This week, we’ve found lots of phishing scams in which scammers are impersonating trusted brands, including PayPal, USPS, Capital One, Bank of America, and Choice Bank. Would you have been able to spot all these scams?
PayPal Scam
Do you use PayPal? We’ve seen many PayPal scams in the past, where scammers exploit PayPal’s invoice system to trick people. This week, we’ve detected scammers sending random fake emails impersonating PayPal. (Note: Always check the sender’s email address!):
Coming from a personal email address (a red flag!), this fake PayPal Business email falsely claims that PayPal has charged you $249.99. It then instructs you to contact them via the provided phone numbers if you’ve never signed up for PayPal Business. Guess who is on the other end of the call? Scammers!
If you were to fall for the scam and call them up, scammers will try to trick you into sharing your personal and/or financial information — which can lead to identity theft and any number of other crimes in YOUR name. Be careful!
In other cases, scammers send emails with malicious attachments. Don’t click! You might end up having your device infected with malware or revealing your personally identifiable information (PII):
Stay Away from Scams for FREE
The truth is, there are lots of scams and scam sites on the internet and they’re getting even more difficult to detect with common sense alone. For an easy and reliable method of detecting and avoiding scam sites, check out our free browser extension (Trend Micro ID Protection) and free mobile app (ScamCheck).
Both ID Protection and ScamCheck can protect you against scams, phishing links, dangerous websites, and lots more! If you come across something dangerous online, you’ll be alerted in real time so you’ll know to stay well clear.
Phishing Scams
Scammers also often pose as trusted brands and send text messages and emails containing phishing links under various pretenses to trick you.
They might falsely claim that you need to download attachments, update a delivery’s status, or say they’re offering you a free gift, eventually attempting to get you to click on a phishing link.
The links will take you to phishing sites designed to record your PII, for example, your email address, credit card number, Social Security number, and even more. With it, scammers can drain your bank account, steal your identity, or commit any number of other crimes. Below are some examples.
USPS (Package Renew Scam / Beed Pakes Scam)
We’ve been tracking fake USPS text messages for weeks, and new cases never cease to emerge:
- [Delivery failed, addressee unknown] Your item has been delivered to the transit warehouse .But you are not at the shipping address or you don’t have a safe place to store it temporarily. Please click this link to view <URL> Get More Out of USPS Tracking: USPS Tracking Plus
- USPostal: Your shipment has arrived at the transit center, but due to an incomplete shipping address, your shipment has been placed on hold. <URL> best regrads, United States Postal Service
- USPostal: Your package has arrived at the transit center, but we are unable to continue delivery due to missing address details. Sincerely, USPS Customer Service
These fake delivery notifications instruct you to click on the attached phishing link to update package information, but these links will just take you to a fake USPS website where you could expose your PII.
Sample scam USPS web addresses (as of Sep 22):
- Packagerenew[.]com
- Beedpakes-usps[.]com
- Usps[.]uspsbk[.]com
- Usps[.]issue-parcel[.]com
- Uspost-mvp[.]com
- Usps-helpser[.]com
- Usps-item[.]com
- usps-logistics-notice-number00[.]top
Note: Take a close look at the web address! The only legitimate domain is usps.com. Watch out!
Bank Scams
Besides delivery companies, scammers also love to impersonate banks and send fake transaction notes, security alerts, and other bogus banking notifications:
#1 – Capital One
“Your dispute credit is pending!” Scammers pose as Capital One and ask you to download the attachment to receive a pending payment:
If you do click, you will be taken to a fake Capital One login page. Don’t submit any PII! All login credentials you enter will end up in scammers’ hands, and they can thus gain control of your bank account. Be careful!
#2 – Bank of America
Fake Bank of America emails/texts are also reoccurring — we’ve reported on them several times before. This week, instead of sending links to fake login pages, scammers offer you a payment of $4.5 million (what!!):
If you take the bait, you will need to provide some PII — again, scammers will use the data for their own good. Don’t fall for the scam!
#3 – Choice Bank
Similarly, scammers prompt you to reveal your PII with an alleged huge payment to your account ($1,500,000) via email. Stay clear of this one!
Tips to Stay Safe Online
- Double-check the sender’s mobile number and email address. Even if it seems legitimate, think twice before you take any action.
- Never click on dubious links! Only go to official websites and apps to make purchases, update information, track a package’s status, etc.
- If you’ve accidentally revealed your PII somewhere, change your passwords immediately and inform your bank and/or other companies that scammers may contact them pretending to be you.
- Check if any of your PII has been leaked and secure your social media accounts using Trend Micro ID Protection.
- Finally, add an extra layer of protection to your devices with Trend Micro Maximum Security. Its Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection will help you combat scams and cyberattacks.
If you’ve found this article an interesting and/or helpful read, please SHARE it with friends and family to help keep the online community secure and protected. Also, please consider leaving a comment or LIKE below.