This week, we’ve found lots of phishing scams in which scammers are impersonating trusted brands, including USPS, Spotify, and Walmart, as well as fake back-to-school sales campaigns. Would you have been able to spot all these scams?  

Phishing Scams 

Posing as trusted brands, scammers spread fake text messages and emails containing phishing links and various lies and excuses. For example, scammers often impersonate delivery companies and send fake notifications that instruct you to click on phishing links to update delivery details. Or, they might claim to be offering you a free gift and ask you to redeem it via the link.

What’s the end goal? Well, these links lead to phishing sites designed to record your personally identifiable information (PII), for example, your email address, credit card number, Social Security number, and even more. With it, scammers can drain your bank account, steal your identity, or commit any number of other crimes. Below are some examples.

USPS Scam (usps[.]quicktpos[.]com and MORE)

Many people rely on online shopping and delivery services a lot, and that’s why scammers love to pose as USPS to trick people. As we’ve written several times before, they send out fake texts with links that lead you to fake tracking pages:

• The USPS package has arrived at the warehouse and cannot be delivered due to incomplete address information. Please confirm your address in the link. Ready to ship when changes are complete <URL> (Please reply Y, then exit the SMS, and reopen the SMS activation link. Or copy the link to Google Chrome to open) The USPS team wishes you a great day!
• Frm: Usps Msg: Due ##blankGreeting : ##username an invalid address You have a package thats need to be delivered, but it has been suspended due ##blankGreeting : ##username an incorrect delivery address. If you do not update your address before 00 hours, your package will be returned to sender. To delivery your package, please update your address by click the link below. <URL> Regards, USPS Team .PACKAGE-#0O0TPA
• USPostal: Because the shipping information you provided is not detailed enough, we are unable to deliver to your door. Please provide a clearer address description to help us successfully deliver your package. Details: <URL> sincere regards USPS Customer Service

No matter what excuse they use, these links are all fake and will take you to fake USPS pages where you could eventually expose your PII. Note: Take a close look at the web address! The only legitimate domain is usps.com.

Sample scam USPS web addresses:

• usps[.]quicktpos[.]com
• usps[.]postsale[.]vip
• express-uspc[.]com

Protect Yourself from Scams for FREE     

The truth is, there are lots of scams and scam sites on the internet and they’re getting even more difficult to detect with common sense alone. For an easy and reliable method of detecting and avoiding scam sites, check out our free browser extension (Trend Micro ID Protection ) and free mobile app (Trend Micro Check). 

Both ID Protection and Trend Micro Check can protect you against scams, phishing links, dangerous websites, and lots more! If you come across something dangerous online, you’ll be alerted in real time so you’ll know to stay well clear.    

Besides texts, emails containing phishing links are also rampant.

Spotify Email Scam

Do you use Spotify? Watch out for this fake Spotify email! Scammers are sending fake billing emails that prompt you to click on the button to make a payment to continue using Spotify:

If you do as instructed, you will be taken to a fake Spotify login page. Hint: Check the sender’s email address – a genuine Spotify email ends with @spotify.com. Everything submitted here will end up in scammers’ hands – don’t let that happen!

Note: Official Spotify pages always end with spotify.com.

Walmart TV Scam​

Walmart is also one of the most impersonated brands – we’ve seen fake Walmart text messages before. Tricking you into thinking that you can collect a gift for free, scammers prompt you to click on the attached phishing link:

• ((1) pending walmart product to: Janet. Last chance to collect: <URL>)

The link opens a fake online support page that instructs you to answer a series of questions:

Then, eventually, you will be asked to provide lots of PII, including delivery addresses and credit card information. Of course, there’s no gift, and your PII will be stolen. Don’t fall for it!

Back-to-School Shopping scam

We’ve reported on fake back-to-school shopping sites these last few weeks, and as of September 3, 2023, we’ve already detected over 235,956 scam URLs hosting such bogus BTS sales campaigns – that’s a 72% increase compared to last year! Below are some of this week’s scams:

#1 – MASKC

• MASKC: Back To School Sale   As Covid cases rise, protect you and your family from back to school germs with 30% off all masks and vitamin packs.      Use Code: STAYSAFE – <URL>  .

#2 – Evenflo

• Evenflo: Today’s the last day to save 20% and simplify your back to school routine! Use code SCHOOL23 to save on select products now through August 31, 2023. Shop now: <URL>  Text STOP to opt-out

We suggest you never place any orders on these fake websites. There’s no guarantee when it comes to disputes or refunds. Plus, there could also be privacy risks — any PII you enter could be leaked. Be careful!

Tips to Stay Safe Online

• Double-check the sender’s mobile number and email address. Even if it seems legitimate, think twice before you take any action.          
• Only use official websites and apps. Never click on dubious links!  
• If you’ve accidentally revealed your PII somewhere, change your passwords immediately and inform your bank and/or other companies that scammers may contact them pretending to be you. 
• Check if any of your PII has been leaked and secure your social media accounts using Trend Micro  ID Protection.   
• Finally, add an extra layer of protection to your devices with Trend Micro Maximum Security. Its Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection will help you combat scams and cyberattacks.  

If you’ve found this article an interesting and/or helpful read, please SHARE it with friends and family to help keep the online community secure and protected. Also, please consider leaving a comment or LIKE below.