This week we’ve found phishing attempts in which scammers are impersonating Apple iCloud, MetaMask, and the FBI. Would you have been able to spot these scams?
Imposter scams have made up a huge number of the scams reported to the FTC over the past few years. Posing as trusted brands, scammers send text messages and emails containing phishing links and, using various tactics, prompt you to click on them.
The links take you to phishing pages that can record all your PII. For example, your Social Security number, login credentials, and credit card details. The scammers can thus use your PII to steal even more from you, including your money and even your identity.
They devise fake scenarios in which you need to take action in a hurry, such as verifying your account or updating your payment details. No matter which tactics are used, their goal is to take you to fake login pages where you’ll be lured to enter lots of your PII.
Would you panic if you received a text saying you’ll lose all the photos stored in your iCloud unless you upgrade immediately using the attached link? Calm down and take a close look. The text could be a SCAM! Last week we detected such fake iCloud notifications over 7,871 times:
On Apple’s community page, users are posting that they’ve received similar texts, likely wondering if they’re legitimate or not:
Source: Apple
Don’t click on any links! The text messages are NOT genuine. You will be taken to a fake iCloud login page.
If you submit your Apple ID login information, scammers can record these credentials and thus take control of your account. Next, they can make purchases using your stored credit card details and even access your private data, such as your location data and stored usernames and passwords. Don’t let them!
The truth is, there are many scams and scam websites on the internet and they’re getting even more difficult to detect with common sense alone. However, check out Trend Micro ID Protection for an easy and reliable method of detecting and avoiding scam sites.
ID Protection can shield you from scams, fake and malware-infected websites, dangerous emails, phishing links, and lots more! If you come across something dangerous online, you’ll be alerted in real-time so you’ll know to stay well clear.
If you were to see an email saying your crypto wallet is going to be suspended, what would you do? We’ve reported on fake MetaMask emails several times before, and this week there’s a new version to watch out for:
Falsely claiming that you need to complete the latest Know Your Customer (KYC) process to keep your MetaMask wallet, scammers instruct you to click on the embedded button to apply. Don’t do so! That button will take you to a fake MetaMask login page:
The fake page asks you to enter your recovery phrase. With it, the scammers can gain full control of your crypto wallet and steal all your funds. Be careful!
Safety Tip: Always check the web address, and if possible, go to the official website directly instead of using an attached link. The REAL MetaMask web address is metamask.io.
Sometimes scammers don’t even bother making a bogus website. They just ask you to reply to their emails. Pretending to be from the FBI, they attempt to convince you that you’re involved in a case that’s under investigation, threatening you into thinking that you could be arrested if you don’t reply to the email:
Please ignore such emails. If you do reply, they will contact you and try to trick you into providing more sensitive information or ask you to wire money to “settle” the case. Be careful!
If you’ve found this article an interesting and/or helpful read, please do SHARE it with friends and family to help keep the online community secure and protected. Also, please consider leaving a comment or LIKE below. Happy New Year!
This article was published in collaboration with Trend Micro
