Customer Alerts
Your Password Is Their Prize
Cybercriminals are trying to steal your X (formerly Twitter) login information. They send you an email claiming that someone tried to log into your account from a new device, and you must log into X immediately to verify your account. In another version of this scam, you might receive a different email claiming your account violated copyright laws and that you must submit an appeal.
Both of these emails direct you to click a link to verify your account, which takes you to what appears to be an X login or password reset page. But these pages are actually fake and controlled by cybercriminals trying to trick you into entering your user credentials. If you enter your login information, they will steal it. Then, they can access your account and use it to post links to crypto or financial scams. The cybercriminals will steal your login details and use your account to scam other X users!
Follow these tips to avoid falling victim to a phishing scam:
- If possible, enable two-factor authentication, or 2FA, for your online accounts. 2FA is more secure because it requires two forms of identification to log in to your account.
- Always hover over links in emails to see if they’re legitimate. If you must reset your password, always navigate to the official X website or mobile app.
Be suspicious of any urgent requests. Cybercriminals often pressure you to act fast to trick you into falling for their scams.
Free Game, Costly Malware
In this scam, cybercriminals are offering a free video game to try to trick you into downloading malware. They post a job offer online, claiming that if you download a free game, “PirateFi,” you can be paid to monitor the in-game chat feature. The free download and the promise of payment make this a tempting offer. But remember that if something seems too good to be true, it usually is!
This “free” game actually contains malware, and if you download it, cybercriminals can steal information from your web browser. Once they have stolen it, they can use it to access your online accounts. You won’t actually receive any form of payment. Instead, the cybercriminals will get paid in one of their favorite currencies – your personal data!
Follow these tips to avoid falling victim to a malware scam:
- Be wary whenever downloading new software or games. Ensure you have updated antivirus software to protect your computer from possible malware.
- Always be skeptical of free deals and easy money. If the offer seems too good to be true, it usually is.
Any job offer requiring you to download software before being hired for the position is likely a scam. Always trust your instincts before clicking and downloading any software, including video games.
From Tickets to Email Trickery
If you recently bought a ticket to a local event, you may have used Eventbrite’s website or smartphone app. Eventbrite is an online platform that allows you to create, promote, and attend events. But cybercriminals are abusing this platform to steal your personal information and money. In this week’s scam, cybercriminals use Eventbrite to set up a fake event and then email you an invitation.
The Eventbrite email invitation contains realistic logos and brands, and it appears to be legitimate. But if you select the link within the email, you will be taken to a fake webpage that is actually controlled by cybercriminals. The webpage will prompt you to enter personal data such as your login information, tax identification number, and even your credit card number. The cybercriminals are trying to steal your personal details and funds!
Follow these tips to avoid falling victim to a phishing scam:
Be wary of emails that urge you to take quick action. Phishing emails are designed to catch you off guard and trigger you to act impulsively.
- Never select a link in an unexpected email. In this case, it would be best to navigate to Eventbrite’s official website or smartphone app if you have concerns about tickets you’ve purchased.
- If you aren’t sure if an email you received is legitimate, contact Eventbrite’s customer support directly to verify.
Paper Jams and Malvertising Scams
If something goes wrong with your printer, you probably search Google to troubleshoot the issue. In this week’s scam, cybercriminals create malicious advertisements, also known as malvertising, on Google and claim to be on a tech support team that can help you with your printer problems. If you click the malicious ad, you are taken to a fake website to install “software” that will assist with troubleshooting. However, the software installation is fake and always displays an error message saying that the installation has failed.
After the failed installation, the website urges you to contact tech support through a phone call or live chat. However, the “tech support” is actually a scammer. If you contact them, they will request remote access to your computer to help you continue troubleshooting your printer. If you allow them to access your computer, they will not fix your printer, but they will be able to steal your personal data!
Follow these tips to avoid falling victim to a malvertising scam:
- Anyone, even cybercriminals, can buy ads on Google. Always think before you click.
- If you experience technical problems with your personal devices, contact the manufacturer’s official website to troubleshoot.
Never give someone you don’t know remote access to your computer. If the issue is work-related, contact your organization’s IT team for help.
Beware the Fake Cashier’s Check
No one is immune to being targeted by scammers, including lawyers and law firms. Lawyers often handle debt collection, and cybercriminals are seeking to take advantage of that. In this week’s scam, a law firm is contacted by someone claiming to be a client who needs assistance with collecting a debt payment. The firm works with the client to determine who owes the debt and then sends a letter requesting that the debt be paid. The person who owes the debt money immediately agrees to pay and sends what appears to be a real cashier’s check to cover the cost.
The law firm deposits the check and wires money to the client’s account. However, both the client and the person who owes the debt are scammers who are working together. The entire story about being owed a debt is a scam, and the cashier’s check is fake. The fake check doesn’t clear at the bank, and the scammers are able to escape with the law firm’s money!
Follow these tips to avoid falling victim to a cashier’s check scam:
- Look for red flags. Always be suspicious of situations or opportunities that seem too good to be true.
- Be extra cautious when dealing with money or other financial requests. Trust your instincts and contact your bank if you have concerns about a check or money transfer.
Be suspicious of requests to take action quickly. Cybercriminals pressure their victims to act quickly so they won’t be caught.
Winter Hill Bank is a Mutual Bank serving the community since 1906.
Thank you for eBanking with us!