Amazon Prime Day Scams

Prime Day takes place for two consecutive days every year. Shoppers are eager for Prime Day deals, but so are scammers, who aim at defrauding people for their own profit. A classic scam includes an email asking customers to verify their account, leading them to a fake Amazon website to steal their personal information.

Experts say most phishing scams targeting Amazon customers rely on their lack of understanding of how the retailer communicates with individuals. Scott Knapp, Amazon’s Director of Worldwide Buyer Risk Prevention, stated that company representatives rarely contact shoppers directly or ask for order details. Nonetheless, there are plenty of other directions of the fraud that you should be aware of.

Fake Amazon Websites

One of the frequent types of scams is fake websites that superficially resemble the original service or store. I have analyzed two typical examples of such sites, Amazonexal[.]com and Lainedmn[.]com (shut down at the moment). Both claim to be a branch of Amazon and offer items at heavily discounted prices. But obviously, there are no such branches of the company, and both sites gather a complete scam bingo.

• Websites’ age may vary, but the content almost always changes every 2-3 weeks. That is done to scatter the complaints and pretend that earlier trades related to the site never happened.
• Both websites use content from amazon.com and the Amazon logo but they do not have any official affiliation with Amazon. That is, in fact, a huge red flag for any type of shopping site: lacking your own content puts in question the presence of offered goods in the first place.
• None of the sites have reviews and feedback. Some of the pages have the “feedback section”, that in fact consists of made up writings lodged into the site, without the ability to add your own comment.
• None of the sites have a social media presence besides victims’ complaints online. Even if there are visible buttons for Instagram, Twitter or Facebook pages, they are not active 99% of the time.
• Both websites offer ridiculous discounts and elements that infuse a sense of urgency, so the user is constantly pushed towards making a purchase.

Fraud experts assert that in the past 30 days alone, 2,300 new website domains were registered impersonating Amazon. This is just the beginning, and the higher the price, the more fake sites will be created. These fraudulent sites also offer what appears to be a copy of a legit payment page. Most likely, these pages collect all the banking information one types in, so there is also a risk of banking account hijack. Here the list of latest fake websites were used in the scam:

• Amazon-activity[.]com
• Amazonexal[.]com
• Amazon.com.billing-inquiry[.]com
• Lainedmn[.]com
• amazon-store[.]com

Fake Gift Cards and Promo Codes

Another possible vector for Amazon Prime Day scams is fake gift cards and promo codes, that provide significant discounts to anything you buy. While genuine Amazon gift cards promo codes can be found on trustworthy websites, scammers may impose such services, offering to buy these gift cards of promo codes from them.

You can get to such a fraudulent deal while browsing sites and forums related to Amazon shopping. Once in, you will see gift cards for sale at 10-25% of their real value (i.e. $100-250 for a $1000 gift card). Thing is – site owners don’t have any codes to share with you, and after receiving your pay they cut any communication.

Another edge of this scam is free gift cards giveaways. The are in fact more of a constant theme, rather than a seasonal occurrence. Frauds set up a landing page that offers users to get a free $500-$1000 gift card only for sharing their personal data. As you may already know, this data share is one way – no one sends back any free stuff.

How to report a scam

• If you have been scammed, report it to Amazon support through their official website or phone number.
• You should inform your bank as soon as possible. This increases their chances of stopping the fraudster.
• Finally, report the scammers to the platform through which they contacted you.
• If you’re concerned that your Amazon account may be at risk, the seller’s website has tips to help protect your information.

Tips for safe Prime Day shopping

We have some helpful tips to prevent falling victim to scams. It is better to follow them all rather than picking one separate, as there is no universal solution.

• Double-check domain names. If the website address does not start with “Amazon.com,” it could be fraudulent. This applies to other online retailers as well. Look for misspellings, extra punctuation, or anything unusual in the address.
• Stick to Amazon’s official website, app, and stores for purchases. Amazon never asks for payment over the phone/email or through third-party sites.
• It’s safer to enter retailer URLs manually rather than clicking on potentially harmful links. If you receive a suspicious message, claiming that you ordered something, go to «amazon.com» and check your Amazon account’s “My Orders” section to confirm.
• Use a strong password and enable two-factor authentication. Passwords should be extended, unique, and random. Avoid reusing passwords across multiple accounts.
• Treat limited-time Prime Day deals with caution. Offers requiring immediate purchase may be cybercriminal traps.

