Phishing Scams of the Week: Omicron, Amazon, IRS, UPS, Walmart, Costco, Coinbase, and LinkedIn
This week we’ve found a large number of phishing scams that you need to watch out for, including ones relating to Omicron, Amazon, the IRS, UPS, Walmart, Costco, Coinbase, and LinkedIn. Would you have been able to spot all the scams?
Phishing scams are one of the scammers’ favorite weapons! Conventionally, while impersonating famous brands, they send out fake text messages and emails containing phishing links and try to entice you into opening them with promises of “prizes”, “discounts”, and more.
Most commonly, the links take you to fake log-in pages that seem to belong to various brands. These pages require you to submit log-in credentials to check a package’s delivery status, change account settings, or whatever other tasks the scammers have asked you to complete. Here are a few examples:
Omicron PCR Test
It can be terrifying to learn that you might have been exposed to COVID-19, especially its Omicron variant. We’ve reported on “Free Omicron PCR Test” phishing emails from the NHS before, but now they’ve started to circulate as phishing text messages:
You’ve been in close contact with someone who has recently tested positive for Omicron. Please order a PCR test kit: order-pcr-test[.]com
The link will take you to a fake NHS log-in page where you have to submit personal credentials and also credit card details for the delivery of the testing kit.
In other instances, these links lead to online survey pages that state you can claim a gift by filling out an online questionnaire. After that, you are prompted to enter credit card numbers before your “gift” can be delivered.
Gift Card Scam
“You’ve won in a raffle!” This line is probably the scammers’ absolute favorite!:
You, W0N The DaiIy RaffIe for a $5OO GlFT-CARD..CoIIect your PRlZE by MlDNlGHT <URL> Stop to end
As with other scams, the link leads to a fake online survey page that eventually collects your credentials, including credit card details. Don’t get scammed!
The scammers’ ultimate goal is to steal your personal information — they’ll record everything you enter on their fake pages and use it to commit cybercrimes: e.g., hack into your bank account or steal your identity. Don’t let them!
Browse the web safely with Trend Micro ScamCheck (it’s free!)
ScamCheck is an all-in-one browser extension for detecting scams, phishing attacks, malware, and dangerous links – and it’s FREE!
After you’ve pinned ScamCheck, it will block dangerous sites automatically! It’s available on Safari, Google Chrome, and Microsoft Edge.
Check out this page for more information on ScamCheck.
Amazon Survey Scam
Amazon is easily one of the most impersonated brands. Promising gift cards or other expensive rewards, scammers try to lure you into clicking on the attached phishing links with various excuses:
RED CROSS BLOOD CRISIS: Your help is critically needed! Come give in Feb=$10 Gift Card by email from Amazon! Book now: <URL> Reply2Stop
This week we’ve also detected several other fake raffle campaigns that have been spreading via email. The links in these fake emails will direct you to a fake online survey page that tries to collect your address and credit card details.
UPS
“We have a surprise for you…” — scammers.
Walmart (ft. Dyson V11 Vacuum Cleaner)
“Congrats! You’ve received a WALMART reward!” – scammers. (There’s no reward!)
Costco (ft. iPhone 13)
“Congrats! You can get an iPhone 13 from Costco!” – Scammers
LinkedIn / Dating Sites Scam
Just like last week, the reoccurring LinkedIn phishing emails are still out there, leading victims to scam/explicit dat7r3nd4Lyf32ing websites where you could eventually lose your personal information as well as money. Don’t fall for it!
Coinbase Scam
We’ve seen scammers pose as Coinbase and send fake account retrieval emails to users before, but now this phishing scam has a new SMS-based variant:
【coinbase】wallet freeze, unfreeze period 2022-2-19 coinbasehk[.]co
If you fall for it and click on the attached link, you will be taken to a fake Coinbase website (always take a close look at the web domain). Here, you are requested to “update” your crypto wallet and enter a recovery phrase — DON’T!
Note: the legitimate web address for Coinbase is coinbase.com.
Besides Coinbase, we detected lots of other scams featuring crypto wallet companies, including Trust Wallet and MetaMask. Read the full story here.
Tax Scams
The 2022 tax filing season began on January 24th. As ever, the scammers wasted no time launching lots of fake tax refund websites to exploit people. They’ve created copycat websites that look very similar to legitimate government websites — both in the US and overseas — to try to steal people’s personal information:
Fake IRS website
Fake GOV.UK website
How to Protect Yourself
- Double-check the sender’s mobile number/email address.
- Free gifts or prizes are always a major red flag.
- Always go to the official website/application instead of using links from unknown sources.
- Use Trend Micro ScamCheck to surf the web safely (it’s free!)
- Add an extra layer of protection to your device with Trend Micro Maximum Security. Its Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection can help you combat scams and cyberattacks. Click the button below to give it a try:
As ever, if you’ve found this article an interesting and/or helpful read, please do SHARE it with friends and family to help keep the online community secure and protected.