The Latest Online Scams to Avoid in June

June 6, 2018

6:04 am

Another month, another round of security threats and online scams. In the past week alone, it was reported that 500,000 routers worldwide are host to Russian-origin malware. The internet security news cycle means you’re never far from breaking news of another data breach or security threat to watch out for.

But, online scams aren’t all operating on a scale massive enough to make the news. Often, the most pervasive threats are the ones that slip quietly into your inbox, hoping to trick unsuspecting victims into handing over personal or financial details. It’s essential to remain vigilant to such scams.

To keep you ahead of the scammers, here’s our monthly roundup of the most recent scams that might slip into your email inbox while you’re distracted by whatever PR crisis Facebook stumbles into during the month of June.

Paypal Phishing Scam

How the scam works

Phishers  — scammers fishing for personal information through messages lying about being from an official source — have a clever trick. They can write their false emails as if they are official messages designed to warn customers about suspicious activity, therefore tricking the victims who care the most about protecting their accounts.

How to spot the scam

The example above showcases a few tip-offs that can help you identify an email scam: There are a few egregious misspellings. The text of the email uses “ouur” instead of “our,” as well as a capitalization where it doesn’t belong.

Also, the email uses the generic greeting of “Dear Customer,” a sign that it’s a form email rather than an official one.

What to do

If one of these emails crosses your path, just forward it to the email address “spoof@paypal.com,” and keep the email headline the same. You can call PayPal at 1-888-221-1161 to report the phishing attempt.

Your Paypal account hasn’t really been compromised, as long as you haven’t clicked anything in the email, so you don’t need to take further steps to protect it.

Finally, if you aren’t sure whether it’s an email scam or not, just follow one simple rule: Go directly to your Paypal account in a desktop browser — without clicking any link in the email itself.

Vega Stealer Malware

How the scam works

This new malicious software appears to be a harmless .doc file labelled “brief.” Once downloaded, the “Vega Stealer” software finds any credit card details, passwords, or otherwise sensitive documents on the device it has infected.

How to spot the scam

Thankfully, this malware is targeting a specific group: Business owners in either the Marketing/Advertising/Public Relations industry or in the Retail/Manufacturing industry. “Online store developer required” was one subject line used for the initial email containing the malware.

By sticking to a narrow niche, the Vega Stealer malware can more efficiently locate information that its owners can more easily exploit.

What to do

If those industries apply to you, or if you have any other reason to be suspicious of downloads, don’t download any documents to your computer, no matter how innocent the file appears to be, unless you trust the source.

If you have already downloaded a file you suspect to be malware, contact a qualified cybersecurity company: It’s too late for preventative measures.

Netflix Phishing Scam

How the scam works

This phishing email directs you to the login(dot)netflix-activate(dot)com website, where it will refer its hapless victim through a series of moderately convincing landing pages designed to look like the official Netflix.

It then asks for personal information including a user’s address, phone number, date of birth and payment information, before depositing them on a (fake) page claiming that their “account has been updated.” The site even has an HTTPS address, as security blog Malwarebytes explains.

And, since the email scam claims you might lose access to your account if you ignore the warning, the scam creates a ticking clock that encourages victims to give away their information.

How to spot the scam

Here’s what the real Netflix website has to say about phishing emails:

“Never enter your login or financial details after following a link in an email or text message. If you’re unsure if you’re visiting our legitimate Netflix website, type www.netflix.com directly into your web browser.”

What to do

Like PayPal, Netflix wants targets of a phishing email scam to let them know by forwarding it to Netflix’s address (phishing@netflix.com) before deleting it.

The Apple Support Scam Call

How the scam works

If you get a phone call or six from someone claiming to be from the Apple Support team, they’re likely trying to trick you into navigating to a misleading website landing page like the above example from “FastSupport(dot)com.”

If you accept the bait, they’ll tell you to search for a specific phrase — one that their website ranks at the top of Google for. They may want to give you malware, but they’ll more likely attempt to use their access to your computer simply to convince you to buy expensive junk software that you don’t need.

How to spot the scam

Tech journalist Lance Ulanoff discussed this very scam in a recent Medium article, in which he listed a couple tip-offs that alerted him to the scam early on.

  • Is your phone number connected to an Apple account? If the call is to a home phone that isn’t in Apple’s database, it’s a scam.
  • Also, Apple doesn’t call its customers. Apple sends email rather than an automated phone call, and their emails never have links in them as a further precaution.

What to do

You can take a few preventative measures. First, enable two-factor authentication on your Apple account. It’ll keep your account more secure and give you peace of mind that you haven’t been hacked.

The second bit of advice is even more simple: Hang up the phone once you hear the caller is claiming to be from Apple Support. This is a lie, every time.

Read more about other online scams on TechCo

Tags:

Did you like this article?

Get more delivered to your inbox just like it!

Sorry about that. Try these articles instead!

Adam is a writer with an interest in a variety of mediums, from podcasts to comic books to video essays to novels to blogging — too many, basically. He's based out of Seattle, and remains a staunch defender of his state's slogan: "sayWA." In his spare time, he recommends articles about science fiction on Twitter, @AdamRRowe

  • Shares

Leave a Reply

  • (will not be published)