We’ve found lots of scams this week, including ones relating to Amazon, USPS, Costco, FedEx, and buyKOREA. Would you have been able to spot all these scams?
Impersonating trusted brands, and under a variety of pretenses, scammers love to spread phishing links via text message or email — almost always with the goal of stealing your personally identifiable information (PII) (i.e. bank login details, email address, Social Security number, credit card number, and more).
The phishing links lead to phishing sites designed to record your PII, with which scammers can commit other crimes, such as identity theft. Most commonly, the phishing sites will be disguised as fake login pages, where scammers can record your login credentials and other data. Below is an example.
Fake Amazon Security Alerts
We’ve reported on fake Amazon text messages countless times before, and this week scammers have been sending out fake security alert texts, trying to trick people into believing that there are safety issues with their Amazon accounts. The goal is to get them to click on the phishing link within the message (removed from the example below).
- Your Amazon account is at risk due to remote login, please go to the link to re-verify your account: <URL>
The link leads to a fake Amazon login page (sample below) that is visually very similar to the legitimate one. However, if you were to ever submit your login credentials on the fake site, scammers could access them and use them to log in to your account.
Block Spam and Scam Texts for FREE
For an easy way to avoid accidentally clicking on malicious links inside text messages, you’ll definitely want to check out Trend Micro Check — our 100% FREE mobile app that blocks scam and spam texts from entering your inbox.
Not only can it block unwanted texts, but Trend Micro Check can also keep you safe from malicious links on all your messaging apps (WhatsApp, Telegram, Tinder, etc.) and shield you from dangerous sites as you browse the web. Download today for free. Available for Android and iOS.
Fake USPS Delivery Notification
From June 21 to June 27 alone, we detected the USPS phishing scam text below over 3,700 times! Such fake USPS delivery notifications are designed to trick people into thinking there’s an issue with a package they ordered, so they let their guard down and click on the phishing link inside the message.
- FROM: USPS
Subject: Due to an invalid address
You have a package thats need to be delivered, but it has been suspended due to an incorrect delivery address. If you do not update your address before 00 hours, your package will be returned to sender. To delivery your package, please update your address by click the link below. <URL>
Notification ID : <PHONE>
In other cases, like in the next scam example, phishing links lead to fake survey forms where victims could end up exposing their PII.
Fake Costco Survey Texts
Scammers love to impersonate Costco and spread fake links. They often use tempting online surveys that promise gifts upon completion to try to lure people into clicking on the malicious links:
- Costco Inc: Thank you for being a loyal shopper! Please answer our 90 sec poll to help us better help you. <URL>
Below is a sample fake Costco survey page that promises a $100 Costco gift card as a reward for completing it.
However, there will be no gift sent out after the survey is completed, and any personal and/or financial information you enter on the bogus site will end up in the scammers’ hands. Be careful!
Fake FedEx Email
When posing as delivery companies, besides fake package notifications, scammers also use other excuses to try to trick people. We recently detected a total of 194 instances of the fake FedEx email below. The email says that you need to complete some customs paperwork linked inside the email.
However, the link leads to a fake email login page where scammers can record any credentials you submit. Watch out!
Fake buyKOREA Order Confirmation Email
buyKOREA is a global e-commerce platform for Korean products, and we’ve found that scammers have recently been misusing its name to commit crimes by sending fake order confirmation emails.
If you were to click on the link inside the email, it will take you to a fake buyKOREA login page that looks identical to the genuine one. Again, don’t enter any credentials here! (Safety tip: check the web address: the legitimate buyKOREA domain is origin.buykorea.org)
Fake buyKOREA login page
REAL buyKOREA login page
More Tips to Stay Safe Online
- Double-check the sender’s mobile number/email address. Even if it seems legitimate, think twice before you take any action.
- Free gifts are a red flag.
- Only use official websites/applications. Never click on dubious links! (Use Trend Micro Check).
- Check if any of your PII has been leaked and secure your social media accounts using Trend Micro ID Protection.
- Finally, add an extra layer of protection to your devices with Trend Micro Maximum Security. Its Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection will help you combat scams and cyberattacks.
If you’ve found this article an interesting and/or helpful read, please SHARE it with friends and family to help keep the online community secure and protected. Also, please consider leaving a comment or LIKE below.