Scammers don’t take breaks, and with Prime Day around the corner. So, it’s essential to remain vigilant against fraud. The tips we’ve provided can help safeguard you against online scams.

The post Amazon Prime Day Scams and Fake Amazon Websites appeared first on Gridinsoft Blog.

Crypto Recovery Scam Explained

The hype around cryptocurrencies has slowed down recently, but the number of scams related to this topic has never come down. Moreover, another vector has emerged – crypto recovery scam, which targets people who have already become victims of crypto fraud.

Getting into a financial fraud related to an investment can hit the wallet pretty hard, so the urge to get the money back has obvious motivation. In certain cases, it is technically possible to recover lost assets, and some legitimate organizations can assist victims in doing so. Still, it is very individual and depends on many factors, and there is never a guarantee of success.

The loss of cryptocurrency can occur for a variety of reasons, including technical failures (dead hardware wallet key) or human factors. But what the fraudsters concentrate their attention on are fraudulent investment schemes rather than technical issues. Incidentally, we have a separate post about cryptocurrency fraud, but this time we will focus on fraudulent “cryptocurrency recovery agencies”. Long story short – attackers could not ignore people who fell victim to one scam and developed a whole scheme to scam them again.

Examples of Recovery Services

How Do Crypto Recovery Scams Work?

Usually, these scammers are looking for victims on social media, particularly in crypto investment-related groups or trading forums. It all starts with comments from people who allegedly have managed to get their money back. They provide the contact information of a ‘specialist’ and claim to have helped but are actually part of the fraudulent scheme. In another scenario, fraudsters directly contact victims (mostly in crypto communities) and offer their help in restoring their crypto assets. One more scheme involves fraudsters selling lists of victims they have deceived or hacked on the Darknet.

After the victim contacts the scammer, they will immediately ask for as much information as possible. This may seem quite logical, since such an operation requires a full pack of victim’s info. However, the scammer will always ask for things that will barely be needed – SSN, detailed personal information, and so on. In addition to this data, attackers almost always require an upfront fee for their work. Quite often, the frauds simply cut any connections upon the upfront payment, but not always. It is often to see them imitating the progress, and asking for more money after some time. Scammers explain this as “additional funds are needed to solve the problem”. Attackers employ a lot of social engineering tactics, which can result in multiple requests for money before they eventually stop responding to the victim.

Red Flags and Potential Risks

Let’s take a look at the main red flags that you’re dealing with a scam. The first thing that should raise concern is a request to make a prepayment without any guarantees. Sure, scammers will promise guaranteed recovery of your funds, but such a guarantee is impossible. Definite false claim = quite an obvious red flag.

The next red flag is the claim that they have “special access”, a private connection with the FBI or another law enforcement agency. Without a confirmation, this claim costs nothing, and any “informal connections” still give you no guarantee that this FBI friend will be helpful. And, after all, if they’re talking about law enforcement – why won’t you go directly to them? The majority of investigation agencies around the world nowadays have an online fraud department, which will be in handy for this case.

Another sign that you are dealing with fraudsters is a sense of urgency and persistence on their part. In this case, the urgency comes not only from the scammers but also from the victim. Frauds often insist that you should not notify law enforcement about the incident, which is a strange demand from “legit money recovery agents” as they present themselves.

The risks of all this, as you can imagine, are quite high. First of all, there are significant financial losses. Usually, fraudsters demand large sums upfront because they realize that the victim is ready to do anything to get the lost crypto back. Secondly, there is the risk of confidential information leakage. Attackers can request credit card information or login details to an online bank. They may then either use this information to finally empty the victim’s accounts or resell this data on the Darknet.

