Trend Micro News

Spot the Scam_BTC

Spot the Scam: Amazon Survey, USPS Delivery, and Bitcoin Giveaway

Spot the Scam_BTC
April 23, 2021

Are you expecting packages you have ordered to be delivered to your house? Or, are you interested in cryptocurrency and long for getting bitcoins for free? If so, you are possibly one of the scammers’ targets, as they are always creating new ways of exploiting every aspect of life. In this post, we will share the details of 3 trending scams – Amazon survey scam, USPS delivery scam, and Bitcoin giveaway scam. Check how these scams work and learn tips to protect yourself from them. Can you spot all these scams?

Cryptocurrency Scams


Bitcoin Giveaway Text Message Scam

We have spotted some text scams regarding cryptocurrency giveaway recently. Scammers pretend to be from famous companies such as Tesla, falsely claiming that they are giving away Bitcoin and Ethereum. They ask the recipients to click on an attached link to join and get the cryptocurrency.

Bitcoin Giveaway Text Message Scam. Source: Reddit
Bitcoin Giveaway Text Message Scam. Source: Reddit

Content
FRM:TESLA
MSG:We are giving away Bitcoin and Ethereum. Please join here: hxxps://elonmuskusi[.]club/?7407086285616350


The link leads to a fake cryptocurrency trading website. It is possible that you are convinced to invest money into the fake trading platform. Or, you might be asked to enter personal information or other sensitive data, such as bank account details or Bitcoin account credentials. In a worse situation, malware will start to download as soon as you open the link!

HitBTC Sign-Up Email Scam


Have you used the HitBTC platform before? If no, please be cautious of these emails and do not click on any link when asked!

Due to an email database leak (as HitBTC itself confirmed), scammers/hackers can get many leaked email addresses and use them to register on the platform.

That is, if your email was involved in the data breach, you might receive such confirmation email from the official HitBTC:

HitBTC Sign-Up Email Scam. Source: Reddit
HitBTC Sign-Up Email Scam. Source: Reddit


Content

Thank you for signing up for HitBTC To complete the sign-up process, please follow the link: hxxps://hitbtc[.]com/confirm-email?token=CBb-IdwL9CDr_JEvVqEIy_syzeYdSlzo_xoNWmEFDhH0tG730bx7ILV_DQ2FlmOt This link will expire in 48 hours. You may be asked to enter this confirmation code: CBb-IdwL9CDr_JEvVqEIy_syzeYdSlzo_xoNWmEFDhH0tG730bx7ILV_DQ2FlmOt Best regards, HitBTC Team

What to do if you find your email leaked:

  • Change your password immediately.
  • Enable 2-factor authentication (2FA) to protect your account better.
  • Reach out to the organization’s customer service for help.
  • Use Trend Micro ID Security to monitor your personal data and alert you if any of your data is being sold or distributed by cybercriminals.

Amazon Survey Scam


We have been talking about Amazon scams again and again, but they just never cease to happen. Scammers pretend to be from Amazon and send text messages, luring you to click on the attached link by claiming that you have to view your order, or that you have won a MacBook Pro in a lucky draw campaign.

Here are some fake Amazon text messages we have detected:
Amazon: You have 1 unread message <URL>
Amazon: Thank you for your purchase. We will notify you when its shipped. View your order and special rewards on <URL>
Congrats! You are Amazon customer of the year. Your prize is this brand new MacBook Pro. Get it now: <URL>

The link contained in the text message is a phishing link. Once you click on it, you will be taken to an online survey page:

Fake Amazon online survey page.
Fake Amazon online survey page.


Then, after you finish all the questions, you will be asked to submit banking details such as your credit card number, expiration date, and CVC code to “arrange for the delivery of the gift.” Here is a screenshot of what you will see:

Fake Amazon online survey page.
Fake Amazon online survey page.

The data you enter will in fact, end up in the scammers’ hands. That said, they can steal your money and use all your financial credentials for identity theft. Be careful!

USPS Delivery Scam


USPS delivery scam is another reoccurring widespread scam to be cautious of. Scammers pose as USPS and send text messages, falsely claiming that the delivery of your package has been changed and that you have to confirm the arrangement through a link they provide:
USPS: the scheduled delivery for the package 1z84056 has been changed. Please confirm here: <URL>

The link included in the text message is a phishing link. It leads to an online survey page, which says you can claim a PlayStation 5 by completing the survey. After that, you will have to enter banking details, such as your credit card number and CVC code for the “delivery” of your gift.

Of course, there is no gift at all; all the sensitive credentials you submit will end up in the scammers’ hands. They can then steal your money as well as your identity!

How to protect yourself from phishing scams?

  • Double-check the sender’s mobile number/email address.
  • Ignore too-good-to-be-true deals.
  • Reach out to the official website or customer support directly for help.
  • NEVER click links or attachments from unknown sources. Use Trend Micro Check to detect scams with ease!

Send a link or a screenshot of suspicious text messages to Trend Micro Check on WhatsApp for immediate scam detection:

Trend Micro Check is available on WhatsApp as well.
Trend Micro Check is available on WhatsApp as well.

Trend Micro Check is also available as a Chrome extension.
It will block dangerous sites for you automatically:

Trend Micro Check blocks dangerous sites for you automatically.
Trend Micro Check blocks dangerous sites for you automatically.

Did you successfully spot the scams? Remember, always CHECK before your next move.

If you think Trend Micro Check is helpful, please SHARE to protect your family and friends.
Try Trend Micro Check for free now:
Messenger
WhatsApp
Chrome extension