statements and proud attitude is a good hook, and holds the readers’ attention. I see a lot of these posts, full of comments from people who want to contribute their own opinions and attitudes on the subject. And their conversation makes the posts more credible!
But it’s still a scheme, and I recommend you shy away from these offers.
How This Is a Scam
Once again, I have to remind everyone that appearances are often not what they seem on the internet. The people posting these offers use Western names and American-looking photos. They look like they could be your neighbors, but they aren’t. When I chat with these folks, I send them links to click on. And when they do, I get to see their location in the world:
Almost all of these service-type scams are posted by people in Pakistan. I have nothing against the people of Pakistan. But I do have misgivings about dealing with a Pakistani who uses a sock puppet account on Facebook to present themselves as an American.
Incidentally, I am very forthright with these people, as I chat them up. I ask them plainly about their location in Pakistan. They either use coarse language at me, or block me. I do not ever get a civil response from them.
How These Scams Play Out
I would have to give these scammers some money to be sure of how the scam finishes. I’m not going to do that. So, here are my educated guesses on what happens to people who fall for these schemes:
The scammer plays you long enough to get an initial payment, and then blocks you.
The person actually gets you some logos and design options. But they are quickly whipped up, using freesites and AItools, and certainly not worth $200.
They offer to help with your website design, which will give them access to your professional email and domain. Your passwords could be sold to a higher-level scammer who can abuse your email address and identity.
If you have dealt with these scammers, please share your story with me. I would love to update this post with more details!
However these ploys go down, you need to know that you will have no recourse. Whether you lose time, money or your entire website, these people are in another country, where our police cannot address them. These scammers will quickly block you on Facebook, and Meta will not assist you, even if you report the matter to them.
What You Can Do
It can be tricky to recognize these scams. Their verbiage gets better every year. But one useful trick is simply to search Facebook for the scam. Specifically, click and highlight one or two sentences in a suspicious post. Copy that text and paste it into the search field at the top of Facebook. You will know you have found a scam, if your search turns up similar posts from all over the country:
Next, report the scam posts. But understand that when you report things, you have a choice. You can report them to Facebook, but little to nothing will occur. Or, you can report them to the Group’s Admins. That is much more likely to help. The very real and local people that take care of that group will see your report and probably take action against the poster.
It’s quick and easy to report a post to the group’s admin!
Lastly, I do not recommend that you criticize or attack these scammers on their posts. They will simply block you. Once you have been blocked by them, you will be unable to see their posts or report anything that they do.
If you still use a Shentel email address, you should know that there’s a problem with Mail2World’s spam filter right now. Some (but not all) Shentel.net email inboxes are getting a lot more junk email than is normal. After talking with Shentel tech support, I can’t say that I know what the problem is. I don’t know when it will be fixed. I can’t say with certainty that Mail2World is anything more than 3 children in a trenchcoat. But what I can do is teach you how to cope with Shentel/Mailworld’s 2024 Spam Problem in this blog post.
Some people are getting several copies of EACH of these spam messages in their inboxes, every day!
What NOT to Do
First of all, don’t call Shentel expecting a quick fix. This problem is out of their hands, because Remember: Shentel doesn’t manage their email addresses anymore. They offshored their Shentel.net addresses to a company called Mail2World. And that company is really hard to get a hold of. But Shentel assures me that M2W knows about the problem and is working on it…
Next, do NOT unsubscribe from any spam! Clicking on unsubscribe (or any other links) in an unwanted message is asking for trouble. If you click on links in spam, you could attract more spam or lead your computer to a malicious website or download.
While you’re at it, don’t bother trying to use Block Sender on spam. It can’t hurt, but it isn’t likely to help. Block Sender is typically useful only for someone who always uses the same email address. Like that annoying relative who always forwards tacky joke emails to everyone he knows. Or the neighborhood Tupperware salesperson. Or a mentally questionable ex-boyfriend. Block those people to keep your inbox stress-free, but spammers change their email on every message they send. Blocking a spammer won’t work!
What to Do
Your best tool against spam coming to your Shentel inbox is the Mark as Spam function. This is not easy to find! Let me run through some steps on how to find this:
Identify any spam messages in your inbox, and check the box(es) to the left of each one
Above and to the right of your inbox email, click More and then click Mark as Spam
Using this feature removes the spam from the inbox and also sends a message back to Mail2World (and their anti-spam vendor) that these types of messages are spam. It should eventually help them block more spam, which benefits everyone.
Other Problems with Shentel Spam
The Shentel Spam Filter is misfiring in other ways, right now.
Some users are reporting that good email is winding up in the Spam folder. If you feel you are missing any expected message, you’ll want to check your Spam folder. As described above, it is best if you visit the Shentel Webmail page, and then click the Spam folder in the left-hand column. If you find a trustworthy message in Spam, check the box next to it, click the More menu and then click Not Spam.
Also, you may begin seeing some other cryptic emails in your Inbox or Spam folder like these:
I don’t think these messages are spam or harmful in nature. They may be intended for Mail2World and their anti-spam software team, but are being misdelivered to us end-users. Don’t worry about them, and just delete them if you feel any kind of way about them.
Taking It to the Next Level
If we wait this out long enough, the hope is that Mail2World will figure things out, kick their spam filter into gear, and things will go back to … normal. A normal amount of spam, reliable email coming and going, etc.
But what if that doesn’t happen? What if this problem persists for much longer, or how about if new problems emerge as this one resolves? Mail2World doesn’t have the besttrackrecord and I am not prepared to assure you of their capabilities.
If you can’t abide anymore, then your next option would be to create a new email address. Gmail, Outlook.com, ProtonMail and a variety of other email offerings exist. You can create a new address with them at the drop of a hat, and for free.
I realize that concept is intimidating. Switching your email address, in some ways, is more of a labor than changing your mailing address. Not only are you faced with notifying all of your friends and family, but you must reach out to companies with the new email info. And then you get to log into all of your important websites, one by one, to convince each to update your email info.
But consider this: Changing your email address doesn’t have to be accomplished all in one weekend. You can create a new address and migrate things over to it at your pace. You can check two email addresses for as long as you want. Maybe you decide to keep and maintain both addresses?
Also, some email users create a new email address and forward their Shentel mail into it. This is a safeguard against people who “don’t get the memo” about your new address. And it can help with spam! For example, let’s say that you create a new Gmail, and route your Shentel mail into it. All inbound Shentel mail passes through their subpar junk filter, and then gets bounced over to Google. Then Gmail runs it all through their superlative spam filter, and the worthwhile messages arrive in your new Googly inbox.
Update: Starting at around 12PM EST, many users are able to login and use Meta/Facebook products again. Here’s hoping the 2024 Facebook Outage is over. Whew, that wasn’t as bad as the 2021 Outage!
If you cannot access Facebook right now, it’s not you. It’s Facebook. Facebook is down, possibly for many people. I think this is big enough we’ll be referring to it as the 2024 Facebook Outage.
The outage began around 10AM EST on March 5, 2024. Users everywhere have been logged out of the Facebook website, the mobile app, Messenger and possibly more. Ah, now I see that Instagram is also down. I’m even having trouble loading the Meta Status page!
For now, it might be best if you sit tight, retry Facebook every now and then, and watch the news for more details as to when this outage has passed.
So far, the only thing that Meta has said is “a technical issue” caused the difficulty. While more details would be appreciated, this might be the most explanation we’re going to get.