6 Warning Signs

Most crypto recovery services are scams — especially if they promise to return crypto you no longer own. Look out for these warning signs:

1. They ask for an upfront fee. If someone asks for money before helping you, it’s likely a scam. They might ask for a small amount first, then keep asking for more.
2. They claim to have “special access” to crypto exchanges. Scammers will say they have secret ways to get your crypto back. This is always a lie.
3. They ask for your passphrase or sensitive info. If they want this information, they are trying to steal from you.
4. They ask for your bank or crypto wallet details. Scammers may ask for your wallet or bank info to “deposit” the recovered crypto. They just want to steal more money.
5. No physical address or located outside the U.S. If there’s no address, or it’s outside the U.S., it could be fake. Many scam companies use fake addresses.
6. No phone number or only messaging apps. Legit companies talk by phone. Scammers use apps like Telegram or WhatsApp to hide.

How To Avoid Scams?

If you’ve been a victim of a crypto recovery scam, I have a few recommendations that may help. First, report the platform support through which you were defrauded. Contact the platform’s technical support and report the incident. The next step will be filing a report with law enforcement and gathering as much case evidence as you can. While this still cannot guarantee a refund, it can significantly increase the chances of one. Detailed information will also help men in uniform with finding and detaining the fraudsters.

Also you can report scams to:

• The Federal Trade Commission (FTC)
• The Commodity Futures Trading Commission (CFTC)
• The U.S. Securities and Exchange Commission (SEC)
• The FBI’s Internet Crime Complaint Center (IC3)

If you have found an organization that helps you recover your lost funds, research its procedures, refund methods, and real user reviews on the Internet. The major challenge is that recovering stolen cryptocurrency is extremely difficult to recover. And almost the only way to do this is to collect as much evidence and information as possible, gather the necessary package of documents and submit it to law enforcement agencies. Law enforcement may contact the platform’s representatives. If proven that the stolen crypto belongs to the victim, there is a chance that it will be returned. This is the only legal way to get the lost crypto back.

The post Crypto Recovery Services appeared first on Gridinsoft Blog.

What is a fake virus alert?

A fake virus alert is a browser notification whose task is to mislead the user. It can appear not only in the browser but also in the system. That notification can be caused by rogue antivirus, adware, and simple website redirection.

Rogue antivirus is known as security software that is fraudulent and misleads users into believing there is a virus on their computer. This software aims to convince them to pay for a fake malware removal tool that blocks legitimate and safe apps it found in the system.

Fake security threats often appear on your computer screen as pop-ups in browsers that claim your computer is infected with a deadly virus. These pop-ups in turn signal you that you have adware on your device. Such warnings direct you to download a purported virus removal tool, which consequently may be the aforementioned rogue antivirus.

Redirections appear when you click through some less than trustworthy pages. Compromised sites, or ones whose administrators do not care who they’re referring to, may contain several such malicious links. They are not a sign of malware, but unfortunately, that reason fake virus notifications are quite rare.

However, there are quite a lot of instances where they serve malicious purposes. The spreading of such plugins is pretty easy, and it makes them very attractive. Common ways look like advertising pages and require “install a plugin to confirm that you are not a robot” or “a security advisory”. They have become a popular method of spreading infection, as they are embedded in the browser and are often ignored by weak anti-viruses. In addition, they are aimed at stealing user data, which is very much present in the browser.

Signs of fake virus alerts

Virus alerts can be convincing, but there are a few telltale signs that they’re fake. Understanding these telltale signs can assist you in avoiding phony pop-up alerts and clicking on dangerous links. Generally, trust your instincts: if something seems off, it’s probably wrong. These signs indicate that a fake virus is present:

• Fake-sounding products: Fake virus warnings are typically straightforward. They often promote fraudulent products. Learning about the best antivirus software will make it simple to recognize fraudulent software.
• High-frequency alerts: The sudden increase in warnings about the virus is alarming. However, this is a common tactic used by adware. The goal is to make you anxious enough to download their fraudulent product.
• Bad grammar: A legitimate corporation takes time to refine its messaging and communications. Fake virus software scams will often have spelling and grammar errors and also apply strange text designs – like numerous “#” or “_” symbols across the text.
• Vague wording: Unclear promises or vague descriptions are suspect. Reputable antivirus software will use straightforward language to describe its product and benefits.

The list of signs is not complete, as crooks have proven to be inventive enough to find new ideas on their banners. However, most of the time one or several symptoms among the names above will appear – and that should raise your suspicion.

