Hootsbuddy's New Place is the successor to Hootsbuddy's Place (2004-2009) Still accessible via Web search.
Thursday, April 16, 2026
Unsolcited order from Duke Makori.
If you have received an unsolicited message or order confirmation from "
Duke Makori
," it is likely part of a phishing or delivery scam. Scammers often use legitimate-sounding names to trick individuals into clicking malicious links or providing payment information.
Immediate Steps to Take
Do Not Click Links: Avoid any links in the message, as they may lead to fake websites designed to steal your credentials.
Do Not Call Back: Never use the phone number provided in the message; instead, use the official number for your bank or service provider.
Check Your Accounts: Manually log into your bank or credit card portal to see if any unauthorized charges have been made.
Block and Report: Mark the message as spam and report it to the FTC or your local authorities.
🛡️ Why You Might Be Seeing This
Brushing Scam: Some sellers send cheap items to random addresses to create "verified" fake reviews in your name.
Information Gathering: Scammers send "order confirmations" to provoke you into calling them, at which point they will try to extract your personal information or "cancelation fees".
Utility Scams: If the name "Duke" refers to "Duke Energy," be aware of imposters who claim your service will be disconnected unless you pay immediately via gift card or wire transfer.
✨ Pro-Tip: If you receive a package you didn't order, U.S. law allows you to keep it as a free gift; you are under no obligation to pay for it or return it.
Since you received this via email, this is a classic order confirmation phishing scam. Scammers like "Duke Makori" send these to trigger a "panic response," hoping you will click a link or call a fake customer service number to "cancel" the order.
🛠️ Immediate Action Required
Do NOT reply or click: Any interaction confirms your email is active, leading to more spam or malware.
Check the Sender Address: Hover your mouse over the "From" name. If it is a string of random characters or a Gmail/Outlook address rather than a professional domain (e.g., @amazon.com), it is a scam.
Check Your Real Accounts: Log in directly to your bank or shopping apps (Amazon, Walmart, etc.) via their official websites. Do not use any links in the email.
Report as Phishing: Use your email provider's "Report Phishing" or "Report Spam" button to help their filters catch these in the future.
Why they use "Duke Makori"
Scammers often use specific, slightly unusual names to:
Avoid automated filters: Common names like "John Smith" are more easily flagged by security software.
Appear legitimate: Using a full name makes the email look like a real invoice from an individual seller or account manager.
Create confusion: You likely don't know a Duke Makori, which makes you more likely to click "Cancel" to correct what looks like a "mistake."
🛡️ How to Protect Yourself
Enable 2FA: Ensure Two-Factor Authentication is on for all financial accounts.
Use a Password Manager: This helps you use unique passwords so one breach doesn't compromise everything.
Monitor Statements: Keep an eye on your bank statements for any unauthorized "pending" charges.
Having a PDF attachment in a scam email makes it significantly more dangerous. Scammers use PDFs because they can bypass many standard email text filters that look for "trigger words" like "invoice" or "payment."
⚠️ Why the PDF is dangerous
Hidden Malware: PDFs can contain "active content" or scripts that automatically download malware or spyware onto your device when opened.
Redirect Links: Most scam PDFs are just a single image with a large "Cancel Order" button. Clicking anywhere on that page often redirects you to a fake login site.
Information Harvesting: These files often include a "Customer Support" number. If you call it, a scammer will try to convince you to download remote-access software (like AnyDesk or TeamViewer) to "fix" the issue.
🛑 If you HAVE NOT opened it
Delete it immediately: Do not download it to your desktop or phone.
Empty your Trash/Bin: Ensure the file is completely removed from your local storage.
🆘 If you HAVE already opened it
Disconnect from Internet: Turn off Wi-Fi or unplug your ethernet cable to stop any active malware from communicating with a server.
Run a Malware Scan: Use a trusted antivirus program (like Malwarebytes, Bitdefender, or Windows Defender) to scan your entire system.
Change Critical Passwords: If you entered any info after clicking a link in the PDF, change your banking and email passwords immediately from a different, clean device.
No comments:
Post a Comment