There has been an uptick in email scams lately, so we thought we would point out some of the latest phishing scams in this month’s blog. Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. The information is then used to access important accounts and can result in identity theft and financial loss. Click here to read our most recent blog post about phishing and other scams.
Here are some of the latest types of phishing scams to look out for:
Not surprisingly, hackers are looking to capitalize on the pandemic by trying to convince people to reveal sensitive information or click on a malicious link or attachments. Watch for subject lines promoting vaccine registration information and requirements, or even sensational headlines promising cures or sure-fire alternative ways to avoid infection. Do not click on any links or fill out any official-looking forms. Instead, go directly to your healthcare provider or the Centers for Disease Control and Prevention (CDC) website for the most current and accurate information.
In March 2021, there were well over 1 million fraudulent COVID-themed emails over the course of three days, each related to various vaccines, including Pfizer, Moderna, and Johnson & Johnson. Subject lines in the campaign included “Important Pfizer Vaccine Message for you”, “Pfizer Vaccine Survey Response Needed,” and “Pfizer COVID-19 Survey Response Confirmation”.
Also, scammers are playing on our fears of COVID-19. Scammers are sending potential victims a text message informing them that someone they know tested positive for the coronavirus. However, it is just a trap. This is a phishing scam based on the fears of COVID-19. Here is how it works. The message the user gets reports that someone they know has tested positive for COVID-19. The message instructs them to self-isolate immediately, and then to click the link for further information and action. The link takes you to a form where you hand over your personal information.
Microsoft has been one of the most impersonated brands.
With its Microsoft 365 suite leading the competition in corporate email and productivity software, Microsoft is an alluring target for phishers who want access to the corporate data spoils hosted in Microsoft 365.
Sophisticated Microsoft phishing attacks feature its public logo and background images on Microsoft 365 login pages. When a victim clicks on an email phishing link, they are taken to a waiting page, the purpose of which is to determine if the user is the intended target.
If the user is not the intended target, the phishing page is not shown. If the victim is the intended target, the hacker then makes the webpage you’ve clicked look like it is from your company’s website or internal web pages, including the logo and background image of the real website.
Did you get an email from your boss asking you for a favor? Does your boss need you to send gift cards to pay for an upcoming office party? Before you go out and pay up, ask yourself: is that really your boss? It could be a scammer trying to get your money.
According to the Federal Trade Commission (FTC), the most reported gift and reloaded card brands consumers mentioned in fraud reports were eBay, Google Play, Target, iTunes and Amazon.
The best way to protect yourself against the “Boss” gift card scam is below:
- Take a pause. Scammers create a sense of urgency to prey on victims’ emotions.
- Take a second pause. A legitimate employer will not ask you to handle company business through gift card purchases.
- Verify any supposed emergency by reaching out directly to an employer at the number you know. Do not reply to the text or email sent, even if it appears to come from a known email or phone number. Call your boss directly or, if at work, walk over to their office.
This also ties into the COVID-19 scam, where people working from home will get a text or email supposedly from their boss. Since you’re at home and they are at home, you can’t just walk over to their office. Call them directly if you can, or, if possible, do a video call if your company has that ability.
Your Subscription to Amazon, Netflix, etc. is due!
There is an uptick in subscription renewal scams as a way of stealing your identity. Criminals send emails about auto-renewals for subscriptions in hopes you will click on a malicious link.
Identity criminals are after your personal information, so they can use it to commit different forms of identity theft and identity fraud.
Criminals pose as a recognized company and send texts and emails to people informing them that their annual subscription has been renewed. The phishing emails go on to ask people to click on a link to review the summary details of their renewal. However, the link is malicious and either installs malware on your computer, steals your personal information, or takes you to a fake website.
Here is an example of a Subscription Scam:
We Thank you on the completion of your 5. years. Windows Defender protection plan with TECH WEB
We have charged you $555.00 for the 5. years of subscription from your account.
We tried to contact you on your register number for queries but could not get through.
Deduction of amount will appear on your account within 24 hours f you have any question or wish to cancel the renewal please connect us on with in 1 days other wise it will be automatically renew the service and the amount will be deducted automatically after that we can’t do anything and the amount will be not refundable. So please contact within given hour.
Helpline number : +1 (91O)-42O-99O1
To avoid a subscription renewal scam, ignore any messages about auto-renewals claiming to be from a company where you don’t have a subscription. If it appears to be from a company where you do have a subscription, check the sender’s email address to ensure it’s from the correct company. It is also recommended that you go to that company website and log in and check the status of your account. Do Not click the link in the email but rather open a new tab in your browser and enter the URL of the company in question. i.e. Amazon.com and then proceed to your account information. If there is a problem with your account, then you can address it directly with the company and not through you email. And as stated above, if it’s with a company you don’t do business with then ignore and delete the email.
Stimulus Checks and or IRS Stimulus Checks
You may get an email or text claiming “Your Stimulus Check is Held Up” or “Fourth Stimulus Check is Waiting For You” or even “Verify Your Info To Get Your Stimulus Check!”
Identity criminals send messages claiming you can receive an Economic Impact Payment. They say the IRS is sending payments each week to qualified individuals as they continue to process tax returns.
However, messages like these are IRS scams seeking your personal and financial information to commit identity theft and fraud.
The IRS will never email, text, call or send a message on social media to anyone. If you receive a message claiming to be from the IRS, ignore it and, if possible, report it to the IRS at firstname.lastname@example.org and note that it seems to be a phishing scam seeking your personal information.
Student Loan Forgiveness Scam
President Biden signed an executive order extending a pause on student loan payments to January 31, 2022. However, there is a rise in student loan forgiveness scams where people pose as loan providers that can help pay off student loans.
Identity thieves ask for information like Social Security numbers, federal student aid I.D.s, bank account information and credit card information to commit different forms of identity theft and fraud.
Some loan forgiveness solicitations are not attempting to steal your information. They are, however, designed to steer you into high-cost loan repayment programs with high interest rates or fees.
To avoid student loan forgiveness scams, be skeptical of anyone who calls, text, or emails you to help you pay off your student loans. Google the name of the loan provider the caller claims to be working for and see if there are any complaints. Also, if you have any doubts, contact your loan provider directly about the inquiry.
Look for the name of the program that is being offered to you. CNBC says, in some scams, criminals have claimed they are part of “Biden loan forgiveness” or “CARES Act loan forgiveness,” two programs that do not exist.
Of course, if you do not have a student loan because it is paid off or you never had one to begin with just ignore the scam.
Report the student loan forgiveness scams to the FTC at www.IdentityTheft.gov.
Good luck, stay vigilant, and stay safe out there!