This week we’ve found fake Black Friday sales campaigns featuring Rolex watches and phishing attempts in which scammers are impersonating trusted brands, including Spotify, USPS, and AUPost. Would you have been able to spot all these scams?  

Black Friday Scams

Have you made your decision on what to buy this Black Friday? While you’re searching for good deals, please beware of Black Friday shopping scams, especially fake promotional emails in your inbox.

We detected and blocked 424,346 emails promoting fake sales campaigns between Nov 11 and Nov 13. Featuring tempting discounts, these emails contain links to fake online shops. Below is an example in which scammers posed as Rolex:

Designer watches for just $250? That’s a red flag, but if you proceed, this is where the link will take you:

Don’t shop on these websites! You might never receive your order or only get something of low quality. When it comes to disputes, there would be no guarantee of a refund, either.

What’s worse, your personal information recorded by these websites could be at risk, including your delivery address and financial details. There might also be concerns about identity theft.

How to Protect Yourself from Scam Sites

The truth is, there are lots of scams and scam sites on the internet and they’re getting even more difficult to detect with common sense alone. However, for an easy and reliable method of detecting and avoiding scam sites, check out  Trend Micro ID Protection.         
 
ID Protection can shield you from scams, fake and malware-infected websites, dangerous emails, phishing links, and lots more! If you come across something dangerous online, you’ll be alerted in real time so you’ll know to stay well clear.        

Besides scam online shops, we also observed lots of phishing attempts that you should be cautious about.

Phishing Scams

Impersonating trusted brands, scammers attempt to get you to click on phishing links sent via text message and email. These links lead to phishing sites designed to steal your personally identifiable information (PII). With it, scammers can commit cybercrimes, such as draining your bank account or stealing your identity to sell it on the dark web.

Scammers often make up excuses to have you verify your account information using a phishing link which leads to a fake login page. There you’ll be asked to submit your login credentials, and they will end up in scammers’ hands. Below are some examples:

Spotify

This is not the first time we’ve written about fake Spotify emails. This week, falsely claiming that there’s a billing issue with your account, scammers instruct you to update your payment information:

Don’t click on the link! If you do, it will take you to a fake Spotify login page. As mentioned, scammers can record all credentials entered here and use them for their own good. Watch out!

Safety tips:

• Check the sender’s email address and the web address of the page. A legitimate Spotify email will end with @spotify.com, and the web address of a genuine Spotify web page will end with spotify.com.
• Go to Spotify directly instead of via a link in an email you believe may be suspicious. (You can search for its login page using a browser.)

Delivery Scams

This week we also saw lots of fake delivery tracking pages that aim to collect your PII. Sending bogus package notification texts, scammers want you to use the phishing link to update your delivery information. Below are some sample fake text messages posing as USPS and Australia Post:

#1 – USPS

• The USPS package has arrived at the warehouse and cannot be delivered due to incomplete address information. Please confirm your address in the link. <URL>

The link will take you to a fake USPS website where any credentials you enter will be exposed to scammers:

For the detailed story on USPS scams and tips to fight these unwanted texts, please check out this article.

#2 – Australia Post​

We’ve also seen an increasing number of fake delivery notifications impersonating Australia Post (AUPost):

• [Australia Post urgent notice] Your package number:5275862356 Failure notice of delivery! Because the delivery address is not clear, your package is not delivered Your package has returned to our operation center Please update your address,click the link:  <URL> Greetings from Austral

Similarly, the link leads to a fake AUPost page. Don’t enter any PII here!

Tips to Stay Safe Online

• Double-check the sender’s mobile number and email address. Even if it seems legitimate, think twice before you take any action.    
• Never click on dubious links or attachments! Only go to official websites and apps to make purchases, update information, or track a package’s status.
• If you’ve accidentally revealed your PII somewhere, change your passwords immediately and inform your bank and/or other companies that scammers may contact them pretending to be you. 
• Check if any of your PII has been leaked and secure your social media accounts using Trend Micro ID Protection.   
• Finally, add an extra layer of protection to your devices with Trend Micro Maximum Security. Its Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection will help you combat scams and cyberattacks.  

If you’ve found this article an interesting and/or helpful read, please SHARE it with friends and family to help keep the online community secure and protected. Also, please consider leaving a comment or LIKE below.