Examples of fake virus alerts

A fake virus alert can have multiple forms. Understanding the following examples of virus warnings can assist you in recognizing scams before they have a chance to cause harm. These are some examples:

1. Malvertisements

Malvertising is hackers’ deceptive usage of legitimate advertising networks to infect ads that show up on websites you trust. These ads often claim your computer is infected with a virus and attempt to sell bogus antivirus programs. Pay attention only if you receive notifications about your computer being infected with malware.

2. Fake versions of real ads

Reputable businesses can fake Virus Alerts and deceptive Counterfeit ads. Fake phonies use dubious claims and exaggerated language full of fear. They also offer absurdly favorable terms.

3. System tray notifications

As opposed to common fake virus warnings, system tray notifications are rare. They appear as notifications in your system tray that inform you of a serious infection that requires immediate attention. Authentic notifications have a much more effective effect because they look more realistic. When you see one, make sure it’s not a fake before you choose to respond. By examining the language of a scam alert, you can determine if it’s real or fake. These fraudulent messages use emotional words to manipulate your emotions and trick you into rash decisions. They also typically have formatting issues or fonts that need to match up.

How to remove a fake virus alert?

Step 1. Remove push notifications

If you encounter a fake virus alert, the first step is to shut down your browser. A key combination like Alt+F4 or Command+Q (on macOS), will accomplish the task. However, if this is not possible, you can force your system preferences to close your browser if it’s sluggish. This can help prevent you from tapping on the infected pop-up which can lead to further problems. Then, open it back to start troubleshooting.

If you subscribe to push notifications from scam sites, you can remove them through the browser interface. Go to your browser settings, find notification settings and remove all the sites that are listed as ones that can send notifications. Reload the browser to apply the changes.

Disabling browser pop-ups (scroll images)

Step 2. Remove any suspicious extensions.

The extension is an application that enhances the functionality of the browser.

Step 3. Reset browser settings

Resetting your browser settings is one of the first things you should do to eliminate the Windows Defender security warning scam. The following instructions tell you how to do this in different browsers:

Step 4. Remove suspicious apps

Find and remove the suspicious app: Now go to settings and click on the ‘Apps’ section. Look for a list of current apps (you may need to select ‘App manager’ for a comprehensive list) and locate the malicious app. Open the app’s information and then select the option to uninstall. This should eliminate suspicious apps.

If you can’t find the suspicious program in the list of all programs on your device, you need to scan your device with an antivirus. You must remove this designation before you can discontinue the procedure. To accomplish this, go into your security settings and locate a section called Device Admin Apps with a title “Device Admin Apps”. Uncheck the app you want to remove and then deactivate the next step. You may now be able to delete the app.

Step 5. Scan your PC for viruses

If you examine your computer and can’t find any suspicious files, you should consider installing antivirus software — this is if you don’t already have it. You can utilize the software to search for malware that may be concealed within your computer. If the scan identifies a threat, it can attempt to remove it and prevent further damage to your device.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post Fake Virus Alert appeared first on Gridinsoft Blog.

Malware on Porn Website: Reality or Myth?

Contrary to popular belief, visiting porn sites doesn’t automatically result in getting infected with viruses or malware. While threats can indeed come from porn sites, they are usually the result of specific interactions with malicious content rather than simply visiting the site. And things that one may get from an adult site rarely fit into the classic definition of malware: it is more on the side of junkware and malicious extensions.

To bring in more details, we need to clarify what we mean by “porn sites”. The fact is, there are two types of porn sites: legit, renowned ones, that have subscription services and overall are well-recognized, and shady pages that may stick to random monetization options. In this case, the risk of getting malware on porn website is not higher than, say, on YouTube. And overall, they do not have any motivation to switch to malignant activity: subscription price multiplied by the volume of users gives more than enough profit.

The story is different for those shady sites. Unlike the former, they may range from being as well safe, or bear significant malware threat. Since the main objective of such sites is to make money as quickly as possible, the presence or absence of malware or viruses on a site only depends on how deep down the rabbit hole the site masters are ready to dive. Let’s take a closer look at how this works.

