Spot the Scam: Amazon Prime Day, Costco Raffle, Free Adidas Shoes, and Netflix Phishing Scams

Author: Trend Micro

June 22, 2021

Is the Amazon Prime Day giveaway real? Costco sends me a text message that says I have won in their raffle campaign? This week’s article will introduce 4 viral phishing scams in details, including Amazon Prime Day, Costco raffle, Adidas anniversary giveaway, and Netflix online survey scams. Check how these hot scams work and learn tips to avoid them:

Amazon Prime Day: Phishing scams are already there!

Amazon announced that the Amazon Prime Day 2021 will be live on June 21 and 22. Are you ready to buy all the goods in your shopping cart? We know you are excited about this yearly big event, but please be careful as well – carefully planned scams are also around the corner!

Amazon Prime Day scams come in many ways, and one of them is to use fake text messages with phishing links. Scammers use various excuses to lure you into clicking on the link, but the tactics remain the same: once you click it, you will be taken to a web page and asked to enter sensitive personal information such as banking details. Scammers will then record the data you provide and use it to steal your money as well as your identity.

Here are some examples we have observed this week. You might think they look familiar because we have written about them several times:

  • Fake 30th Anniversary Giveaway
    Scammers impersonate Amazon and send you phishing links, falsely claiming that they are celebrating their 30th anniversary and giving away gifts. Do not click on the link!
    -hxxp://xtotw6[.]cxcjghh[.]cn/ (URL) hxxp://cpcb0y[.]17clean[.]net/ (URL) Amazon 30th anniversary celebration Free gifts for everyone

Fake 30th Anniversary Giveaway. Source: Rappler

  • Fake Amazon Rewards
    –Rick, you still have $150  Amazon Bonus credit: w1fbv{.]info/(URL) See what you can buy before it expires on 03/23
    –FINAL NOTICE: Wil, please confirm the details for shipment ID: AmazonRewards J62H8 here: Description: $110 bounty

  • Fake Payment Notification
    –Dispatched: Dear Customer, Credit Card – Amazon Pay ICICI Bank Credit Card for ICICI Bank Acct XX3009 is sent by Blue Dart Courier, AWB 38534781552 on 09-JUN-21. Track status at

  • Fake Package Delivery
    –Delivered: Your Amazon package with Mayfair Games CN3025 Catan: Junior and 1 other item was delivered. More info at
    Fake Amazon Raffle
    –Amazon: Congratulations Clifford, you came in 1st in this week’s Amazon pods raffle! Click the link to  :

No matter which trick you fall into, once you click on the link in the text message, it will lead you to a fake online survey page and ask you to finish it for expensive rewards.

 

After that you will have to enter personal information and banking details to “pay” for your gift. This is when you hand in sensitive credentials to scammers!

Costco Raffle Scam

Congratulations, you won an iPhone! Wait a second and do not click on anything… It’s a scam!

Costco raffle scam text messages found on Twitter and Reddit.

Content
Costco: Dal, your code 24625 printed on your receipt from 24 came in 2nd in our iPhone raffle: d3qmv[.]info/(URL)

Scammers pretend to be Costco and send text messages with phishing links that say your Costco receipt code has won you an expensive gift, such as iPhone, iPad, or AirPods. If you take the bait and click on the link, it will lead you to a fake Costco page and ask for your personal information.

Like all other fake raffle scams, no gifts will ever be delivered. What’s worse, the sensitive credentials you have submitted will be used for other scams such as identity theft!

Adidas Anniversary Giveaway Scam

Earlier in March this year, we have reported about Women’s Day scams on WhatsApp. Scammers pose as Adidas and send messages with phishing links, falsely claiming that you can win a reward by participating in an online survey or lucky draw campaign.

Now the Adidas giveaway scams have gone viral again. Here’s how the phishing scam unfolds:

Once you click on the red button, it will take you to a page to play lucky draw.

Congratulations! If you click on the OK button, you will be asked to share this page with your contacts. Once you finish, the page asks you to “complete registration” for your reward.

By clicking on the green button, you will go to a page that looks like a video. You’ll be asked to press “Allow.”

If you do so and click on the play button, you will be directed to a phishing page and need to enter your personal information, including name, birthdate, home address, and even credit card number. The sensitive information you provide will end up in scammers’ hands, and they can use it for other scams such as identity theft!

