This week has seen an alarming rise in phishing scams, with cybercriminals taking on the identity of trusted brands to execute various fraudulent activities. Major brands impersonated in these scams include Microsoft, USPS, AU Post, and OOFOS. Each scam features a specially designed strategy that is seemingly plausible, therefore drawing innocent internet users into the trap.
Table of Contents
Microsoft Impersonation Scam with Offer of a Surface Laptop and Cash
The tech giant Microsoft has become a victim of impersonation, where scammers devise ingenious methods for their illegal operations. In this week's instance, the criminals will seduce unsuspecting internet users by promising a Microsoft 2023 Surface laptop and a heart-whooping US$975,000. They then instruct these individuals to provide personally identifiable information (PII) such as phone numbers and addresses. Unfortunately, if one falls prey to this bait, the scammers will likely press for more PII, which they use for malicious purposes such as identity theft.
USPS Impersonation Scam with Fake Delivery Notifications
The USPS Impersonation Scam involving fake delivery notifications is a prevalent online fraud that preys on individuals' trust in the United States Postal Service (USPS). Scammers exploit people's reliance on USPS services and their eagerness to track their packages by sending fake delivery notifications via email or text messages. These messages typically contain enticing subject lines like "Your package is on the way" or "Delivery update for your parcel."
The scam works by tricking recipients into clicking on links or downloading attachments in the messages under the pretense of viewing their package's status or confirming delivery details. However, these links lead to malicious websites or files that can infect devices with malware, steal personal information, or initiate fraudulent transactions.
AU Post Impersonation with False Package Information
A similar scheme to the above. The AU Post Impersonation Scam involving false package information is a fraudulent scheme that capitalizes on people's trust in Australia Post (AU Post) and their anticipation of receiving packages. Scammers send deceptive emails or text messages posing as AU Post, claiming a package is awaiting delivery or requesting action related to a package. These messages often have subject lines like "Your package is on its way" or "Important package update."
In these fraudulent communications, recipients are typically prompted to click on links or download attachments to access their package information, track updates, or confirm details. However, these links may lead to malicious websites or files that can compromise personal information, install malware on devices, or initiate financial fraud.
OOFOS Brand Impersonation with Fake Back-to-School Promo Campaign
Another scam this week involves OOFOS–the recovery footwear brand. The scammers have been found in the act of impersonation, claiming to hold a back-to-school campaign. Innocent cybercitizens are guided to a link that leads them to a counterfeit OOFOS website. Little do these individuals know that the site is a scam. Spending on such websites is highly discouraged due to the uncertainty associated with disputes and refunding. There's also the risk of privacy infringement, where any submitted PII could be leaked. Therefore, be cautious!
The Scammers’ Modus Operandi
Despite having different victims, brands, and cover stories, one unique trait that binds all the fraudulent activities together is their tactics. The scams have a typical pattern or modus operandi that guides their operations, from the initial stage of luring the prey to executing illegal activities.
Promises or Games to Entice Victims
This strategy involves making false promises or inventing games to entice potential victims. They often use the bait of heavy rewards for tasks that seem simple enough. For instance, offering a large sum of money and a Microsoft Laptop to provide personal information. This tactic makes potential victims lower their guard, resulting in divulging sensitive details to the scammers. It's crucial to remember if an offer sounds too good to be true, it probably is.
Requests for Highly Personal Information (PII)
Requests for personally identifiable information (PII) often follow the baiting phase. Typically, scammers will request information that seems harmless or necessary for the reward or offer they claim to provide. This could include your address, phone number, or email address. Once they have enough information, they may ask for more sensitive data like credit card numbers or social security details. With this, they can commit various cybercrimes, including identity theft and hacking into personal accounts.
Use of Phishing Links and Pages to Steal PII
Another prevalent tactic is using phishing links and pages. Scammers pose as trusted brands and send links, leading to counterfeit websites or pages disguised to look legitimate. These pages are designed to trick victims into entering their PII, which the scammers can then steal. This method is particularly popular with delivery scams. Furthermore, scammers like to use text messages containing dubious links that, when clicked, lead straight to their phishing pages. Cyber safety begins with prudent action. Double-check links before clicking, and never share personal information on suspicious pages.
Preventive Measures Against Scams
In light of the persistent threat of scams, adopting key preventive measures that protect you from such online deception is essential. It is always better to be safe than sorry in the massive expanse of the internet. Here are some vital steps for maintaining digital security.
Use of Official Websites and Apps
Scammers exploit duplicate and similarly named websites to deceive unsuspecting internet users. Therefore, it is vital to double-check and ensure you are using official websites and apps when sharing any personal information. Clicking on dubious links or navigating through unauthorized sources raises the risk of getting caught in phishing traps. So, stick to verified platforms defined by secure URLs and authentic interfaces.
Scrutinizing Sender’s Email Addresses and Mobile Numbers
Another beneficial step is thoroughly scrutinizing the sender's email addresses and mobile numbers before taking action. Emails and messages are universal mediums that scammers exploit. If the email address or mobile number seems suspicious or unfamiliar, avoiding interacting with such messages is advisable. Even if they appear legitimate, exercise caution and think twice before proceeding.
Actions to Take After Falling for a Scam
Despite taking precautions, sometimes internet users may fall prey to scams. In such situations, it is crucial to act swiftly and methodically to mitigate potential damage. Some urgent steps can be taken to prevent further harm and secure your digital presence.
Changing Passwords and Informing Relevant Organizations
If you have accidentally shared your Personally Identifiable Information (PII) on a suspicious platform, begin by changing your passwords immediately. This includes the passwords to your email, bank accounts, and any other online services where you provided the PII. Furthermore, promptly inform your bank and other relevant organizations that scammers may contact them by pretending to be you. Proactive communication allows these organizations to heighten their vigilance and work with you toward averting potential fraud.
Checking for Leaked PII and Securing Social Media Accounts
Next, checking if any of your PII has been leaked elsewhere due to your interaction with the scam site is essential. This may include other social media accounts, shopping sites, or anywhere else you have online accounts. If you detect any unauthorized activity or data exposure, take immediate measures to secure these accounts. You could use tools like Trend Micro ID Protection, which helps safeguard against potential data leaks.
Adding Extra Protection to Devices with Specialized Anti-Malware Tools
An additional safety measure includes reinforcing your devices with enhanced security systems. Specialized anti-malware tools provide additional protection to your devices, offering features such as Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection. These tools interactively alert you about scams and potential cyberattacks, helping you maintain high standards of cyber hygiene.