Why Do Some Porn Sites Have Viruses?

The main way shady sites make money is through advertising, or dirty traffic arbitrage tricks. In simple terms, the latter is when a shady actor buys traffic (visitors) at one price and then redirects those visitors to other sites where they are paid more. Thing is – these actors rarely care about the end site being safe for the user. And that is the source of all the further dangers for them.

Best bidders of that scheme are ones who will make money on the user with the biggest chance. And those are most often malicious actors or someone who trick people into doing a compromising action. This gives out the list of potential threats: phishing sites, malware distributing pages, pop-up ads spam pages and so on.

Malware Threats From Porn Sites

Now that we’ve established why porn sites might contain threats or malware, let’s discuss the risks and consequences of visiting such sites. Beyond exposing people to malware, there are several other risks, including the collection of confidential information, financial loss, and even psychological harm.

Redirects

Automatic redirects are a main source for most of the threats we’ve discussed. They can lead users to websites that host malware, engage in fraudulent schemes, or display aggressive advertising. Low-quality sites often use this tactic for several reasons: firstly, they engage in mutual promotion by redirecting users from one site to another. This often appears as a “Play” button, which, when clicked, takes the user to a different site, creating a loop of endless redirections. A single click can open 3-4 windows at once, and an unsuspecting user may keep going through these sites, getting deeper and deeper into the malware scam.

In some cases, one of these windows may immediately start downloading a file, which is often malicious. The file might have a double extension, such as video.mp4.exe for desktop systems, or a fake app like player.apk for mobile devices. Another variation of this tactic involves sites attempting to install malicious browser plugins. This usually presents as the browser prompting the user to install a necessary extension for the site to function properly. And, you guessed it right, none of the programs/extensions spread in such a way are safe.

Malicious Advertisements and Push Notification Spam

Another related threat involves websites attempting to gain permission to send notifications. This works by tricking the user into allowing notifications when they try to interact with a site element, like a “Play” button. The site might request the user to confirm they’re not a robot by granting notification permissions. As a result, the site bombards the user with spam notifications, mostly filled with annoying ads but occasionally containing potentially harmful content.

Although these notifications may seem merely annoying at first glance, they carry certain risks. First, these notifications often lead to sites that feature aggressive advertising, fraudulent offers, or illegal content. This can include redirects to sites offering fake discounts, dangerous programs, or even bogus free downloads. As mentioned earlier, these downloads may include various forms of malware – from adware to spyware or even backdoors. Once installed, the malware can steal confidential data, encrypt all files on the device, or even use the system as part of a botnet, depending on its payload.

Data Collection

There is a specific category of adult sites that threaten users not with the probability of redirection to a malicious website, but with the excessive data collection. In fact, it is not a straightforward malware on porn website, but a threat related to such site. I am talking about sketchy dating sites, ones that offer finding a pair for short-living intercourse-targeted relationships. Typically for any dating, one should fill in the information about themselves, all the way up to real address, phone number and personal photos. And that is where the danger kicks in.

You see, large dating platforms, same as any sites that handle massive amounts of sensitive data, invest a lot of resources to set up proper data protection. For a questionable dating page that was established a week ago, these resources are non-existent. Moreover, some of these sites ask for payment immediately after registration.

It’s worth noting that most of the profiles on these sites are fake, as we can see in the image below. Therehence, a chance of a bad actor getting their hands on all the user data, or just the site owner themself selling it to someone on the Darknet is rather high. Further, such detailed information may be on hand for threat actors in various types of phishing attacks, where they can impersonate the authority. And with all the information from such a site, it will be a rather convincing impersonation.

How to Stay Safe?

There are several tips to adhere to avoid malware risks and other threats when browsing adult sites. Though, same rules apply to a lot of other site categories, so they may be useful for much more situations.

First, avoid visiting questionable no-name sites. If you do want to view adult content, stick to well-known sites that don’t pose a threat (ask a friend for recommendations). Never download anything from these sites, don’t allow notifications, and avoid installing any extensions or add-ons. Also, refrain from sharing any personal information with websites you don’t trust.

