Spot the Scam: 5 SMS & 2 Email Scams of the Week (AT&T, Chase Bank, Scotiabank, Amazon, and More!)

This article is from Trend Micro.

This week’s top scams include 5 SMS phishing and 2 email scams. Can you spot these scams?

SMS Phishing

SMS phishing is one of scammers’ favorite tactics that they use to try to exploit you. They impersonate famous brands, companies, and organizations and send out text messages containing phishing links. They try to entice you into opening the malicious links by using various excuses such as telling you there’s an issue with your delivery, or your online account has some security issues, or even that you’ve won an award! Although these are just to name a few – the scammers can be quite creative!

So, where do the phishing links lead to?

Fake online survey pages

• In some cases, they lead to online survey pages that say you can claim a gift by completing an online questionnaire.
  After you fill out the survey, you are prompted to enter lots of personal information like credit card numbers before your gift can be delivered. Scammers can record any sensitive information you enter on their survey pages and use the data to commit further cybercrimes. For example, they could take control of your bank account, transfer all your money out, and even use your information to commit identity theft!

Fake login pages

• In other instances, the links lead to fake login pages impersonating brands.

These pages require you to submit login credentials to view your delivery status, change your settings, or whatever other reason the scammers have given you. Again, the sensitive information you enter will end up in the scammers’ hands, and they can use it to hack into your account. Don’t let them!

Here are the top SMS phishing scams we observed this week, including AT&T, Chase Bank, Scotiabank, Royal Bank, Maryland Unemployment Insurance, and Amazon.

1. AT&T

Scammers have been posing as AT&T and saying that they are giving away cash, luring you into claiming your reward via the phishing link. Or, they say you’ve been overcharged and that you can claim reimbursement by clicking on the link:

• ATT is giving you 200 dollars as a thank you for your business but you must claim it by today <URL>
• ATT UPDATE ID# 00492 Your refund process was unsuccessful. we overcharged you for $187.84, the last 9 months. Please Claim full refund: <URL>
  The phishing link leads to a fake online survey page:

As mentioned before, when you finish the survey, you will be required to enter personal information (which actually goes straight to the scammers!).

2. False Alerts from Banks

Impersonating banks, scammers have been sending false security alerts out telling people their accounts have had unknown login attempts, suspicious activity, or even that they’ve been locked. Then they ask people to click on the phishing links in the messages to re-activate their bank accounts. However, the links in fact lead to a fake bank login page.

Scotiabank

• (scotia assistance) client#453600*****due to unusual activity we have locked your card please take action on your account here: <URL>

Chase Bank

• Chase Bank: Unfortunately we had to deactive online access to your account. click on this secure link to re-activate:

Royal Bank

• (rbc alert) dear client , we noticed a number of failed login attempts on your r b c account therefore it is temporarily suspended to re-activate it please confirm your identity here : <URL> 888 3rd street south west 10th floor ca – cal
• (rbc-alerts) client#4519*****due to unusual activity we have locked your card please take action on your account here: <URL>

3. DHL

Received any delivery messages that prompt you to click on links? Be careful! Scammers love to pose as delivery companies and send you messages, saying that there are problems with the delivery of your package:

• dhl : we have issues with your shipping address, visit <URL> as soon as possible to process the redelivery.

4. Maryland Unemployment Insurance

Many people have become more reliant on unemployment insurance ever since COVID-19 struck. We’ve reported on unemployment insurance phishing text messages several times recently, but this week’s ones that appeared to come from the Maryland Department of Labor went viral:

• your maryland unemployment insurance claim account is currently on hold for verification, please complete your verification by following the instructions in the link below: https: bvnxcmbsdkk.gb[.]net/cokke to reactivate your account

Scammers were falsely claiming that there were issues with people’s unemployment insurance accounts and that they needed to complete verification via the phishing link attached in the SMS. The included link leads to a fake Maryland Department of Labor login page:

5. Amazon

Fake Amazon SMS messages have been the top tactic scammers have used to exploit people for a long time. However, we’ve detected some new excuses scammers have made up to try to get you to click on the phishing links in their messages, including false account alerts, Amazon Loyalty Program fake rewards, and fake free vouchers and coupons:

• Your Amazon account is trying to log in from an unknown location, please update at <URL>
• Welcome to Amazon’s April Loyalty Program Joni! Check what you can get for Free based on your April’s purchases: <URL>
• Claim your $3,800.00 from the Amazon AWS Relief Program.  Apply here:  <URL>
• Add Your Rent, Netflix & Amazon Prime to your Credit Report to increase your Score!  Start below, It’s Free  <URL>
• (ANZ)It is detected that you have a high-risk Amazon purchase, please cancel immediately. <URL>
• Todays Amazon Coupon Codes – > <URL>
• Little Tikes First Slide Toddler Slide Possible Price Mistake On Amazon <URL>

Email Scams

Besides SMS phishing, scammers also use emails to try to trick you. Email scams unfold in several ways:

1. Blackmail/Sextortion email scams

Scammers falsely claim that your device is infected with malware and they’ve been able to spy on you, and they urge you to pay a certain amount of money or else they will publish the (non-existent) revealing photos or videos of you.

They may threaten you in different ways, too. For example, they may throw out terms like malware, spyware, Trojan virus, or they may say that your device is hacked, or that your webcam has been compromised. Here is an example:

2. Fake Charities

Scammers try to take advantage of your kindness for their own good by sending fake charity emails, inviting you to support those in need by donating money or bitcoins. For example, we saw this email that urges people to support residents who suffered from the Haiti earthquake:

In this case, scammers ask you to send bitcoins to a specific bitcoin wallet. It’s a SCAM! No money will ever reach anyone in Haiti! It’ll all end up in the scammers’ pockets.

How to Protect Yourself

• Double-check the sender’s mobile number/email address.
• Reach out to the official website or customer support directly for help if you think there are issues with your account.
• Emails with cryptocurrency mentioned are a major red flag. Just ignore and delete them.
• NEVER click links or attachments from unknown sources. Use Trend Micro Check to detect scams with ease!

Send a link or a screenshot of suspicious text messages to Trend Micro Check on WhatsApp for immediate scam detection:

Trend Micro Check on WhatsApp

Trend Micro Check is also available as a Chrome extension.
It will block dangerous sites for you automatically:

Trend Micro Check on Chrome

Download Trend Micro Maximum Security for even more protection, including Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection. Gain access to the Privacy Scanner for Facebook and Twitter, Social Networking Protection, and Parental Controls, too. Click the button below to give it a try:

Did you successfully spot the scams? Remember, always CHECK before giving out personal information.

If you found this article helpful, please SHARE to protect your friends and family!