Netflix Phishing Text Messages

People still stay at home (and enjoy watching Netflix) most of the time because of the pandemic, and that’s why scammers will not give up the chance to impersonate Netflix to exploit you.

We have reported phishing text messages about fake Netflix 1-year free subscription scams several times, and this week we have seen more Netflix text message scam cases:

  • Fake Netflix Renewal Notification
    –Your Netflix account failed to renew it’s subscription. To prevent termination of your account, please update your information. 

  • Fake Netflix Account Alerts
    –Netflix warning: Your Netflix account has been put on hold. Resume your membership right away
    –Your Netflix account will be locked because your payment was declined

  • Fake Credit Report Information
    –Add Your Rent, Netflix & Amazon Prime to your Credit Report to increase your Score!  Start below, It’s Free 

In these cases, if you click on the phishing link in the messages, below is what you will experience:

1. The phishing link takes you to a fake Netflix page that says you can get a 1-year free Netflix subscription as a reward.
2. If you click on the “START” button, you will be asked to enter personal information such as name and email address.
3. Then, you will be asked to enter your phone number and home address to “validate your entry.”
4. After that, you will start to do an online survey.

5. When you finish the survey, the page says “click to confirm.”
6. Then it presents you with various gifts to choose from.
7. No matter which gift you choose, you will need to enter your email address again to claim the reward.
8. To “pay” for the gift, you are required to enter credit card information, including expiration date and CVC code. If you submit these credentials, they will end up in scammers’ hands and be used to steal your money as well as identity! Don’t let them!

How to Avoid Phishing Scams?

  • Double-check the sender’s mobile number/email address.
  • Reach out to the official website or customer support directly for help.
  • Too-good-to-be-true offers are a major red flag.
  • NEVER click links or attachments from unknown sources. Use Trend Micro Check to detect scams with ease!

Send a link or a screenshot of suspicious text messages to Trend Micro Check on WhatsApp for immediate scam detection:

Trend Micro Check is also available as a Chrome extension. It will block dangerous sites for you automatically:

Did you successfully spot the scams? Remember, always CHECK before your next move.

Try Trend Micro Check now. If you find this article helpful, please SHARE to protect your family and friends!

 

Via TrendMicro

Report a Scam!

Have you fallen for a hoax, bought a fake product? Report the site and warn others!

Help & Info

Popular Stories

As the influence of the internet rises, so does the prevalence of online scams. There are fraudsters making all kinds of claims to trap victims online - from fake investment opportunities to online stores - and the internet allows them to operate from any part of the world with anonymity. The ability to spot online scams is an important skill to have as the virtual world is increasingly becoming a part of every facet of our lives. The below tips will help you identify the signs which can indicate that a website could be a scam. Common Sense: Too Good To Be True When looking for goods online, a great deal can be very enticing. A Gucci bag or a new iPhone for half the price? Who wouldn’t want to grab such a deal? Scammers know this too and try to take advantage of the fact. If an online deal looks too good to be true, think twice and double-check things. The easiest way to do this is to simply check out the same product at competing websites (that you trust). If the difference in prices is huge, it might be better to double-check the rest of the website. Check Out the Social Media Links Social media is a core part of ecommerce businesses these days and consumers often expect online shops to have a social media presence. Scammers know this and often insert logos of social media sites on their websites. Scratching beneath the surface often reveals this fu

So the worst has come to pass - you realise you parted with your money too fast, and the site you used was a scam - what now? Well first of all, don’t despair!! If you think you have been scammed, the first port of call when having an issue is to simply ask for a refund. This is the first and easiest step to determine whether you are dealing with a genuine company or scammers. Sadly, getting your money back from a scammer is not as simple as just asking.  If you are indeed dealing with scammers, the procedure (and chance) of getting your money back varies depending on the payment method you used. PayPal Debit card/Credit card Bank transfer Wire transfer Google Pay Bitcoin PayPal If you used PayPal, you have a strong chance of getting your money back if you were scammed. On their website, you can file a dispute within 180 calendar days of your purchase. Conditions to file a dispute: The simplest situation is that you ordered from an online store and it has not arrived. In this case this is what PayPal states: "If your order never shows up and the seller can't provide proof of shipment or delivery, you'll get a full refund. It's that simple." The scammer has sent you a completely different item. For example, you ordered a PlayStation 4, but instead received only a Playstation controller.  The condition of the item was misrepresented on the product page. This could be the