Scam Radar — June 2023

Below are three new scams to keep on your radar, as well as some tips for how to avoid them. Be on the look out for yourself, your family, and your clients! THINK BEFORE YOU CLICK!

Obscured, Obfuscated Links

Recently, researchers at Avanan have discovered another technique that cybercriminals use to try to steal your information. In this technique, cybercriminals are using obfuscated links to show IP addresses instead of websites. Obfuscated links are URLs that have been modified to hide the real location of a website.

In this scam, cybercriminals send an urgent email that appears to come from a legitimate source and prompts you to click on a link. The link seems legitimate, but hovering over it shows an IP address instead of a URL. Without a URL, it’s nearly impossible to verify if the link is legitimate. If you open the link in your browser, cybercriminals can download malware onto your device or redirect you to a malicious website.

Tips to Avoid Similar Scams:

  • When you receive an email, stop and look for red flags. For example, watch out for emails with different reply-to and sender addresses.

  • Before you click a link, hover your cursor over it. If it shows an IP address, it could be a phishing link.

  • Be cautious of urgent requests. Cyberattacks are designed to catch you off guard and trigger you to click links impulsively.

Permission to Hack

In another recent scam, malware researchers discovered a trojan app on the Google Play Store. Trojans are apps or software that appear legitimate but are actually malicious. Thousands of users downloaded this app before knowing it was malicious. So, it’s important to learn how to spot malicious apps.

In this scam, cybercriminals uploaded a malicious screen recording app on the Google Play Store. At first glance, the app appeared to be legitimate, but it actually contained malware designed to accept permissions that align with what the app claims to do. However, if you accept these permissions, you will grant cybercriminals access to your personal information, such as your location, text messages, and more.

Tips to Avoid Similar Scams:

  • Only download apps from trusted publishers. Anyone can publish an app on official app stores — including cybercriminals.

  • Enable security settings on your device, such as Google Play Protect, which scans for malicious apps.

  • Remember that this type of attack isn’t exclusive to the Google Play Store. Cybercriminals could use this technique to put malicious apps on any platform.

PayPal Payment Ploy

Cybercriminals have taken advantage of PayPal, the popular international online payment platform. Cybercriminals are spoofing PayPal in order to try and steal your personal or financial information.

In this scam, cybercriminals send you a phishing email saying that one of your PayPal payments didn’t process and that you need to act fast. The email contains a phone number allegedly from PayPal, prompting you to call. This phone call appears legitimate, but it’s actually from cybercriminals spoofing PayPal. If you call this number, cybercriminals can trick you into giving away your personal or financial information.

Tips to Avoid Similar Scams:

  • Be cautious when giving your financial information to someone over the phone. Instead, avoid using phone numbers provided in emails and navigate to the organization’s official website.

  • Be suspicious of emails that contain a sense of urgency. Cybercriminals use a sense of urgency as an attempt to catch you off guard and get you to click or act impulsively.

  • Remember that this type of attack isn’t exclusive to PayPal. Cybercriminals could use this technique to impersonate any organization in any country.

For more information regarding scams, please visit the Federal Trade Commission (FTC) Consumer Advice website.

You can also find details about the signs of a scam, how to avoid a scam, and how to report a scam in this article by the FTC — How to Avoid a Scam.


Cited in article.

Recent Posts

Sign In

Your username is the email you registered with.