Every day, scammers deploy millions of spam emails in an attempt to steal your personal information and money. Whether it’s a phony ad, giveaway, or notification from an online service or bank, the success of the scam email relies solely on users’ interaction and capability of spotting the red flags.
Here’s Bitdefender’s Antispam Lab pick of the spam trends that threaten your data and wallet this week:
No more Netflix and chill
Since Feb. 20, Bitdefender researchers have been monitoring a phishing campaign impersonating the popular video-streaming service, Netflix.
On average, 19% of received Netflix correspondence between Feb. 20 and Feb. 24 was flagged as spam by our antispam filters. The attacks seem to originate from the US and target users in India (27%), the US (18%) Ireland (17%), South Africa (13%), Australia (5%), Denmark (4%) and the Netherlands (3%).
Email subject lines:
- We unable to renew your membership
- Update required – Netflix account on hold
The emails claim that your membership was suspended because Netflix “could not authorize your payment for the next billing cycle,” and invite you to click on a link to update your details.
Another version asks you to simply “add your payment info to your account.”
Unfortunately, any data you enter on the fake webpage will be sent directly to the scammer, including any login credentials and payment details, allowing them to take over your account and steal your money.
How can you avoid this scam:
- Check the sender’s email address and email body for typos – these particular campaigns are riddled with special characters in an attempt to bypass spam filters
- Instead of clicking on the link, head to the official website to check if your account is still active
- Hover over links in any suspicious emails and verify the URL whenever you receive any suspicious emails that urge you to update your info or sensitive information
- Report any phishing attempts to the company
- Install a security solution on your devices to block any fraudulent links masquerading as legitimate websites
No! HBO Max is not offering you any cash to fill out this survey
Scammers are notorious for exploiting users’ eagerness to participate in online giveaways and surveys that could fetch them a great prize or financial compensation. The latest attempt at your wallet comes in the form of a HBO Max survey that could bring you an extra $100 dollars. Obviously this “prize” comes with a cost, and interacting with the email will lead users to phishing page controlled by the fraudster who capture any information you are asked to fill out. This may include your name, email address and credit card data.
Fifty-five percent of the phishing emails reached users in the US, 10% in the UK, 9% in Ireland, 8% in South Korea, 3% in Hungary and 2% in Germany.
How can you avoid this scam:
- Legitimate online surveys should never ask for confidential or sensitive personal information including login credentials, credit card numbers or your SSN
- You should not be asked to pay shipping fees or bank transfer fees
- The message will always urge you to act now or risk losing the prize
- Never respond to unsolicited surveys or giveaways that you haven’t signed up for
Your DHL parcel has just arrived
Phishing emails that pose as legitimate messages from renowned shipping services are a recurrent theme in the global spam trends – It’s not just the busiest shopping days of the year that trigger increase phishing activity on the subject. The latest DHL phishing campaign aims to extract your email account credentials. Since the health crisis, cybercriminals are capitalizing more and more on users’ online behaviors, including increased online shopping.
The DHL brand is once again on Bitdefender’s phishing radar with an ongoing campaign that has spread globally this week. The attack peaked on Feb. 23, when Bitdefender antispam filters flagged 38% of all incoming DHL correspondence allegedly sent by the company as spam.
Until now, the UK and US (receiving 38% each) have been the primary targets of the fraudulent emails that aim to harvest users’ email credentials. The two countries are followed by Australia with 9%, South Africa with 4%, Demark and Ireland with 3% each.
One of the analyzed samples is sent from a Hotmail email address, which should immediately raise suspicion to recipients. However, cybercriminals can also create spoofed email addresses that resemble the official email delivery address from the company.
When accessing the attached .html file, users are greeted with a fake DHL page where they need to enter their email account password to view the tracking details of the package. The username section is already prefilled:
How can you avoid this scam:
- Don’t access links in shipping email notifications you don’t recall making, especially if they don’t contain the tracking number.
- Never trust an email that asks for your password or other sensitive information
- Use caution when dealing with any unsolicited emails you received from delivery companies
- If the email you receive does contain a tracking number using the DHL track now feature to check the status of your package or call customer service
Have you ever wondered how do your email addresses end up in a scammers list? The answer is simple:
- They buy them, legally from data brokers or illegally on dark web marketplaces selling treasure troves of breached databases
- Use specialized tools that scan the web for publically available email addresses
- Fake websites that collect your personal information
How can Bitdefender help?
Bitdefender protects your household devices from malicious and fraudulent activity. If you want to fend off phishing attempts and nasty internet threats, check our extended 90-day Bitdefender Total Security trial free of charge today.
To check if your personal information was stolen or made public online, take a look at Bitdefender’s Digital Identity Protection service. The tool helps prioritize your digital safety, offering a complete view of your online presence, data breach exposure and privacy risks. On top of a full mapping of your digital footprint, including publicly available data (email address, phone numbers, links to your social media accounts), you also benefit from ongoing breach monitoring, a bunch of educational materials and concise one-click action items to secure any privacy loopholes.