Trend Micro News

Streaming Service All-in-one Smishing Attack

Spot the Scam: Current Music, Coinbase Email, COVID-19 Relief, Amazon, and Free Netflix, HBO, Disney+, and Amazon Prime Subscription Scams

Streaming Service All-in-one Smishing Attack

This week’s article will introduce 2 phishing emails and 3 SMS scams in details, including the Current Music app, Coinbase, COVID-19 Relief, Amazon, and free subscription to streaming services like Netflix, HBO, Disney+, and Amazon Prime. Did you see anything similar in your inbox? Check how these viral scams work and learn tips to avoid them:

Current “Account Locked” Email Scam


More and more people start to use the Current Music app to earn cash reward while playing music, but please be careful of unknown emails claiming to be from Current! If you receive an Current email that says your account is locked and instructs you to click on a button to unlock it, think again.

Scammers can send fake emails with phishing links attached to lure you into giving away personal information, including login credentials or even banking details. We suggest you use the Current app or website to contact customer support directly for help instead of clicking on the button in the email, if you think there are issues with your account:

Spot the Scam_Current email_0709
Source: Reddit

Content
Your account has been locked. Your account has been locked due to an excessive number of unsuccessful sign in attempts. Tap to Unlock

Coinbase “Account Disabled” Email Scam


Are you using Coinbase? Be cautious of fake security alert notification emails from Coinbase!

Impersonating Coinbase, scammers send you an email, informing you that your Coinbase account is “disabled” and that you have to unlock it via a button in the email.

The button actually contains a phishing link. If you fall for the scam and click it, you will be taken to a fake Coinbase login page and asked to enter login credentials. Scammers will then record the sensitive information and use it to take over your account. Don’t let them!

Spot the Scam_Coinbase email_0709
Coinbase phishing email. Source: Reddit

COVID-19 Relief Phishing Scams


Recently we have detected many COVID-19 relief or fund scams. Scammers pose as famous companies or government agencies and send text messages with phishing links, prompting you to apply for some COVID relief program and claim stimulus funds via the links.

If you fall for it and do so, you will be taken to a web page where you have to enter personal information. Scammers then collect all your sensitive data and use it for identity theft.

Here are a few examples:

1. Posing as Walmart
Content

you have been qualified for a direct deposit of $1800 from walmart pandemic relief program, claim here: https[:]//covid-19walmartfund[.]com

Spot the Scam_COVID relief_Walmart_0709

Walmart Foundation Pandemic Relief Funds Walmart and the Walmart Foundation generally provide more than $1 billion in cash and in-kind to support programs that align with our philanthropic priorities. We focus on areas where we can do the most good – combining the unique strengths of the business alongside our philanthropy. Our ability to draw on Walmart business strengths, providing more than just funding, helps our philanthropy to deliver greater societal impact. Today. Walmart.org. through the combined philanthropic efforts of both Walmart and the Walmart Foundation, creates opportunities for people to live better every day. We are working to assist individuals and small businesses that have been impacted by the Coronavirus (COVID-19). The ongoing evolution of the pandemic is prompting officials and corporations to provide emergency assistance and funding to help out individuals and small businesses who are experiencing

2. Posing as federal government

  • American Rescue Plan

    US COVID-19 relief bonus”. This site ask user to provide some sensitive information like SSN, picture of your State ID/Driver’s License/International Passport URL: https [:] //mybenefit4you[ . ]com/9
Spot the Scam_COVID relief_American Rescue plan_0709

Remember, the payment of American Rescue Plan will be delivered to families in need automatically. Do not let scammers collect your personal information!

  • Government pandemic extra stimulus bonus
    Content
    us department of state extra stimulus: get your covid-19 relief fund of $1,400 per-week for the next 26 weeks. for more details, please visit: https[:]//www.vistaloan [. ]cc/ index.php/covid-relief/
Spot the Scam_COVID relief_gov_0709

GOVERNMENT PANDEMIC EXTRA STIMULUS BONUS APPLY FOR YOUR COVID PANDEMIC RELIEF EXTRA BONUS NOW!!! This is on opportunity for you to be among the people who will benefit from pandemic relief bonus set up by the federal government, if you’re been affected one way or the other with the outbreak of corona which has more effect on our economy and citizen source of livelihood, this is a scheme set up by FG to ease and help you each citizen with a sum of $1400 every weeks as pandemic relief bonus. You don’t have to leave the comfort of your

Amazon Online Survey Scams


Amazon survey scams via text messages are still on-trend. Scammers send text messages with phishing links and prompt you to click on them using various excuses. Here are some examples we have observed this week. Look familiar? Yeah, that’s because we have written about them several times:

  • Out For Delivery: Credit Card – Amazon Pay ICICI Bank Credit Card for ICICI Bank Account XX0001 is out for delivery today through Blue Dart Courier, AWB 38509050904. Track status at <URL>
  • Get Amazon voucher worth INR 1000 on opening an online Citibank Suvidha Salary Account. <URL>
  • Delivered: Your Amazon package with 101 CREATIVE STAY AT HOME IDEAS: Mix a Lychee moc… and 2 other items was delivered. More info at <URL>
  • Amazon: Congratulations Dan, you came in 1st in March’s Amazon pods raffle! Follow the link to : <URL>
  • Good day Julie, we sent you an email regarding your Amazon Rewards. Here is what you can buy with it: <URL>

Once you click on the phishing link, you will be taken to an online survey page and asked to enter sensitive personal information in the end, such as banking details. Scammers will use the data you provide to steal your money as well as your identity!

Spot the Scam_Amazon Survey_0611
Spot-the-Scam_Amazon-Survey_0611-2

Streaming Service All-in-one Smishing Attack


1-year subscription to all online streaming video services including Netflix, HBO, Disney Plus or Amazon Prime, for FREE? That sounds too-good-to-be-true. We have written about Netflix free subscription scams, and now the same phishing messages evolve to an “all-in-one” package:

You have Netflix, HBO, Disney Plus or Amazon Prime Subscription? We have combined them ALL IN ONE and you get a FREE YEAR <URL>

If you take the bait and click on the phishing link, you will be taken to a page with a set of discount code. And then the web page asks you to select a plan you want.

Spot the Scam_Movie_0709_1

Then, you have to create an account to enjoy the streaming service. By clicking Continue, you will be taken to another web page and asked to enter personal information, including credit card number, expiration date, and CVC code. The credentials you enter will end up in scammers’ hands, and they will use it for identity theft.

Spot the Scam_Movie_0709_2

How to protect yourself?

  • Double-check the sender’s mobile number/email address.
  • Reach out to the official website or customer support directly for help.
  • NEVER click links or attachments from unknown sources. Use Trend Micro Check to detect scams with ease!

Send a link or a screenshot of suspicious text messages to Trend Micro Check on WhatsApp for immediate scam detection:

Trend Micro Check is available on WhatsApp.

Trend Micro Check is also available as a Chrome extension. It will block dangerous sites for you automatically:

Trend Micro Check blocks dangerous sites for you automatically.

Did you successfully spot the scams? Remember, always CHECK before your next move. If you found this article helpful, please SHARE to protect your family and friends!

Download Trend Micro Maximum Security for even more protection, including Web Threat Protection, Ransomware Protection, Anti-phishing , and Anti-spam Protection. Gain access to the Privacy Scanner for Facebook and Twitter, Social Networking Protection, and Parental Controls, too. Click the button below to give it a try:

Button_Maximum Security
Button_TMC_new