Scammers continued to rely on some tried and true tricks in recent days, squeezing the last ounce of cash from a variety of Mother’s Day, survey and travel scams.
But this week’s ConsumerAffairs-Trend Micro Threat Alert shows that in the last week, a new scheme popped up, seeking to victimize people planning their vacations.
HR Phishing Email
Trend Micro's research team detected scammers impersonating the human resources (HR) department to ask victims to check the vacation approval list via a link redirecting to a fake log-in page that will collect the victim’s account information. They identified 100 logs on May 12.
Jon Clay, Trend Micro’s vice president of Threat Intelligence, says this is a dangerous scam because it might seem, on the surface at least, believable.
“We’ve identified a troubling surge in HR phishing email scams, with attackers masquerading as the HR department to ensnare employees with a routine vacation approval request,” Clay told ConsumerAffairs. “This seemingly innocuous link leads to a fake login page designed to capture account information.
In response to this growing threat, Clay says consumers and businesses must bolster their email security measures and enhance awareness. Key practices should include routinely scrutinizing sender details, avoiding links in unsolicited emails, and instituting two-factor verification where the employee contacts HR via a separate medium to confirm the request.
Mother’s Day Scam
From April 17 to May 15, Trend Micro's research team detected 725,909 Mother’s Day-related shopping scams globally and 243,821 Mother’s Day-related shopping scams in the US, which increased by 34.3% compared to the previous week. The top five states being targeted were Oregon, Virginia, California, Washington, and Ohio. The majority of victims are from Oregon: 44.21%
Mother’s Day may be over but for many victims of various Mother’s Day scams, the pain will likely linger for a while. Most of these scams use shopping discounts to attract users to purchase on fake shopping websites.
You can probably expect many of these same scams will be repackaged next month and target Father’s Day.
From April 1 to May 15, Trend Micro's research team found 1,027 travel-related scam URLs, which increased by 28.6% compared to the previous two weeks. Examples of notable brands are Airbnb and Booking.com. The top five states being targeted are Oregon, Virginia, Washington, Pennsylvania, and Illinois.
People booking a short-term rental need to be extra careful. Scammers can download photographs from other online sources to create a convincing and appealing listing.
The giveaway, however, is when the “host” demands payment in some unusual way. When booking a short-term rental, always do business on the company’s platform. Also, be wary of rates that are much lower than the competition.
Costco Survey Scam
Trend Micro's research team detected scammers inviting customers to participate in a short survey to receive a free smartwatch. The receivers are prompted to fill in their personally identifying information (PII) and credit card info to claim the “prize.” The top five states being targeted are Maryland, California, Florida, Texas, and New York.
Consumers should generally be wary of survey requests that arrive by email. It might be normal to get a survey request immediately after having an interaction with the company. But a survey that arrives out of the blue, and especially one offering something of value for participating, should be avoided.
Trend Micro's research team detected scammers using security issues to inform users their account has been suspended and redirecting them to verify their account on a fake log-in website with victims’ personal information. The top five states being targeted are North Carolina, Illinois, California, New Jersey, and Tennessee.
This is typical of most phishing scams. Operators pose as Amazon because nearly everyone these days has an Amazon account. Scammers have also posed as Netflix to pull off this scheme.
Victims who click on the link will be instructed to enter their login credentials, which will allow the scammers to take over the account. If you think your account might have been suspended, go directly to Amazon.com and try to log in.