This year is finally coming to an end (whew)! Are you ready to celebrate? While we are getting ready for the year-end festivities, so are the scammers – getting very prepared to sneakily steal money, or worse, personal information from you. In this post, we will cover the top scams we’ve identified this week – including HSBC phishing, fake charity donations, gift card tax payment (hmm…), and last but not least, robocalls from Amazon and Apple support. Have you received anything similar? Do you know how to spot these scams?

HSBC Phishing Texts

How does it work?
Scammers send fake notifications through text messages pretending to be from someone from HSBC – alerting suspicious activities found on the recipient’s bank account. Referring to the examples we found, the message claims that “a new payee was created from a new device.” With that, the recipient is asked to click on the link if he/she is not aware of the activity.

This might sound familiar if you’ve been following our weekly post…. and yes, you are right – DO NOT click the link, because bingo! It is indeed, a phishing link. Upon clicking on it, you will be direct to a website asking you to enter your personal information, password, credit card number, or bank account details. With this information, scammers can replicate the data for other scams such as identity theft. In a worse case, malware will start to download as soon as you click the link.

Some examples of HSBC phishing texts:

The content of HSBC phishing scam:
HSBC: You have added a new payee on 10/12/20 at 12:52. If you do NOT recognise this, please visit: https ://payee-removal[.]live/hsbc
HSBC: A payment was attempted from a new device. If this was not you, please visit: https ://securepayees-info[.]com/hsbc/
HSBC: A new payee was created from a new device. If this was not you, please visit: hsbc.onlinebanking- suoDorted[.]com/hsbc
HSBC BANK: You have successfully paired a NEW DEVICE on 17/12 at 17:40PM. If this was NOT you, visit: hsbc – online[.]info/?

How to avoid phishing scams?

• Double-check the sender’s mobile number.
• NEVER click links or attachments from unknown sources. If it’s necessary, log in through the official website or reach out to customer support directly for help.
• Check if the link provided is secure using Trend Micro Check!

All you have to do is copy and paste the link, send it to our chatbot, and let Trend Micro Check take care the rest. Too inconvenient to copy/paste? You can send screenshots directly to Trend Micro Check as well!

Charity Scams

According to the FBI, charity scams have raised significantly during the holiday season. The reason? People want to get tax deductions for charity donations. When there is money involved, there is an opportunity for a scam.

How does it work?
Scammers could reach out to you through emails, phone calls, text messages, or even in person. They often claim to be from charities and would try their best to persuade you to donate for good cause to the organization they represent. It has also come to our attention that nowadays, charity scams have appeared on crowdfunding platforms, fake social media accounts, and websites, as listed by the FBI.

Aside from tricking you into wiring money or sending gift cards to the ‘fake’ charity organizations, scammers also use phishing links to lure people into sending their personal information such as financial credentials. For example, the scammer can pretend to be an agent from a well-known charity group and send you an email invitation for donation. The message will ask you to ‘conveniently’ click on the link provided for the transaction. In reality, what the link does is lead you to a fake website that requests you to enter your bank account and password, providing scammers access to your personal information.

How to avoid charity scams?

• Check the legitimacy of the charity. Do all necessary research. Here is a list of organizations to help you look up the charities provided by the Federal Trade Commission (FTC).
• Know the charity. Good questions to ask are: What is the goal of the charity? How will they use the funds? Charity Navigator provides a list of questions to ask charities for donors before deciding to donate.
• Contact the organization in person for direct donations.
• Ask for a receipt and trace the status of your donation.
• Report to FTC if you believe you’ve encountered charity scams.

Read more about how to protect yourself from charity scams.

Gift Card Tax Scams

Started last year, the Internal Revenue Service (IRS) has warned taxpayers to watch out for gift card scams. It is no news that scammers are tricking people into paying “tax” by buying them gift cards. As year-end tax season approaches, you should remain extra cautious to not fall into scam traps.

How does it work?
Scammers would pretend to be someone from IRS and reach out to people via phone calls, text messages, emails, or social media, claiming that the person is involved in some sort of criminal activities and thus on the verge of a tax penalty. With that, scammers would threaten the person to follow their ‘recommended’ instruction by purchasing gift cards and provide them gift card number and PIN code. As soon as they have access to the gift cards, they will disappear.

How to avoid tax scams?

• Gift cards should be a big red flag. IRS will NEVER ask for gift cards as payment. If you are asked to buy gift cards, think no further. It is a scam.
• Check before your next move. You can copy/paste the link you receive and send it to Trend Micro Check for immediate scam detection.
• Contact IRS directly for help. The IRS does not and will not initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial information. You can always check if you owe funds to IRS on their website.
• Report gift card tax scam. You can file reports to the Treasury Inspector General for Tax Administration (TIGTA) or the Federal Trade Commission (FTC). You can also forward suspicious emails to phishing@irs.gov.

Robocall scams from fake Amazon and Apple support

How does it work?
Scammers are good at pretending to represent well-known companies, banks, the police, celebrities, or staff from notable organizations and call you – claiming there is a problem with your account, membership, or recent orders. They will then request you to take action such as paying money or change settings to your accounts.
Victims have received calls in which a recorded voice pretending to be someone from Amazon says that there’s something wrong with their accounts, mentioned in FTC‘s blog post. In other cases, victims have received calls from scammers claiming there’s “suspicious activity” in their Apple iCloud accounts.

How to avoid robocall/phone call scams?
As suggested by FTC, “if you’ve received an unexpected call or message about a problem with any of your accounts, hang up.

• Do Not press 1 to speak with customer support
• Do Not call a phone number they gave you
• Do Not give out your personal information

Check before your next move! You can contact the officials, organizations, or companies’ customer support yourself to make sure whether the issue mentioned is true. Click on the button below to try Trend Micro Check for free now:

Did you successfully spot the scams? Remember, always CHECK before your next move. If you think Trend Micro Check is helpful, please SHARE to protect your family and friends.