McDonald’s, USPS, MetaMask, and WeTransfer – Top Phishing Scams of the Week

Author: Trend Micro

March 28, 2023

We’ve found a large number of phishing scams this week, including ones relating to McDonald’s, USPS, MetaMask, and WeTransfer. Would you have been able to spot all the scams?    

Phishing Texts/Emails 

Impersonating trusted brands, scammers contact you using excuses like bogus security alerts or fake notifications via text message or email — always with the goal of getting you to click on phishing links.  
  
They try to prompt you into completing various tasks after clicking on the links. These links are phishing links designed to collect any information you enter. Scammers can use your information for their own good, for example, to steal your identity or make payments using your credit card information. 

In most cases, they promise you free gifts if you’re willing to take an online survey: 

McDonald’s Survey Scam

We’ve seen lots of fake text messages disguised as McDonald’s surveys. Scammers falsely claim that you can get free McDonald’s meals for a month (quite tempting) via the attached link: 

  • Hey Bryant, Mc-Customer! You’ve been selected to receive free meals for a month as a special thank you for being a valued customer. <URL> 
     
    The link will lead you to a fake McDonald’s survey page:  

McDonald’s Survey Scam (1)


After you complete the questionnaire, you will be asked to provide further personal details for the delivery of a gift (e.g. PS5 or iPad Pro). These credentials will end up in scammers’ hands. Don’t fall for it! 

McDonald’s Survey Scam (2)


Stop Phishing Scams With Trend Micro Check  

The best way to prevent phishing scams is to NEVER click on links or attachments from unknown sources. You can try Trend Micro Check, a browser extension and mobile app for detecting scams, phishing attacks, malware, and dangerous links, and surf the web with confidence! (Plus, it’s FREE!).   

After you’ve pinned the Trend Micro Check extension, it will block dangerous sites automatically! (Available on Safari, Google Chrome, and Microsoft Edge.)   

You can also download the Trend Micro Check mobile app for 24/7 automatic scam and spam detection and filtering. (Available for Android and iOS).   

Check out this page for more information on Trend Micro Check.    

 

USPS Shipping Scam 

We’ve reported on fake shipping notifications from delivery companies such as DHL and FedEx many times. This week, there has been an exploding number of fake USPS texts circulating. Scammers try to trick you into thinking that you need to use the attached link to “resolve some issues” with your package delivery:  

  • [POST] Please resolve the issue with your recent order to prevent return to sender address: <URL> 
     
    The link will take you to a fake USPS tracking page (there is even a fake tracking number): 

USPS Shipping Scam (1)


If you proceed, you could eventually expose your credit card information. Stay alert! 

USPS Shipping Scam (2)


Besides text messages, scammers also reach out to would-be victims via email (of course, while misusing the name of trusted brands): 

MetaMask Phishing Email 

Fake MetaMask emails are also a regular reoccurrence. Posing as MetaMask, scammers send you fake security alert emails and prompt you to verify your crypto wallet via the embedded button: 

MetaMask Phishing Email


Again, the button will take you to a phishing page (in this case, it will be a fake MetaMask login page). If you ever reveal your login credentials and seed phrase, scammers can gain access to your MetaMask wallet and steal all your crypto. Don’t let them! 

WeTransfer​ Phishing Email

We’ve also found computer file transfer service company WeTransfer exploited in phishing attempts. Scammers send fake notifications via email and to try to get you to click on the button for more details: 

WeTransfer​ Phishing Email


The button will take you to a fake login page, and in the end, you could end up having your login credentials stolen. Be careful! 

Fake WeTransfer​ Login Page


Tips to Stay Safe from Scams  

  • Free gifts are always a major red flag! 
  • Double-check the sender’s mobile number/email address.  
  • Only use official websites/applications.    
  • Change your password as soon as possible if you’ve already clicked on a suspicious link. Consider using our free online Password Generator to create strong, tough-to-hack passwords.    
  • Finally, add an extra layer of protection to your devices with Trend Micro Maximum Security. Its Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection will help you combat scams and cyberattacks. Click the button below to give it a try.  

If you’ve found this article an interesting and/or helpful read, please SHARE it with friends and
family to help keep the online community secure and protected. Also, please consider leaving a
comment or LIKE below.

This article was published in collaboration with Trend Micro.

Image source: unsplash.com

Report a Scam!

Have you fallen for a hoax, bought a fake product? Report the site and warn others!

Help & Info

Popular Stories

As the influence of the internet rises, so does the prevalence of online scams. There are fraudsters making all kinds of claims to trap victims online - from fake investment opportunities to online stores - and the internet allows them to operate from any part of the world with anonymity. The ability to spot online scams is an important skill to have as the virtual world is increasingly becoming a part of every facet of our lives. The below tips will help you identify the signs which can indicate that a website could be a scam. Common Sense: Too Good To Be True When looking for goods online, a great deal can be very enticing. A Gucci bag or a new iPhone for half the price? Who wouldn’t want to grab such a deal? Scammers know this too and try to take advantage of the fact. If an online deal looks too good to be true, think twice and double-check things. The easiest way to do this is to simply check out the same product at competing websites (that you trust). If the difference in prices is huge, it might be better to double-check the rest of the website. Check Out the Social Media Links Social media is a core part of ecommerce businesses these days and consumers often expect online shops to have a social media presence. Scammers know this and often insert logos of social media sites on their websites. Scratching beneath the surface often reveals this fu

So the worst has come to pass - you realise you parted with your money too fast, and the site you used was a scam - what now? Well first of all, don’t despair!! If you think you have been scammed, the first port of call when having an issue is to simply ask for a refund. This is the first and easiest step to determine whether you are dealing with a genuine company or scammers. Sadly, getting your money back from a scammer is not as simple as just asking.  If you are indeed dealing with scammers, the procedure (and chance) of getting your money back varies depending on the payment method you used. PayPal Debit card/Credit card Bank transfer Wire transfer Google Pay Bitcoin PayPal If you used PayPal, you have a strong chance of getting your money back if you were scammed. On their website, you can file a dispute within 180 calendar days of your purchase. Conditions to file a dispute: The simplest situation is that you ordered from an online store and it has not arrived. In this case this is what PayPal states: "If your order never shows up and the seller can't provide proof of shipment or delivery, you'll get a full refund. It's that simple." The scammer has sent you a completely different item. For example, you ordered a PlayStation 4, but instead received only a Playstation controller.  The condition of the item was misrepresented on the product page. This could be the