Second, use specialized tools to protect your device from potential threats. I recommend using GridinSoft Anti-Malware, as it guards against common cyber threats and includes an Internet Security module. This will greatly reduce the chances of malware infiltrating your device. Lastly, use a proper, time-proven ad blocking extensions. They disable advertisements for free, thus decreasing malware risks by orders of magnitude.

The post Can You Get a Virus By Visiting a Porn Site? appeared first on Gridinsoft Blog.

Hamster Kombat Tap-Game Players Targeted in Malware Spreading

ESET researchers have discovered a series of successful scams based on the popularity of the game Hamster Kombat. As with any potential opportunity to make easy money, this game has attracted two audiences – those looking to get rich quickly and those looking to profit from them, i.e., scammers. The latter use phishing websites to spread spyware, primarily Ratel to Android users and Lumma Stealer to ones who use Windows.

For those who may not know, that is a game where the main activity is tapping the smartphone screen and completing simple tasks. For these actions, the developers promise to eventually reward players with a new virtual cryptocurrency token based on TON, which they plan to release sometime soon. Since the game’s release, more than 250 million players have joined the project. For the comparison, Hamster’s Telegram channel alone had 53 million users at the time of writing.

The game caused heavy discussions on data safety earlier this year, mainly due to its Russian origins. We have a separate article with analysis of Hamster Combat’s Russian ancestry and possible outcomes.

How the scam works?

Main thing that makes users follow the shady guides and do what the malicious instructions say is the wish to automate the Hamster Kombat game process. For this, frauds offer downloading a third-party app, that is, as you could have guessed, is malicious. It’s worth remembering that the Hamster Kombat game operates exclusively through a Telegram bot and only within Telegram on mobile devices. This means there are no stand-alone apps for iOS, Android, or especially for Windows. Additionally, the only official accounts are on YouTube, X (Twitter), and Telegram – another popular claim that the frauds do to lull the vigilance.

Hamster Kombat Malware Scam – Main Course

This desperation drives players to visit phishing sites and install malicious applications. For example, enterprising scammers have created a Telegram channel called HAMSTER EASY, where they distribute an app named Hamster.apk. The channel is entirely Russian, and almost every post contains grammatical errors. However, this app is in fact Ratel spyware, which automatically sets itself as the default SMS app.

By getting these capabilities and privileges, this app abuses notification access permissions. This Ratel can intercept all messages and notifications and hide them from the user. Further, the spyware uses SMS to communicate with “control server” – in fact, just the phone of cybercriminals.

Another method of spreading this spyware is through phishing websites styled to look like official app stores. Researchers have identified two such sites, “hamsterkombat-ua.pro” and “hamsterkombat-win.pro”. Unlike the page that spreads Ratel spyware, these two are in Ukrainian language and obviously target the Ukrainian player base.

As I have repeatedly emphasized, Hamster Kombat operates exclusively on mobile devices. However, crafty scammers have developed a Windows application. Researchers discovered GitHub repositories offering auto-clickers and automation tools for leveling up in the game. However, the developers neglected to mention that this software comes with a bonus: Lumma Stealer. This malware is spread in several versions, including C++, Go, and Python, with the latter even featuring a graphical installer interface. Consider reading our detailed research on this malware.

Moreover, numerous clones have appeared online, such as muskempire_bot and Simple_Tap_Bot. These bots are heavily promoted in the comments under videos related to Hamster Kombat on social media, promising easy earnings. Instead, they steal users’ time, personal data, and in some cases, even their money.

How To Avoid This Scam

To avoid falling victim to scams related to Hamster Kombat, it is essential to remember two rules:

• The game operates only within the Telegram app on mobile devices.
• There are no legitimate ways to automate the game’s process through software. At least, the developers claimed to patch any of the possible auto-click bots, and threatened to wipe the accounts of ones who use them.

Based on this, players should avoid any software related to this game, regardless of the platform. Additionally, avoid websites that disguise themselves as Hamster Kombat but are not announced on the official game pages.

The post Hamster Kombat Players Targeted in a New Malware Spreading Scheme appeared first on Gridinsoft Blog.

