This week’s article will introduce 4 types of phishing scams with 7 real cases in detail, including anniversary scams (Jollibee and Publix), delivery scams (USPS and DPD), COVID relief grant scams, and Amazon scams (online survey and fake login page). Did you see anything similar in your inbox? Check how these viral scams work and learn tips to avoid them:
We have written about various anniversary scams. Scammers spread fake anniversary campaigns via WhatsApp or text messages in the name of famous companies.
Posing as these brands, scammers falsely claim that they are celebrating an anniversary and prompt you to participate in an online survey for gifts. This week two popular brands in the USA have become the new targets:
Scammers send you phishing links to this fake Jollibee anniversary campaign page, saying that “you will have a chance to get 3000 Dollar” by filling out the online survey:
Jollibee anniversary scam.
If you take the bait and finish the questionnaire, you will have a chance to win gifts:
After that, you are asked to SHARE the scam link with your WhatsApp friends. (The link is detected as a SCAM URL by Trend Micro Check!)
Jollibee anniversary scam.
Once you share the link and click on the “Continue” button, you will be randomly taken to another scam page, such as a fake gift card giveaway online survey or a blank page that displays a browser notification.
It urges you to click “Allow” to receive notifications from this scam website. Do not click it!
Once you click the “Allow” button, the website can send you notifications of malicious content, luring you to visit scam websites that conduct other cybercrimes like identity theft. Please be careful!
The same tricky tactics apply to the fake Publix anniversary celebration campaign. Be careful and do not fall for it!
Publix anniversary scam. Source: Online Threat Alerts
Last week we have detected over 1000 pieces of phishing text messages from USPS. Posing as USPS, scammers say that your package has been shipped and ask you to click on the attached phishing link to check the delivery status:
Besides USPS, recently we have found that scammers love to impersonate DPD as well. Scammers falsely claim that they are DPD and that you have missed the delivery. Again, they prompt you to reschedule your delivery via the phishing link in the text message:
DPD: Sorry we missed you. To book your redelivery visit: https:// dpd .]missed2d6j[.]com/delivery
DPD phishing text message. Source: Twitter
In either case, if you click on the link, you will be taken to a fake USPS/DPD page and prompted to enter login information or other credentials, such as your address or even credit card number. Scammers will then record the data and use it for other cybercrimes such as identity theft.
We have reported COVID-19 relief scams in which scammers pose as famous companies or the government, falsely claiming that you can apply for COVID-19 unemployment relief or stimulus bonus via a phishing link. This week a new version of COVID relief scams appeared: fake “Coronavirus Relief Grant:”
federal pandemic grant has been pre-approved for you due to the most recent covid-19. apply online to claim up to $9,500. <URL>
If you click on the phishing link, you will be taken to a web page where you have to fill out a form and provide personal information, including name, email, address, or even banking details. All your sensitive data will end up in scammers’ hands, and they can use it to steal your money or identity!
Amazon scams can take many forms, but the scammers’ goals are the same – to steal your Amazon login information or other personal data so that they can hack into your Amazon account, transfer your money away, or use the data for identity theft:
We have written about Amazon online survey scams for many times, but unfortunately, these text messages with phishing links are still viral. Scammers use rewards, delivery, or Amazon Prime as excuses to trick you into clicking on the link:
No matter which trick you fall into, once you click on the phishing link in the text message, it will lead you to a fake online survey page and ask you to finish it for gifts.
Amazon survey phishing page.
After that you will have to enter payment details and other personal information to “deliver the gift,” such as your credit card number, expiration date, and CVC code. That said, scammers can steal your money and use all your sensitive data for identity theft!
Amazon survey phishing page.
Besides fake online survey pages, scammers also create fake Amazon login page to collect your Amazon login credentials. They send you a fake Amazon account security notification containing a phishing link and prompt you to click on it:
(amazon Canada) 07/23/21 unfortunately your subscription has temporarily been revoked due to issues regarding information provided at signup. if you wish you continue enjoying your prime services please update your information. <URL> data rates may apply
The link leads to a fake Amazon login page that requests your email and Amazon password. (The web address of legitimate Amazon pages should be www.amazon.com/) Do not fall for it! Scammers can hack into your account if you hand in these credentials.
1. After you pin the Trend Micro Checkbrowser extension, it will block dangerous sites for you automatically:
Or download Trend Micro Maximum Security for a broader range of protection, including Web Threat Protection, Ransomware Protection, Anti-phishing and Anti-spam Protection, Privacy Scanner for Facebook and Twitter, Social Networking Protection, and Parental Controls.
Did you successfully spot the scams? Remember, always CHECK before your next move.
If you found this article helpful, please SHARE to protect your family and friends!
Click the button below to give it a try!
This Article was previously published by Trend Micro on July 30, 2021.