New PayPal scam spoofs money transfer warning: Internet Scambusters #512
A new PayPal scam heads up this week’s Snippets issue, which includes details of the latest social networking phishing tricks.
We also sound two new alerts: the potential dangers that could arise from a suggested “virtual tax audit” process and the risk of dangerous, recalled goods reappearing on store shelves.
As usual, we have all the details on what you need to look out for to protect yourself from scammers.
But first, we urge you to take a look at these top articles from our other websites:
Coupons: What Not to Do: Coupons are great, and they can save you money if you use them wisely, but you need to learn how they can backfire.
Cranberry Treats: Think Tangy For Fall! These cranberry recipes will help you celebrate that autumn chill in the air!
Beginning Investment: Tips for Newbies: Check out this easy to read guide on investing for beginners.
And now for the main feature…
LinkedIn, Twitter and PayPal Scam Alerts
This is a busy time for new variations of old scams and we have a couple for you in this week’s Snippets issue, starting off with a sneaky new PayPal scam.
We’ve warned about bogus PayPal messages in several previous issues.
In the latest trick, the crooks try to beat your natural skepticism by shocking you into clicking a link.
The message, received by one of the Scambusters team, appears to be from PayPal acknowledging a transfer of a big sum of money — in this case, more than $24,000.
That’s enough to make your heart skip a beat. But hang on, says the message, because it’s your first big money transfer so PayPal is holding it until you confirm the payment.
There’s the trap! You’re invited to click an “accept/decline” link. If you do, you’ll be connected to a hijacked website that downloads a virus onto your PC in the blink of an eye.
Poor English usage gives the game away. For instance, the message includes the following statement:
“We congratulate you with your first PayPal money transfer. But we have hold it for the moment because the amount is over the security borders of our rules.”
Also, fortunately, most Internet security programs will block the malware attempt — provided they’re up to date.
Even so, this PayPal scam attempt emphasizes the fact that you should never click on links in this kind of message.
Instead, go to PayPal.com and check your account there.
Phishing was the name of the game in the latest scam to hit members of the business social networking site LinkedIn.
Messages from what seemed to be a performance-rating website, supposedly on behalf of one of the victim’s “connections,” invited them to give an assessment of this person’s professional skills.
To make the message seem more authentic, it included a photo of and quote from Apple founder Steve Jobs.
Seems reasonable enough, no? But once the testimonial was written, recipients were then asked for their LinkedIn sign-on details.
As well as giving away this confidential information, victims who did this had their LinkedIn accounts hijacked and the same message was then sent out to all their contacts.
A clever way, indeed, of harvesting thousands of login details and passwords.
The site that initiated this scam has now been taken down but the incident reinforces the need to protect your sign-on details and, as we constantly warn, use a different password for each important site you use.
If you already fell for this trick, change your LinkedIn password now.
Twitter Survey Scam
Twitter is another social networking site that’s a frequent target for scammers.
One of the crooks’ latest techniques is to monitor trending terms and words on the site, then invite the tweeters to complete a survey supposedly connected with their subject of interest.
For example, a recent scam capitalized on the popularity of a drawing app.
Anyone mentioning this app on Twitter received a tweet directing them to a website survey where they were told they could win a prize for filling out the online form.
No prizes were ever awarded, however, but the site operators collected a lot of useful information for spam attacks.
The offending account seems subsequently to have been closed but variations of the trick could be repeated at any time.
Don’t be fooled into giving away your email address or cell phone number by the lure of surveys and prize offers. It’s usually a spaham scam.
If you really must, use a “disposable” email address that you can subsequently delete.
Virtual Scam Opportunity?
Normally, here at Scambusters, we focus on fraudulent activities that already have taken place but here we want to flag up a concern about something that could happen in the future.
There is the possibility, reported recently by CNN, that the IRS could introduce virtual tax audits — done over the Internet using a video link but including the transmission of taxpayer documents to the IRS.
The IRS already runs a pilot two-way video service to help taxpayers with questions and problems.
Now, says CNN, the independent Taxpayers Advocate Service is calling for this to be extended to virtual tax audits.
If this happens, we’re raising a warning flag right now to be on the lookout for scams by crooks posing as the IRS.
No doubt, the IRS will put all sorts of procedures in place to try to avoid misuse but we think any process that involves uploading highly confidential financial documents is fraught with danger.
If virtual tax audits become a reality, let’s hope taxpayers have the alternative choice of still visiting the tax office. We know which we’d choose.
Back On the Shelf
Finally, just in time to slip in a warning about consumer products, recalled for safety reasons, suddenly reappearing on shelves.
This isn’t always a scam but its potential effects are just as dangerous whether it is or not.
Earlier this year, the US Consumer Product Safety Commission said that a range of toys that had been withdrawn from the shelves of a store’s chain had subsequently been offered for sale at discount stores and flea markets.
It’s hard to counter this danger but one thing you could do is keep track of recalled products.
The easiest way to do this is to sign up for regular recall notifications using the Online Form for CPSC Subscription Lists.
As all of our Snippets items demonstrate this week, scammers look to attack consumers from all sorts of directions.
Whether it’s a malware-charged PayPal scam or a crafty phishing attack, they hope that, one way or another, you’ll eventually get snared. Don’t let your guard down!
Time to close today, but we’ll be back next week with another issue. See you then!