Fake Shop Online Scam

Among all the online scams one that I stumble by particularly often is fake online stores, which today are perhaps the most common type of scam. This is not surprising, as the events of the last 4 years have given a significant boost to e-commerce and online shopping. Unlike legitimate stores, these shops will never send you any goods whatsoever, or, in the best case scenario, just a cheap counterfeit from China. The reason is that the store essentially does not exist. If you have a more detailed look, you will see just a landing page made with a template that contains pictures stolen from other sites and a payment form.

The main signs that a store is fake include overly huge discounts (usually between 50% and 95%) and urgent calls to act quickly (such as “3 hours 59 minutes left in the sale” or “only 4 items left at this price”).This is obviously false, and you may see the countdown resetting upon refreshing the page. Another sign is exclusively positive reviews combined with the inability to leave your own feedback. Also the “About Us” and “Contact Us” pages have some distinctively senseless text. It often contains vague, abstract text, and sometimes this section is unfilled at all. The contact form may also list (if at all) the address of a random pavilion in China and a nonexistent email address.

To make the scam page more visible, con actors launch aggressive advertising campaigns, typically on social media. They often prefer Facebook to other platforms for its massive audience and well-known advertising engine. Interestingly enough, the latter, albeit having sturdy protection against traffic arbitrage, shows a rather poor counteraction to this type of scam.

How Does it Work?

Allow me to briefly explain how this works: using online website builders, crooks create themed online store templates, typically for clothing, shoes, home decor or other popular items. All product photos are usually taken from legitimate online stores; you can verify this by performing a reverse image search. Scammers register it on the cheapest domains like .site, .top, .fun, or .store, and then just wait for the victims to come by. Typically, these are one-day sites that do not stay online for long.

The only functional button on such a site is the “buy” button, which, once clicked, prompts you to enter the recipient’s address and pay for the item. Obviously, no one will send the item. Even when the buyer actually receives something, as I said, it is usually the cheapest replica from Temu or Aliexpress. Some scammers even surprise by sending a box of trash instead of the expected package or an old T-shirt instead of a branded one.

Potential Risks

There are several risks involved here. Firstly, you risk losing your money. Although these sites often guarantee a money-back, be sure, no one will refund your money. The second risk is the exposure of confidential information. Scammers obtain all the details — full name, home address, email, and card information. This is a great jackpot for crooks, who may later attempt to use this information for further scams. In some cases, these details may be sold on the Darknet.

If you have fallen victim to a fraudulent online store, it is important to take the following steps to minimize damage and attempt to recover your money. First, contact your bank and report the fraud. This might help to get your money back. Then, disable the option for online payments on the card you entered on the fake site. If possible, take screenshots of all transactions and any correspondence with the seller (if any).

Crypto Scams

Another prevalent type of online scam is cryptocurrency fraud. This works almost the same way as in the previous example. Scammers use templates to create many identical websites that differ only by name. These sites often associate themselves with celebrities, such as Elon Musk, Bill Gates, Vitalik Buterin and other renowned persons of the crypto world.

Fake website

Social Media buttons on the fake website

An average guy, that has no idea that the link to their profile is on a fraudulent site

These sites operate in several different modes: as exchangers, trading platforms, or airdrop scams. Modus operandi of all of them is rather simple: pretending to be something, while not being it, and instead either stealing users’ money, cryptocurrency and personal data.

The main risk of this scam is the scammers withdrawing funds from your wallet. By gaining access to your private keys, scammers can easily transfer all your funds to their addresses. In the case of fake airdrop distributions, the website may use a smart contract with malicious code. After connecting, the “drain” script activates, automatically transferring all funds from the connected wallet to the scammer’s wallet. They also happily help themselves to the data that users leave during authentication. Such manipulation may end up with identity theft in future.

Targeting Ways

Main promotion ways for crypto scams differ from ones used by other scams. Frauds typically launch massive ads through TikTok, Instagram and other similar platforms with short content. By abusing indexing mechanisms these platforms use, they can reach an enormously wide audience in just a few days.

If you become a victim of a crypto scam, you must gather evidence. Take screenshots of all transactions, any correspondence (if available), and related websites. Then, contact the bank authority and the service that provided you with the hot wallet. You can also contact their support team to get more detailed instructions on how to report the fraud. After all, change your account login details, especially if you use that password on more than one site.

