MetaMask, PayPal, USPS, and Amazon – Top Phishing Scams This Week

    MetaMask, PayPal, USPS, and Amazon – Top Phishing Scams This Week
    Shutterstock

    We’ve found a large number of phishing scams that you should watch out for, including ones relating to PayPal, MetaMask, USPS, and Amazon. Would you have been able to spot all the scams?

    Phishing Scams

    Impersonating famous brands and companies, scammers will send out phishing links (usually via text message or email) and try to entice you into opening them with various lies. As seen below, these phishing links will lead to malicious websites containing fake log-in pages.

    MetaMask KYC Phishing​ Email

    We’ve reported a lot of fake MetaMask emails last year. As time goes by, there are more and more phishing attempts leveraging MetaMask’s name. Falsely claiming that your MetaMask wallet could be suspended soon due to the Know Your Customer (KYC) regulations, scammers prompt you to click the attached link to validate your account:

    Spot the Scam_MetaMask Phishing_Email_20230113

    The link will take you to a fake MetaMask login page that requests for your seed phrase, or recovery phrase – the ultimate key to your crypto wallet.

    Spot the Scam_MetaMask Phishing_Fake KYC Validation Website_20230113
    Sample fake MetaMask login page.

    If you’ve ever fallen for the scam and yielded your recovery phrase, scammers can use it to take control over your crypto wallet and steal every “bit.” Don’t let them!

    Detect Phishing Links with Ease — Trend Micro ScamCheck

    Trend Micro ScamCheck is a browser extension and mobile app for detecting scams, phishing attacks, malware, and dangerous links — and it’s FREE!

    After you’ve pinned the ScamCheck extension, it will block dangerous sites automatically! (Available on Safari, Google Chrome, and Microsoft Edge.)

    TMC_CTA_Extension_2022

    You can also download the ScamCheck mobile app for 24/7 automatic scam and spam detection and filtering. (Available for Android and iOS).

    TMC_CTA_Mobile_2022

    Check out this page for more information on ScamCheck.

    Paypal Invoice Scam

    We’ve already seen too many PayPal invoice scams before. This week scammers pretend to be from a company called Bill Pay and send you an invoice via PayPal:

    Spot the Scam_PayPal LLC Invoice Scam Email_20230113
    Source: Reddit

    Here are more details of how these PayPal invoice scams unfold:

    1. Scammers create fake profiles on PayPal and send you an invoice.
    2. They prompt you to make a phone call to claim a refund if you don’t recognize the payment.
    3. They will instruct you to provide personal info/money over the phone call, or even trick you to give them remote access to your device.

    The trickiest part is that the sender’s email address of the invoice are REAL (@paypal.com). We suggest that if any invoice contains instruction off the PayPal system (i.e. ask you to make a phone call instead of using PayPal application), it is a major red flag. Stay alert!

    USPS Shipping Scam

    Every day is a shopping day, and every day you are the target of a delivery scam! We’ve written about fake USPS shipping notification texts and emails, and this week there’s still a new version:

    • [US/P.S]:We cannot deliver your package to door due to the incomplete house number, please fill in the address-: <URL>

    The attached link will take you to a fake USPS tracking page that asks you to submit some personal information, including your street address and phone number. 

    Spot the Scam_USPS_Fake Tracking Page_20230113

    Don’t enter anything! Scammers can record the data you enter onto these pages and use it to take control of your accounts and commit crimes such as identity theft.

    Amazon Phishing Texts

    Amazon is another most impersonated brand. This time scammers send you fake security alerts with a set of One-Time Password (probably fake) and urge you to click on the phishing link to secure your account:

    • 801626 is your Amazon OTP.If you didn’t authenticate this transaction,click here <URL>

    Again, the attached link will lead to a fake Amazon login page. Scammers can record all the credentials you’ve submitted and use them for their own good:

    Spot the Scam_Amazon_Phshing Page_20230123

    Protect Yourself from Phishing Scams

    • Pay close attention to URLs — are they legitimate?
    • Double-check the sender’s mobile number/email address; even if it seems legitimate, don’t click on any attached links. Go to the official website/application instead!
    • Never click on links or attachments from unknown sources. Use Trend Micro ScamCheck to surf the web safely (it’s FREE!).
    • Change your password as soon as possible if you’ve already clicked on a suspicious link. Consider using our online Password Generator (also FREE!) to create strong, tough-to-hack passwords.
    • Finally, add an extra layer of protection to your devices with Trend Micro Maximum Security. Its Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection will help you combat scams and cyberattacks. Click the button below to give it a try.

    If you’ve found this article an interesting and/or helpful read, please SHARE it with friends and family to help keep the online community secure and protected. Also, please consider leaving a comment or like below. Stay safe, folks!

    Post a comment

    Your email address won't be shown publicly.

    0 Comments

      This website uses cookies for website functionality, traffic analytics, personalization, social media functionality and advertising. Our Cookie Notice provides more information and explains how to amend your cookie settings.