1. Amazon ‘Update Account’ Scam
Bad guys are targeting Amazon customers, urgently claiming you need to update your information or your account will be permanently disabled. They count on you getting worried and acting quickly without thinking it through.
The phishing emails purport to be notifications from Amazon informing you that you need to update your information within twenty-four hours or your account will be permanently disabled.
When you click the “Update Now” button in the email, you’ll be taken to a convincing imitation of an Amazon login page. After entering your credentials, the phishing page will present a form for you to input your name, address, phone number, and date of birth. Next, you’ll be asked to provide your credit card and bank account information–all information you’ve probably given to Amazon before.
Finally, the phishing site informs you that your account has been recovered and says you’ll be automatically logged out. You are then redirected to the real Amazon website.
The email itself has several red flags like typos and bad grammar, but the worry people have about losing their Amazon accounts makes them click anyway.
How can you avoid this?
- Even if an email is perfect (no typos or strange grammar), leave the links alone and navigate to your accounts independently.
- Recognize when emails immediately make you feel fear or dread, and use that as a trigger to stop and think before you click.
2. Watch Out for Fake Video Scams
The bad guys are using social media messaging platforms and emails to send dangerous phishing links that are disguised as a link to a video. The scammers provoke you into clicking by asking, “Is this you in the video???”
Don’t fall for this.
They are counting on an impulsive emotional reaction. It’s important to note that these attacks almost never actually involve a video; they’re only creating a reason for you to click the malicious link.
What makes them especially dangerous is when they come through social media platforms, appearing as if from a friend or someone you know.
Stay safe with these tips:
- Be wary of these types of messages and any unexpected links…even when they appear to be from someone you know. Cybercriminals often hack social media accounts so they can send these messages to everyone connected to the stolen account.
- Remember to never click on a link you’re not expecting. Even when it’s from someone you know, call or find some other way to verify first. In the case of social media accounts, look and see if your connection has posted anything about having gotten hacked.
3. Yahoo Settlement Scam
Yahoo is close to reaching a $117.5 million settlement in a class-action lawsuit over a series of data breaches that affected users between 2012 and 2016 — and you could be eligible for a $100 check and/or free credit monitoring if you had an account during that period.
From 2012 through 2016, several hacks penetrated Yahoo systems and stole billions of records. While this settlement is not nearly as big as the $700 million settlement that credit agency Equifax agreed to for its 2017 data breach involving 147 million records, it’s still enough of a phish bait to deceive people into disclosing their personal information.
Yahoo is offering two years of free credit-monitoring services to anyone who had a compromised account, along with various refunds and up to $25,000 in out-of-pocket losses, if applicable. If you can verify that you already have credit-monitoring, then you can ask for a cash payment of $100.
Similar to scams surrounding the Equifax settlement, bad guys are using the “urgency” trick. Yahoo’s settlement is a set amount, meaning there’s only so much cash to go around, so if you’re going to make a claim, you’d better do it fast.
They are sending phishing attacks that look like they come from Yahoo. When you click on the links, you wind up on a fake website that looks like it’s Yahoo, but will try to steal your personal information. Don’t fall for it.
So how can you protect yourself?
- First, don’t be dazzled by the offer of “free money.” If you never had a Yahoo account, then simply delete and move on.
- If you were affected by the breach, find the proper settlement links online, independent of unsolicited emails like this.
- Always think before you click. Especially when receiving unexpected alerts or offers. Cybercriminals play on your emotions of excitement and fear to push you to act without thinking.
