Spot the Scam: Snapchat 2FA, Costco raffle, Amazon, Hulu refund, and PayPal verification (20210702)
This week’s article will introduce 3 SMS scams and 2 phishing emails in details, including Snapchat 2FA, Costco raffle, Amazon, Hulu refund, and PayPal password verification scam. Did you see anything similar in your inbox? Check how these viral scams work and learn tips to avoid them:
Snapchat Verification Code Scam
Many people have received text messages with 2FA (two-factor authentication) codes from Snapchat recently. Be careful! Scammers spam Snapchat users with legitimate 2FA messages, trying to log onto your Snapchat account on other devices.
We have reported about similar verification code scams such as the WhatsApp scam. Here is how the latest version of Snapchat scam unfolds:
1. First, you will receive 2FA messages from different phone numbers. The tricky part of the text message is that it looks official, but don’t relax yet!
Snapchat 2FA code: Snapchat Support will not ask for this code. Do not share it with anyone.
2. Then scammers will try to lure you into sending the 2FA verification code. How? They might use one of your contact’s account (that is compromised) to ask you to send the 2FA code. They can impersonate you friend and claim that they have sent you the 2FA code by mistake and request you to give the code to them.
If you fall for the scam and hand in the 2FA code, scammers can take control over your Snapchat account and use the same tactics to trick more people.
Costco Survey Scam
Costco remains one of scammers’ favorite brand to impersonate. This week we have observed many scam text messages about Costco luckydraw campaign:
- WINNER NOTIFICATION: Todays 3 iPad winners: 1st – Kimberly J. 2nd – YOU 3rd – Hank Jr. Read more here: <URL>
- (551) 208-8570: WINNER NOTIFICATION: Todays 3 iPad winners: 1st – Kimberly J. 2nd – YOU 3rd – Hank Jr. Read more here: <URL>
Scammers say that you have won an iPad or other electronics products, prompting you to click on the phishing link attached in the messages to claim the gift. If you take the bait, the link will lead you to a fake Costco page and ask for your personal information.
Like all other fake raffle scams, no gifts will ever be delivered. What is worse, the sensitive credentials you have submitted will be used for other scams such as identity theft!
Amazon Survey Scam
Amazon survey scams have been popular for months. Scammers send you text messages with a phishing link and use various excuses to lure you into clicking on it.
Here are some examples we have observed this week. You might think they look familiar because we have written about them several times:
- Delivered: Your Amazon package with Skin for iPhone SE 2020 Carbon Fiber 3M Film Protective wrap Around… was delivered. More info at <URL>
- Add Your Rent, Netflix & Amazon Prime to your Credit Report to increase your Score! Start below, It’s Free <URL>
- There is a problem with the Amazon fee payment method. More information here: <URL>
- Dispatched: Dear Customer, Credit Card – Amazon Pay ICICI Bank Credit Card for ICICI Bank Acct XX3007 is sent by Kerry Indev Express, AWB 4229323361 on 26-JUN-21. Track status at <URL>
- Amazon: Congratulations Anthony, you came 3rd in today’s Amazon pods raffle! Follow the link to : <URL>
Once you click on the phishing link, you will be taken to an online survey page and asked to enter sensitive personal information in the end, such as banking details. Scammers will then record the data you provide and use it to steal your money as well as your identity!
Hulu Refund Confirmation Phishing Email
Are you expecting a refund from Hulu, an online video streaming service? Be careful and take a closer look of the emails your receive from “Hulu”; some of them are SCAMS! Scammers pose as Hulu and send you an email, instructing you to confirm identity via links:
The email says that if you want to get a refund, you have to visit “SubscriberRefund[.]com” or dial a number to provide financial information. However, the website is NOT the official Hulu website. Plus, the domain of the web address does not end in hulu.com – that’s suspicious.
Scammers will ask you to provide sensitive personal information if you do as the email instructed. (The contact number in the scam email is not listed on Hulu’s official contact information page, either.) They can use the credentials for identity theft.
Remember, Hulu should refund your account directly instead of asking for your information, let alone asking you to dial any numbers. If you think there are issues with your Hulu account, please reach out to Hulu help center directly for help!
PayPal “Account Limited” Phishing Email
We have seen many different versions of PayPal scams before, including fake security alert, password changing notification, and many more phishing text messages. Recently, a new form appears, saying that your PayPal account has been limited and that, again, you have to click on a button to “secure your account.”
PayPal Your account has been limited
Dear Customers We’ve limited your account. After a recent review of your account activity, we’ve determined you are in violation of PayPal’s Acceptable Use Policy. Please log in to confirm your identity and review all your recent activity
Secure your account
If you have questions about any of these activity or your account, please don’t hesitate to get in touch with us. Thank you for being a PayPal customer
Do not click on any links or buttons in the email. If you do so, you will be taken to a fake PayPal login page and asked to login. Take a look again and you will find that the web address of the login page is paypals-informations-scretysi[ . ]com instead of the legitimate paypal.com. The credentials you submit will end up in scammers hands. They can then hack your PayPal account and use it for other scams!
How to protect yourself?
- Double-check the sender’s mobile number/email address.
- Reach out to the official website or customer support directly for help.
- Do not share 2FA code with anyone, nor reply to any scam text messages.
- NEVER click links or attachments from unknown sources. Use Trend Micro Check to detect scams with ease!
Send a link or a screenshot of suspicious text messages to Trend Micro Check on WhatsApp for immediate scam detection:
Trend Micro Check is also available as a Chrome extension. It will block dangerous sites for you automatically:
Download Trend Micro Maximum Security for even more protection, including Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection. Gain access to the Privacy Scanner for Facebook and Twitter, Social Networking Protection, and Parental Controls, too. Click the button below to give it a try: