Tagged: phishing Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 9:05 am on December 15, 2023 Permalink | Reply
    Tags: , , , phishing, ,   

    New scam sends you a bill from Apple 

    New scam sends you a bill from Apple

    By Greg Collier

    Whenever you see a headline that says there’s a new scam, the odds are it’s an old scam in new clothing. It’s just more efficient to say there’s a new scam in the headline in order to better educate the reader. Today’s scam is no different.

    Security experts are saying scammers are sending bills to their victims that appear to look like a bill from Apple Computers. The bill says the recipient is being charged close to $300 for security ‘upgradation’. Upgradation is an English word, however, it is not used in American English. That should be someone’s first clue the bill is fraudulent.

    The bill contains a phone number to call in case the recipient has any questions. Once a victim calls the number, they’re told they’ll be issued a refund if they allow the phony customer service agent to have remote access to the victim’s device. Red flags do not get any redder than this. Once a user allows remote access to their device, bad actors can install malware on to the device, or gain access to your online accounts.

    A similar scam to this one is when victims receive an email that claims someone just made a large purchase on their Amazon account, prompting the victim to call a customer service included in the email.

    In this instance, the scammers are posing as Apple because Apple users have a reputation of being more affluent since Apple devices are more expensive than competitors’ devices. The scammers don’t actually know who owns an Apple device. They send out these email invoices en masse, hoping they snag an Apple using victim. It’s almost certain some Windows and Android users received phony Apple emails too.

    With these email scams, never call the phone number included. Instead, manually check your account from that vendor or service to make sure you haven’t been charged. If you still feel the need to call them, use the customer service number from their website.

     

  • Geebo 8:00 am on October 24, 2023 Permalink | Reply
    Tags: , , phishing, ,   

    USPS warns of $2M email scam 

    USPS warns of $2M email scam

    By Greg Collier

    The United States Postal Service (USPS) has had to issue many scam warnings in its recent past. The one you might most be familiar with is the undelivered package scam. This is when scammers send out text messages purporting to be from the USPS. The text messages say the USPS could not deliver the recipient’s package and needs additional information to make the delivery. These text messages often contain a link where the recipient will either be asked for personal or financial information. Now, the USPS is issuing a warning about an email scam they’ve discovered.

    According to the USPS, scammers are sending out emails asking for the recipient’s personal information such as street address and phone number, among other information. The emails look like they’re coming from the USPS, but they’re not. Much like the text messages, the emails also claim that a delivery is trying to be made to the recipient. However, in order to potentially get as much information as possible from the recipient, the scam emails are dangling a large incentive in front of them.

    The emails claim the recipient is receiving a $2 million cashier’s check along with $50,000 in money orders. The email then instructs the recipient to send their personal information to another address. From there, the recipient’s identity could be easily stolen. The USPS hasn’t said if anyone has fallen victim to this scam yet.

    As always, if something sounds too good to be true, it probably is. No one is sending out $2M checks out of the goodness of their hearts. Even if they were, the check would more than likely not be sent through the regular mail. Subsequently, the USPS does not reach out to customers through text, email, or phone call about undeliverable packages. They never ask for personal or payment information, either.

    If you receive an email like this, you’re asked to forward it to spam@uspis.gov before deleting the email.

     

  • Geebo 8:00 am on October 6, 2023 Permalink | Reply
    Tags: phishing, , quishing,   

    New QR code scam could show up in your inbox 

    New QR code scam could show up in your inbox

    By Greg Collier

    First, there was phishing, the emails from scammers that tried to get you to click on malicious links. Then there was smishing where scammers tried to get you to click on malicious links in SMS/text messages. Now, there is a new scam called ‘quishing’, which involves QR codes.

    QR codes are similar to the bar codes that get scanned at the supermarket. Except, in the case of QR codes, they direct you to a website. They’re essentially fancy links. When you scan a QR code with your phone’s camera, a URL will pop up for you to click on. While QR codes are used in many industries, their most common use is for advertising. You might see an ad that contains a QR code that will direct you to a sale on a retail site, for example.

    Scammers are now said to be sending emails containing QR codes. The scam emails are made to look like they’re being sent from well-known brands and companies. The email will ask the recipient to scan the QR code to receive some kind of discount or special offer. What actually happens when the code is scanned, the victim is taken to a website that infects their device with malware. From there, the scammers can potentially access any app you may have on your phone. The QR code could also take you to a website that’s cloned from the brand the scammers are imitating, where a victim will be asked for personal or financial information.

    After scanning a QR code, take a close look at the URL or web address it leads to. Be cautious if it appears to be misspelled, overly complex, or has a suspicious domain.

    If you happen to scan a fraudulent QR code, it’s crucial to promptly update your passwords for any affected accounts to prevent unauthorized access by scammers. Additionally, take immediate measures to enhance the security of your financial accounts. Enabling two-factor authentication (2FA) on these accounts is another effective way to bolster their protection against unauthorized access.

     

  • Geebo 8:00 am on August 11, 2023 Permalink | Reply
    Tags: phishing, , ,   

    New scam targets Venmo users 

    New scam targets Venmo users

    By Greg Collier

    If you use the mobile payment app Venmo, there are already a ton of scams you have to look out for. However, most of them are about whom the user is sending money to. Remember, Venmo is only supposed to be used between friends and family. Most legitimate businesses and organizations do not request payment through Venmo.

    But now there’s a new Venmo scam that’s determined to empty your account. The Ohio Division of Financial Institutions has issued a warning about the latest scam.

    The scam starts when the victim receives a text message that appears to have come from Venmo. The text asks the victim if their Venmo account was used in another part of the country. The message also contains a link to click on if you didn’t make that transaction.

    If the victim clicks on the link, they’re taken to a website that looks like it’s Venmo, but it’s actually a fake website designed to look like it. The fake website asks for the user’s log in credentials, and if they’re entered, the scammers can easily hijack the Venmo account and drain all the funds from it.

    So, how do the scammers know their victim has a Venmo account? In most instances, they don’t know. Scammers will send out these texts randomly while hoping someone will take the bait.

    There are a couple of ways you can protect yourself from this scam. The first is to never click on any links that appear in text messages from people you don’t know personally. Instead, log in to your Venmo account and review it for any potentially fraudulent charges. The other way is to enable two-factor authentication on your account. If your device has a fingerprint reader, it’s recommended to use that as your 2FA method as the fingerprint will be tied to your device, and not something that can be easily duplicated.

    And if Venmo is being used in a scam like this, it’s only a matter of time before it comes to Zelle, PayPal, and Cash App.

     

  • Geebo 8:00 am on August 1, 2023 Permalink | Reply
    Tags: , phishing, , , , X   

    Twitter rebrand brings out scammers 

    By Greg Collier

    If you’ve been following the news lately, you’re probably aware of Elon Musk’s rebranding of the social media platform Twitter into X. Gone is the blue Twitter bird that has graced the platform for over 15 years, replaced by a stylized X as the logo. So, when a story like this is large enough to garner national headlines, leave it to the scammers to take advantage of the situation.

    As we have said in the past, scammers are probably the most news-connected people around. They can take a news story as small as a local power outage to a massive story like this and use it to their advantage. In the case of Twitter/X, many scammers have launched a phishing campaign against Twitter/X users, especially those who signed up for Twitter Blue.

    Before Musk took over Twitter, to get the vaunted blue checkmark next to your name, you had to be someone of importance. After Musk bought Twitter, he instituted Twitter Blue, which allowed users to have a blue checkmark as long as they paid an $8/mo. subscription fee. Many critics claimed Twitter Blue devalued the checkmark, and therefore devalued Twitter.

    Now, while Twitter is in the middle of a rebrand, the scammers have decided to strike. Many Twitter Blue users have received emails telling them they need to update their subscriptions to X memberships. The email also contains a link for users to click on to supposedly update their memberships. If someone were to click on the link, they would essentially be handing their Twitter profile to scammers. From there, scammers can use what appear to be verified accounts to spread even more scams.

    To better protect yourself against phishing scams like this, do not click on links or download attachments in emails from unknown or suspicious sources. Check the email address of the sender to ensure it matches the official email address of the organization they claim to represent. Phishers often use email addresses that resemble the real ones, but have slight variations. Legitimate organizations rarely ask for personal information through email or text messages. Be cautious if an email requests sensitive data, such as passwords. Lastly, before clicking on any link, hover your mouse pointer over it to see the actual URL. This allows you to check if the link is legitimate or if it redirects to a suspicious website.

     

  • Geebo 8:00 am on May 31, 2023 Permalink | Reply
    Tags: .zip, , phishing, , top level domains, URLs   

    New domain extension already being used in scams 

    New domain extension already being used in scams

    By Greg Collier

    If you’re unfamiliar with .zip files, they can be one large file or several smaller files that are compressed into a .zip file to make the space they take up on your device smaller. These .zip packages can be decompressed, or unzipped, by using programs like Win-Zip, 7-Zip, or the built-in compression utilities provided by operating systems such as Windows and macOS.

    Many software applications and operating systems are distributed in the form of .zip files. This allows developers to package all the necessary files and folders into a single archive, simplifying the installation process for users.

    Earlier this month, Google started offering .zip internet domains. That means anyone who wants to buy a web address can purchase a .zip domain instead of .com or .net. Many tech enthusiasts chided Google for making .zip available for domains, as they could be abused by scammers. Now, according to tech reports, the scams have already begun.

    A victim could be thinking they’re downloading legitimate software, but are then directed to a .zip website that could infect their device with malware, among other things. The website will mimic a .zip file being extracted, along with a fake pop-up that says the .zip file has been scanned and no viruses were found.

    For a more detailed explanation of how this works, please read this article from Bleeping Computer.

    Unfortunately, there’s no hard and fast rule to protect yourself from such a scam. If you do download a .zip file, make sure it’s from a trusted source. Anything else that has .zip at the end of it, you may want to avoid it.

     

  • Geebo 8:00 am on May 23, 2023 Permalink | Reply
    Tags: , , , , look who died, , phishing, , ,   

    Scam Round Up: The classics make a return 

    By Greg Collier

    Even though there has been an uptick in technologically advanced scams, there are some classic scams that never went away. Here are three we think you should be reminded of.

    If you get a phone call or email that says there’s been a fraudulent charge on your Amazon account, the chances are it’s a scam.

    A woman from Lincoln, Nebraska, recently fell victim to this scam when she thought she was talking to the fraud department of her bank. The scammers convinced her she needed to make payments in Bitcoin to correct the error. She ended up sending the scammers $52,000 in Bitcoin after withdrawing it from her 401K.

    If you receive a call or message like this, go directly to your Amazon account and check for fraudulent charges. If there aren’t any, then whoever contacted you is trying to scam you. No matter how urgent they make it seem, slow down and verify their story before sending any money. And if Bitcoin is brought up in the conversation, then it’s definitely a scam.

    Scammers love to hijack Facebook accounts. When they do, not only do they get your personal information, but they can then use your account to try to scam everyone on your friends list.

    One of the ways they do this is by sending a Facebook message that says, “Look who died.” The message contains a link that appears like it will take you to a news article. Instead, it will inject malware onto your device that can hijack your Facebook account.

    Messenger is a pretty big breeding ground for scams. Outside of the ‘look who died’ message, you should also avoid messages about government grants, cryptocurrency, or just about any message that involves money.

    You may also want to let your Facebook friend know outside of Facebook that their account has been hacked.

    Last, but certainly not least, is the Publisher’s Clearinghouse scam. We’re all familiar with PCH. If you win a substantial prize from them, they surprise you at home in their Prize Van with a large novelty check. The thing with PCH is, you have to enter their sweepstakes first before you can win anything.

    Scammers will call victims at random while posing as PCH, telling their victims they’ve won millions of dollars. The scammers will then try to get their victims to make a payment to claim their prize. The payment will be disguised as something like taxes or processing fees. This is known as the advanced fee scam, which has cost victims thousands of dollars. Once a victim makes payment, the scammers will continue to string the victim along by asking for more money.

    Keep in mind, it’s illegal for sweepstakes like PCH to ask for money before issuing a prize. That’s why legitimate sweepstakes always have the tagline of ‘no purchase necessary’.

     

  • Geebo 8:00 am on May 17, 2023 Permalink | Reply
    Tags: , , , , phishing, ,   

    Victim sues banks for failing to prevent $500K loss 

    Victim sues banks for failing to prevent $500K loss

    By Greg Collier

    A 74-year-old woman from Hilton Head, South Carolina, is suing three major financial institutions for allegedly failing to prevent large transactions of hers being used in a months long scam. But before we get to that, please read how scammers tormented this poor woman.

    It started out when she received an email that appeared to come from PayPal. In actuality, it was a phishing email which said her account had been hacked. The email also offered customer service software that could prevent her account from being hacked. The software was actually malware that allowed scammers to take control of her computer.

    This allowed the scammers to access her bank accounts and take thousands of dollars from her. They also convinced her to withdrawal large sums of money and convert it to cryptocurrency to send them. This occurred through most of 2022.

    The victim’s son received a surprise anonymous text where he was warned by scammers that the last of his mother’s money was about to be stolen. It seems even scammers can have a change of heart. The son even received texts about how much information they had on his mother, including logins for close to a dozen of the woman’s online accounts.

    Her son then went out and bought her a new phone with a new number, and it wasn’t long before the scammers started contacting her through the new phone.

    The woman is now suing PayPal, Bank of America, and Wells Fargo for not better protecting consumers. The suit alleges all three corporations “failed to take corrective actions” while the fraud took place, which included large in-person transactions. According to the suit, the large transactions were never questioned.

    What do you think? Are the banks partially responsible for not putting a stop to these transactions? Or is the elderly woman just an unfortunate victim?

    Since this all started with the victim downloading malware from an email, it’s a good time to remind our readers not to click on any suspicious links from emails, even if they’re from a company you do business with regularly. That email may not actually be from that business. Instead, login directly into your account and address any issues from there.

     

  • Geebo 9:00 am on November 22, 2022 Permalink | Reply
    Tags: , , , , phishing, ,   

    Scam Round Up: Black Friday warning and more 

    Scam Round Up: Black Friday warning and more

    By Greg Collier

    This week in the Scam Round Up, we’re bringing you a reminder of an old scam, a new twist on a persistent scam, and a warning about this year’s holiday shopping season.

    ***

    The grandparent scam is still out there and shows no signs of slowing down. It’s becoming almost as common as the arrest warrant scam, which we’ll get to shortly.

    An elderly Florida woman recently lost $16,000 to the grandparent scam. A scammer called her, posing as one of her grandsons, and claimed he needed $50,000 for bail because of a car accident he was in. This scammer hit all the beats, saying he hit a pregnant woman with his car and not to tell anyone else in the family. The victim sent the scammers $16,000, which was all she had in savings. Her family found out when the victim started asking her friends how she could get more money.

    If you have an elderly relative, please let them know about this scam. If you receive a call like this, don’t say the grandchild’s name. This lets scammers know they have a potential victim on the phone. Ask the caller a question that only that person would know, to see if they are who they say they are.

    ***

    As we have said on multiple occasions, the arrest warrant scam is probably the most common scam in America. It’s at least the most reported one. Not a day goes by where we don’t see a report from some police department or sheriff’s office warning their residents of this scam.

    Typically, scammers call their victim posing as police while telling their victims they have an arrest warrant out for them. In most cases, the scammers will say the arrest warrant is for missing jury duty.

    More recently, residents of a Chicago suburb started receiving voice mails stating they had arrest warrants. They were then instructed to call a number that did not belong to their local police department.

    It’s unknown what happens when the fake police phone number is called, but all arrest warrant scams are designed to scare the victim into making some kind of payment that will make the warrant magically go away.

    No law enforcement office or agency will ever call you to demand a payment over the phone. If you receive one of these calls, hang up and call your local police at their non-emergency number.

    ***

    With Black Friday being this week, scammers will be out in droves trying to separate you from your money. This year, the Better Business Bureau is saying that the scammers will be more inclined to pose as a delivery company like UPS or FedEx than posing as a retailer like Amazon or Apple.

    This means scammers will be sending out texts and emails claiming you missed a delivery, or they need additional information to make the delivery. These messages will contain a link for you to click on. If you click on the link, you could be taken to a phony site that looks like the legitimate one from that delivery service. You’ll then be asked to input your personal information. Sometimes, you’ll be asked for your financial information for a redelivery fee, which isn’t a real thing. The phony website could also inject malware into your device, stealing even more information.

    As always, do not click on links in text messages and emails from people you don’t know personally. If you think there’s a problem with your delivery, go to the retailer’s website, and they’ll have the tracking information.

     

  • Geebo 9:00 am on November 17, 2022 Permalink | Reply
    Tags: phishing, , , ,   

    Postal delivery scam back in time for holidays 

    By Greg Collier

    The delivery scam really never went away. It was insanely popular with scammers during the pandemic, when we were supposed to be sheltering at home. Since then, there have been reports of this scam, but nowhere near as many as during the pandemic. However, with the holiday season on the horizon, this scam has started to pick up steam again.

    Since many of us will be expecting packages delivered to our homes for the holidays, scammers are betting on people being paranoid about the delivery itself. Several regions across the US are reporting an increase in scam text messages that claim to be from the United States Postal Service. These messages say you missed a delivery to your home, or it will say that the package address wasn’t clear enough.

    The message contains a link to click on, so you can supposedly reschedule the delivery. In previous instances of this scam, if you click the link, you’d be taken to a website that looks like the USPS website but isn’t. You’d then be asked to enter your financial information because there is a redelivery fee of $3.00. From here, the scammers would use your financial information to steal as much as they can from you before you notice.

    If you receive a text message like this, think about it for a moment. Did you give the post office your phone number? You probably didn’t and there’s no way for them to find it. The days of the White Pages are over. In general, government services are not in the habit of calling or texting their users. In the majority of cases, if there’s a problem with the service, you need to go to them.

    The best way to protect yourself from this scam is to not click on any links in text messages from people you don’t know personally. You can also sign up for the USPS Informed Delivery service, so you can know exactly when a delivery is expected to be delivered to your home.

     

← Older posts

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel