Spot the Scam: Pegasus Sextortion Email and SMS Phishing (Bank of America, AT&T, Venmo, Postal Services, and Amazon)

This article is from Trend Micro.

This article will introduce one sextortion email, one fake bank login page, and four online survey phishing scams in detail, including Pegasus spyware, Bank of America, AT&T, UPS, FedEx, Venmo, and Amazon. Have you ever seen anything similar in your inbox? Check out how these viral scams work and learn the tips to avoid them!

Pegasus Sextortion Emails

Received an email that threatens to expose an alleged private photo or video of yours unless you pay a ransom in bitcoin? Don’t panic. It’s a scam!

Sextortion emails, and similar blackmail scams, have been circulating online for years. Scammers falsely claim that your device is infected with malware so they’ve been able to spy on you, and they urge you to pay a certain amount of money or else they will publish the (non-existent) revealing photos or videos of you.

In this latest case, scammers have been claiming people’s cellphones have been attacked and compromised by “Pegasus” malware. They then require people to send bitcoins to have their “private files” deleted. Please ignore the email and delete it. Don’t follow the instructions. It is just a SCAM!

SMS Phishing: Bank of America

We’ve noticed that scammers are impersonating Bank of America and sending phishing text messages to people falsely claiming that there are security issues with their bank accounts. The scammers say to “restore access” to their accounts, they need to click the link inside the message, but it’s a phishing link!

edd boa alert : your online account has been suspended for security reasons. please visit <URL> to restore access.

If clicked, the link will take you to a fake Bank of America login page. Scammers can store the login credentials you submit and use them to hack into your bank account! Don’t fall for it.

SMS Phishing: Online Survey Scams

1. AT&T

Last week we detected a rise in fake AT&T text messages. Scammers have been impersonating AT&T and sending text messages, using different excuses to try to get people to click on the phishing link attached.

(1) Surcharged payment

Scammers instruct you to claim “surcharged reimbursement” via the phishing link:

Source: Reddit

Content

AT&T Free Msg: Jazmyn, we accidentally overcharged your account last month. Kindly your compensation here: k3h fn[.]info/

(2) Package delivery

Or, scammers trick you into thinking that a package of yours is on the way and ask you to check your order status through the phishing link:

• Your package of 2 items is out for delivery. View your order with vouchers here <URL>

The link included in these fake text messages leads to a fake AT&T page where anything you enter will end up in the scammers’ hands, including login credentials and banking details.

Or, the links will direct you to an online survey page that says you can win an award if you finish the questionnaire:

After you fill out the survey, you are prompted to enter personal information like credit card numbers so you can receive your gift delivery. Again, scammers can record any sensitive credentials you enter and use them for further cybercrime. For example, they could take control of your bank account, transfer your money away, and use your information to commit identity theft!

2. Package/Post Delivery

Are you expecting any deliveries? Be careful of delivery notification text messages with unknown links!

Scammer pose as delivery companies like DPD, FedEx, and UPS, and prompt you to click on the link attached to confirm delivery details:

• your order failed to deliver 4 times on 28th jul 23:20 (est), please confirm your shipping immediately before 24:20(est) by following this link <URL>
• frm:ups-5944264 msg:813745409-we tried to deliver your parcel today, <URL>
• frm:ups-2340631 msg:865218063-sorry, we’ve missed you. we tried to deliver your parcel today <URL>
• hi rosemarie, fedex delivering your order today! to confirm delivery address, please enter your information here now >> <URL>

Once you click on the link, you will be taken to a fake website of the delivery company. Then, no matter what you click, the page leads you to another online raffle page and shows that you have won an iPad Pro. There they urge you to enter personal information like your home address and credit card number to claim the gift

Of course, you will never receive the promised iPad Pro. Meanwhile, the sensitive data you provided will be used by scammers to transfer all the money out of your bank account, gain access to your online accounts, and potentially even use it for identity theft!

3. Venmo

We have reported on Venmo phishing scams several times, and now a new version appears. Posing as Venmo, scammers have been sending text messages to people, purporting that they can claim $100 by completing a paid survey.

The link is a phishing link, that leads to a fake online survey page where eventually you will be asked to enter banking details. Scammers can record all the credentials you submit, and use them for identity theft.

Source: Reddit

Source: Reddit

Content

• Because of your continued use of Venmo, you have been selected to take a $100 paid survey speakerkxmeasured[.]com/
• because of your long term use of Venmo, we have a $100 prize for you here twinbessay[.]com/8RL3wiv

4. Amazon

Amazon has always been the perfect subject for online survey phishing scams. After all, who doesn’t love shopping? As we have mentioned so many times, scammers use different tactics to lure you into clicking on the phishing links attached in their text messages:

(1) Product promotion

• USB Powered Sound Bar FREEBIE on Amazon!! RUN! <URL>
• Bestope Makeup Brushes 16 Piece Set FREE on Amazon! <URL>

(2) Order status update

• Amazon: Your order 3772826 status updated – On the Way! Track it here: <URL>

(3) Amazon business

• Earn $3-10k per month with your Amazon business. Join my 5 day live challenge to get started  <URL>

(4) Gift card/reward

• Apply for a Citi credit card and get rewarded with Amazon pay gift card worth Rs 1000* and many more. *T&C apply <URL>

(5) “abnormal” security alert

• (ANZ)You have a high-risk abnormal Amazon purchase, please cancel immediately. <URL>
• (ANZ)Please cancel Amazon’s high abnormal consumption immediately. <URL>
  So, what happens if you click on any of the links? You’re taken to a fake online survey scam page!

You will be redirected to an online survey page and eventually asked to enter sensitive personal information, such as banking details:

Just like the other scams mentioned, they try to entice you into entering lots of personal information by claiming you’ve won a free gift.

How to Protect Yourself

• Double-check the sender’s mobile number/email address.
• Reach out to the official website or customer support directly for help if you think there are issues with your account.
• Messages instructing you to get paid via links are suspicious.
• Emails with cryptocurrency mentioned are a major red flag. Just ignore and delete them.
• NEVER click links or attachments from unknown sources. Use Trend Micro Check to detect scams with ease!

Send a link or a screenshot of suspicious text messages to Trend Micro Check on WhatsApp for immediate scam detection:

Trend Micro Check is also available as a Chrome extension. It will block dangerous sites for you automatically:

Trend Micro Check on Chrome

Download Trend Micro Maximum Security for even more protection, including Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection. Gain access to the Privacy Scanner for Facebook and Twitter, Social Networking Protection, and Parental Controls, too. Click the button below to give it a try:

Did you successfully spot the scams? Remember, always CHECK before giving out personal information.

If you found this article helpful, please SHARE to protect your friends and family!