This week we’ve found online shopping scams featuring fake Black Friday sales and phishing attempts in which scammers are impersonating trusted brands, including American Express and Navy Federal Credit Union. Would you have been able to spot all these scams?  

Black Friday Shopping Scam

Black Friday is just around the corner! Have you sorted out your wish list yet? If you’re searching for the best deal this Black Friday, please be on the lookout for scam online shops.

Many people have come across this Facebook ad impersonating Bath & Body Works, promoting a clearance sale:

Amalosia[.]com

A pair of diffusers for only $2.90? This deal seems too good to be true — and it is. This ad will take you to a SCAM online shop called Amalosia[.]com. (Note: The legitimate web address of the Bath & Body Works website is bathandbodyworks.com).

Our friends over at the anti-scam website ScamAdviser awarded Amalosia a Trustscore rating of just 1 out of 100.

In fact, we’ve written about similar scam cases that circulated on Facebook several times before. Victims who placed an order never received any products in the end. Don’t fall for the scam!

How to Protect Yourself from Scam Sites

The truth is, there are lots of scams and scam sites on the internet and they’re getting even more difficult to detect with common sense alone. However, for an easy and reliable method of detecting and avoiding scam sites, check out our free Trend Micro ID Protection.         
 
ID Protection can shield you from scams, fake and malware-infected websites, dangerous emails, phishing links, and lots more! If you come across something dangerous online, you’ll be alerted in real time so you’ll know to stay well clear.        

Besides scam online shops, scammers also spread phishing links to try to trick people:

Phishing Scams

Impersonating trusted brands, scammers attempt to get you to click on phishing links sent via text message and email. These links lead to phishing sites designed to steal your personally identifiable information (PII): email address, credit card number, Social Security number, and more.

With your PII, scammers can commit cybercrimes, such as draining your bank account or stealing your identity to sell it on the dark web. Scammers often send fake security notifications and prompt you to verify your account information using their phishing link. The link takes you to a fake login page that asks for your login credentials. Below are some examples:

American Express​

We’ve reported on lots of fake bank alerts in the past, and this week we detected another wave of fake emails impersonating American Express. Falsely claiming that your account requires verification, scammers instruct you to click on the link:

If you proceed, you will be taken to this fake American Express page that asks for your credit card details, including the CVC code and expiration date. Scammers can record all the data entered and use it for their own good. Don’t submit any of your credentials here!

Navy Federal Credit Union​

In addition to American Express, we’ve also detected fake emails from Navy Federal Credit Union​ (NFCU). Scammers fake a transaction notification and ask you to view the details using the button in the email:

Don’t click! The button will take you to a copycat version of the genuine NFCU website, and the site is designed to steal your login and personal information:

Note: The legitimate domain of the NFCU website is navyfederal.org. Take a closer look!

Tips to Stay Safe Online

• Double-check the sender’s mobile number and email address. Even if it seems legitimate, think twice before you take any action.    
• Never click on dubious links or attachments! Only go to official websites and apps to make purchases, update information, or track a package’s status.
• If you’ve accidentally revealed your PII somewhere, change your passwords immediately and inform your bank and/or other companies that scammers may contact them pretending to be you. 
• Check if any of your PII has been leaked and secure your social media accounts using Trend Micro ID Protection.   
• Finally, add an extra layer of protection to your devices with Trend Micro Maximum Security. Its Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection will help you combat scams and cyberattacks.  

If you’ve found this article an interesting and/or helpful read, please SHARE it with friends and family to help keep the online community secure and protected. Also, please consider leaving a comment or LIKE below.