August 7, 2018
Summer is here, and as the weather heats up, so do the scams. We’ve seen a wide array of inventive new ways that online fraudsters attempt to part you with your cash, from offering free Chipotle meals to breaking the sad news of Mr Bean’s death (don’t worry, he’s still with us). We take a look at what’s been doing the rounds in the last month, and those scams you’ll want to give a wide berth.
Many of this month’s scams rely on the traditional phishing email method to dupe victims. While these sorts of email scams have been around for a while, its clear that they’re still working. It’s always worth exercising caution when you receive an unsolicited email, even if appears to be from a well-known company – especially if it comes with a rogue attachment or a link to follow.
Text messaging scams are also popular, as you’ll see with the most recent PayPal text message scam. Again, if you’ve received anything like this, don’t click on the links in the message, and block the number on your phone. It’s important that you don’t reply to any text messages.
Chipotle Facebook Scam
As someone once said, ‘There’s no such thing as a free lunch’. Although it’s a phrase that’s long lived in the pessimist’s lexicon, it still rings true today. Just recently, Chipotle found itself unwittingly at the centre of a dubious gift card offer.
Designed to celebrate National Avocado Day (hope you had a good one, by the way), the fake adverts appeared on Facebook. They offered customers a $100 gift card if they invited four of their friends to sign up too. Using the official Chipotle logo and branding, the offer looked like the real deal, but was just a malicious attempt to harvest users personals details once they went to claim their reward.
On reflection, the warning signs are all there – an offer too good to be true, limited availability encouraging you to sign up straight away, and a link to dubious URL. These scams are not uncommon, and a reminder to exercise caution when browsing Facebook or social media in general. If you find yourself falling for a scam like this, you can exercise damage control by changing any details you might have given away, such as passwords or bank details, straight away.
FedEx Email Scam
This email purporting to be from FedEx is such a classic scam that it should be instantly recognisable as such, yet still carries a whiff of plausibility which could easily trip you up. A somewhat innocent looking email, it suggests that there is a message waiting for you from Fed Ex, and encourages you to click on a link to read it.
The cunning aspect of this email is that it insinuates that there could be a package or some mail waiting for you, and who doesn’t like receiving a parcel in the post? This particular email purports to be linked to REI Co-op, an outdoors equipment retailer, presumably in the hope of tricking people into clicking the link in the belief they’ve missed the delivery of a free tent or a sturdy pair of walking boots.
Like the Chipotle advert, this is nothing more than a textbook data harvesting scam. Clicking to ‘read’ the message will take you to a form to enter personal details, including your email address and password (which far too many people re-use on multiple sites). So don’t click the message – delete it.
As ever, if you receive an email claiming to have information about a product you haven’t ordered, delete it, or better still report the spam to your email provider.
PayPal Text Message Scam
Imitating PayPal is a popular technique for scammers, as it’s a fairly ubiquitous service, and a quick way to get victims to give away payment details. We’ve seen a lot of PayPal scams, but this most recent one is particularly sly.
The victim receives a text suggesting that they’ve made a payment to a person, quoting the amount. It gives a link to follow on your phone if you wish to cancel the payment. Naturally, most people would want to stop this ‘payment’, as they didn’t make it in the first place. The link in the text actually points to a URL called “pay-pail.com”. But, in your panic, you could be forgiven for not spotting the mis-spelling that gives away the fact it’s a phishing site.
Follow the link and you’re greeted with a PayPal login page that looks totally legit. Log in using your details, and the scammers now have full access to your PayPal account (and any other sites that you share those login details with).
It doesn’t stop there though. Carry on and you’ll be asked for even more information, including a laundry list of pretty much every sensitive piece of personal information that a scammer would need to take you to the cleaners, including your address, date of birth and mother’s maiden name.
If this one lands in your inbox, don’t get sucked in. Delete it instantly, and report similar scams to PayPal at its firstname.lastname@example.org email address to stay one step ahead of the scammers.
Bank of America Phishing Email
Many of us rely on our online bank accounts on a daily basis. So, the thought of being locked out is an unnerving prospect. The people behind this next scam are well aware of this, and use it to their advantage, threatening to cut off access to Bank of America customers if they don’t respond in time.
It starts with a fairly convincing email that claims to come from Bank of America. Those who don’t hold accounts with the bank are likely to spot something is off straight away, but its easy to see how customers could be sucked in.
The email states that the bank requires some updated account information, and that if this isn’t provided within two days, the account will be frozen.
It’s highly unusual for any bank to threaten to take away its service in this way. Follow the link and you’ll land on an almost convincing Bank of America page.
Visually, it looks like the real deal, but the garbled URL is a give away. It’s always worth checking the web address of any sites that you’re not sure about. In this case, it’s a random collection of letters that doesn’t exactly scream ‘genuine’.
While the front page mimics the Bank of America’s own, you’ll find that none of the links go anywhere. But, try and log into the site, and the scammers will have your vital username and password for your Bank of America account.
As far as scams go, this is a classic case of phishing, where victims are fooled into entering their personal data on what they believe to be a genuine site.
This scam email purports to be from Bank of America, but scammers will imitate all sorts of popular banks when sending out phishing emails en masse. The safest practice is to never, ever click on an email claiming to be from your bank. Instead, always open a new browser tab and navigate to the official bank webpage manually, then log in securely. That way, you can be sure you’ve not inadvertently followed a fraudulent link.
Apple iTunes Fake Purchase Scam
The Apple iTunes email scam is something of a golden oldie, but it’s been popping up a lot recently, so it’s worth a reminder. It’s fairly similar to the PayPal scam, above, and relies on instilling panic in its victim about the loss of money.
Victims receive an email purporting to be from Apple iTunes (it’s not actually from iTunes or any real Apple account), claiming that they have just made a purchase on the Apple Store. In our case, it was a $50 payment for a game.
The email then provides a link to a page to cancel the payment. Sounds familiar? Follow that link, and yes, you guessed it, you’ll be asked to fill in lots of juicy personal details.
The fact that this scam keeps showing up implies that a lot of people must be falling for it. Staying vigilant is relatively easy to do, and if you receive an email like this and don’t recognise the purchase, check your purchases under your Apple account directly, rather than following the link.
Mr Bean a Has-Been
Don’t despair. Mr Bean is still with us. But, you may have spotted an article claiming to originate from Fox News, with a video stating that Mr Bean (or rather, Rowan Atkinson, the actor who plays him) has been killed in a car crash on set. It claims that the video shows Atkinson’s final moments. Macabre, maybe, but it’s nothing more than an inventive scam aiming to get hold of your payment details.
Click on the video, and you’ll be redirected to a site that claims that your computer is in lockdown, and with a number to call for a software fix. Call this number, and kiss any funds in your bank account goodbye, as the scammers will charge you for the software, and potentially help themselves to your finances.
Of course, there’s nothing wrong with your computer. This is simply a scam that relies heavily on fear. In this case, the fraudsters are preying on those who think that their computer might have a critical error.
As ever with any messaging like this, always be cynical. No reputable company would ask you to telephone them to fix an error on your computer, especially one that just popped up. In cases like this, close your browser, and run your antivirus software just to be on the safe side.
Did you like this article?
Get more delivered to your inbox just like it!