MetaMask, USPS, Netflix, Costco, PayPal, and MORE — Top Phishing Scams of the Week

This article is from Trend Micro.

This week we’ve found a large number of scams that you need to watch out for, including ones relating to MetaMask, USPS, Netflix, Costco, PayPal, and MORE. Would you have been able to spot all the scams?

Impersonating famous brands, scammers send out fake text messages containing phishing links and try to entice you into opening them with various lies. Below are some examples.

Fake Security Alert

These phishing links will take you to fake login pages that will end up asking you for personal information and login credentials:

#1 – Metamask Restriction Email Scam

A few months ago, we reported on fake MetaMask emails containing phishing links — and now they are circulating again. Telling you that there is “something unusual” about your MetaMask wallet, scammers try to convince you to click on the attached link to “Review Activity” and secure your account:

They even provide the legitimate MetaMask web address (domain: metamask.io) at the bottom of the email to make it more convincing. However, if you click on the button, you will be led to a fake MetaMask security alert page:

Fake MetaMask page

Sample fake MetaMask URL:

londonorg[.]vacad[.]net

If you proceed as instructed, the page will ask you to enter your MetaMask credentials (phrase, keystore, or private key) to recover your account.

Fake MetaMask page

If you fall for this trick, scammers can hack into your MetaMask wallet and transfer every “bit” away. What’s worse, since cryptocurrencies are decentralized, it would be nearly impossible to get them back! Be careful!

Avoid Phishing Scams with Trend Micro Check

Trend Micro Check is a browser extension and mobile app for detecting scams, phishing attacks, malware, and dangerous links — and it’s FREE!

Check out this page for more information on Trend Micro Check.

#2 – Netflix Payment Declined Text Scam

Fake Netflix text messages about issues with your payment and subscription have been reoccurring as well:

Sample Netflix phishing text message. Source

NETFLIX: Your membership has been cancelled as payment failed. Please update your card details to keep your membership. <URL>
Type your message Your Netflix subscription attached to XXXX have been suspended due to a billing error please update your personal data <URL>

The attached phishing link will take you to a fake Netflix page that collects all your login information, which enables scammers to take control of your account and steal your identity. Beware!

In other cases, phishing links will also often lead to online survey pages that state you can claim a gift by filling out an online questionnaire.

#3 – PayPal

This one is another in a long list of PayPal scams. Did you receive anything recently?

Paypal: we found a suspicious transaction, for security reasons we have disabled your account. please secure and verify your account from the following link: <URL>

The link won’t let you secure your account, it will only lead you to a fake online survey page designed to record all your personal information. Watch out!

Sample PayPal phishing pages

Gift Card Scams

Free gift cards are surely too good to be true, right?

#1 – Costco

We’ve reported on Costco scams several times before. This week, scammers have started to feature gift cards as a reward, prompting you to fill out an online survey to claim a $40 gift card:

1 of 2 FRM:<URL>|sms_id_FUO293 MSG:Since youre a valuable customer of Costco we have a gift valued at $40 just for you for your (Con’t) 2 of 2 time. Just acknowledge this 3 question survey and you will be compensated. [link](End)

The (phishing) page says that you can win a prize worth up to $100 after you complete the survey:

Sample Costco phishing pages

As mentioned, you could end up exposing your sensitive information, including banking details. Don’t get scammed!

Sample Costco phishing pages

Delivery Scams

Scammers love to pose as delivery companies. After all, most of us find ourselves waiting for packages every now and then!

#1 – USPS Text Scam

Falsely claiming that there are problems with your package’s delivery, scammers instruct you to click on the attached phishing link to correct your delivery information:

Sample fake USPS text message. Source

USPS: User, we have problems with your shipping address, please update your information. Tracking Number: US1896901185421. Update Here: <URL>

You can tell what’s going to happen: the link will take you to a fake USPS tracking page (a phishing page):

Fake USPS tracking website. Source

Sample fake USPS URL:

usps[.]ist/Address

Note: Check the web address. The genuine domain is tools.usps.com.

How to Stay Safe from Scams

Pay close attention to URLs — are they legitimate?
Double-check the sender’s mobile number/email address.
Free gifts and prizes are always a major red flag.
Go to the official website/application instead of using links from unknown sources.
Never click on links or attachments from unknown sources. Use Trend Micro Check to surf the web safely (it’s free!).
Add an extra layer of protection to your devices with Trend Micro Maximum Security. Its Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection can help you combat scams and cyberattacks. Click the button below to give it a try:

As ever, if you’ve found this article an interesting and/or helpful read, please do SHARE it with friends and family to help keep the online community secure and protected. Also, please consider clicking the LIKE button below.

Source: pexels.com