Costco Christmas Gift, iCloud, Australia Post, and Capital One: Top Scams of the Week

    costco scam

    This week we’ve found phishing attempts in which scammers are impersonating Costco, iCloud, Australia Post, and Capital One. Would you have been able to spot these scams? 

    Phishing Scams

    Impersonating trusted brands, scammers send text messages and emails containing phishing links and attempt to get you to click on them.

    These links will take you to phishing pages designed to steal all your PII, such as your Social Security number, login credentials, and credit card details. With it, scammers can commit crimes like identity theft.

    Most commonly, scammers will use the lure of free gifts to try to get you to click the links. Their goal is to take you to fake online survey pages where you’ll be asked to provide lots of PII.

    Costco Christmas Scam

    During the holiday season, lots of scams come disguised as Christmas giveaways or sales campaigns. This week we detected this fake Costco Christmas gift email over 32,102 times:

    Costco Christmas Gift Scam Email

    Falsely claiming that you can win a Christmas reward, scammers instruct you to click on the button to “unwrap” the gift. Don’t do so! It will lead you to an online form that collects all your personal information, which could end up in scammers’ hands. And of course, you won’t receive any gift! 

    Protect Yourself from Scams

    The truth is, there are lots of scams and scam sites on the internet and they’re getting even more difficult to detect with common sense alone. However, for an easy and reliable method of detecting and avoiding scam sites, check out Trend Micro ID Protection.         
    ID Protection can shield you from scams, fake and malware-infected websites, dangerous emails, phishing links, and lots more! If you come across something dangerous online, you’ll be alerted in real time so you’ll know to stay well clear.        

    iCloud Storage Survey Scam

    Many iOS users often worry about running low on iCloud storage. That’s why scammers love to use bogus iCloud storage alerts to trick people:

    • Your cloud storage is beyond capacity. Remove excess files to save your data. As a loyal customer, receive 25GB more for free. <URL>
    • CLOUD HAS EXPIRED. Your photos, files and more will be deleted if you dont upgrade <URL>

    Warning you that you’ve run out of storage, scammers prompt you to add more via the attached link. It then takes you to a survey page that promises you an additional 50GB of storage if you fill out the questionnaire:

    iCloud Survey Scam

    In the end, the page requires you to provide credit card details. Don’t do so! Scammers would be able to access them and use them for their own good!

    iCloud Survey Scam

    In some other cases, the phishing links will take you to fake login pages where scammers can record all your login credentials. They might send fake notifications asking you to update information, check some settings, or something else. Below are some examples.

    Australia Post

    We’ve seen fake Australia Post delivery texts several times before. Scammers attempt to convince you that you need to update your delivery address to get your package shipped (which doesn’t even exist):

    • Hey! Your delivery has been terminated. Because the delivery address is wrong. Need to update your shipping address: <URL>

    If you proceed with the attached link, it will take you to a fake AUPost package tracking page, and you could eventually expose your payment details. Be careful!

    Capital One

    Months ago, we wrote about fake Capital One emails, and recently they’ve started to appear again:

    Scammers pose as Capital One and try to get you to click the link to review your account. Again, it will take you to a fake login page where any data you submit could be stolen. Watch out!

    FAKE Capital One login page
    Fake Captial One login page
    REAL Capital One login page
    REAL Capital One login page

    Tips to Stay Safe Online

    • Double-check the sender’s mobile number and email address. Even if it seems legitimate, think twice before you take any action.    
    • Reach out to the company’s customer service directly for help and support.
    • Never click on dubious links or attachments! Stick to official websites and apps.
    • If you’ve accidentally revealed your PII somewhere, change your passwords immediately and inform your bank and/or other companies that scammers may contact them pretending to be you. 
    • Check if any of your PII has been leaked and secure your social media accounts using Trend Micro ID Protection.   
    • Finally, add an extra layer of protection to your devices with Trend Micro Maximum Security. Its Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection will help you combat scams and cyberattacks.  

    If you’ve found this article an interesting and/or helpful read, please do SHARE it with friends and family to help keep the online community secure and protected. Also, please consider leaving a comment or LIKE below. Happy New Year!

    Post a comment

    Your email address won't be shown publicly.


    • By Suzanne Woods | January 9, 2024
    • By Judy Jan | January 4, 2024
    This website uses cookies for website functionality, traffic analytics, personalization, social media functionality and advertising. Our Cookie Notice provides more information and explains how to amend your cookie settings.