Online Scam: Phishing

One of the oldest types of online scam is phishing. This attack relies not on technical, but human factors, which in fact makes up for its longevity and effectiveness. Scammers create exact replicas of the login pages for popular legitimate services. Most commonly, these are Microsoft Azure, Apple ID, Amazon, PayPal, and less frequently, social media.

These pages look identical to the real ones, but almost always have a different URL. The most recent phishing scams, as of mid-2024, are hosted on Microsoft Azure service, which adds a well-noticeable particle in URL. This is also the reason why phishing scams bypass most of the filters. Such are extremely short-living, staying online for just a few days.

Falling for this scam risks giving your login credentials to scammers, which can lead to further problems. This could result in losing access to your account, as scammers may log in and try to change the password. If you use the same password for multiple accounts, the security of those accounts is also at risk.

One particular promotion ways phishing scams exploit for all the time is email spam. Crooks that stand behind all this launch a mass-mailing campaign that comes to the users as a routinely-looking message which asks to update some stuff related to the account. The link to the phishing site is additionally masked by anchoring it to a piece of text that contains the legitimate URL.

If you become a victim of phishing, regardless of the account type, the first thing to do is change your password. This action will block the scammers’ access to your account. Next, enable two-factor authentication (2FA) on any accounts that might have been compromised if not already enabled. I recommend using 2FA wherever possible.

Fake Job Online Scam

Fake job scams is a particularly novice type of online scam that targets people searching for employment. They particularly aim at ones seeking for a remote job – a rather widespread demand since 2020. Scammers that operate this kind of fraud stand off by being pretty inventive and avoiding using templated websites.

There are several types of this fraud that are met the most often. The first one involves performing simple online tasks for a reward. Tasks might include clicking on links, watching advertisements, or viewing videos. However, the pay for these tasks is so low that earning $10 could take a week of watching videos. In exchange, that site takes quite a lot of users’ personal information, and will likely sell it for much more than the pathetic sum they promise as the reward.

Social Media As a Communication

Another type of job online scam mostly takes place on social media. The victim stumbles upon a site that offers a “well-paid remote job” by seeing an ad on social networks like Facebook or LinkedIn. In most cases, the website the user sees appears legitimate, making it difficult to suspect anything wrong. Further, the site asks the victim to fill out a form on the website and provide information about themselves. In some cases, people may see the payment request, allegedly for handling document processing or training. After this payment, the site completely stops responding; all the ways to reach the site back appear non-functional. Scammers simply disappear with all the users’ personal data and, optionally, the payment.

The third variant of this scam resembles the first but differs in operation. Scammers find potential victims on social networks and offer them a good passive income opportunity. This involves performing simple interactions with a website daily, promising a good reward for these actions. Initially, victims are allowed to “withdraw” a small amount. Later, victims are encouraged to “upgrade their task level” by paying a certain fee. But once they do this payment, the cost of tasks increases. Scammers continually persuade the victim to upgrade again and again. When the victim attempts to withdraw funds at a certain point, the website simply starts spitting out errors. Scammers may reassure the victim that the issue will be resolved soon. Finally, they disappear, stop responding, and the website likely ceases to exist.

Potential Risks

In most cases of this type of online scam, all money transfers occur through cryptocurrency. This practically eliminates the possibility of retrieving funds or identifying the scammers. The main risk, however, is the leakage of personal information. Considering that people happily share SSN, ITIN and other sensitive documents, with fair expectation that it is needed for the job, the possible damage goes far beyond what other scams can do. Another edge of the risk is financial loss, a small one in the case of “document processing”, and a much larger one (up to several thousand dollars) with the “task updating” scheme.

You should practice basic internet hygiene to avoid falling victim to such scams. Approach any offers of easy money with suspicion. If you’re promised large sums for simple tasks, it’s likely a scam. The same, if you’re asked to visit a previously unknown website for job searching and fill out a form, don’t rush. Please perform your own research, Check the site on our URL checker, Google it, and read reviews. In most cases, this will shed light on the situation.

If you’ve become a victim of such a scam, first stop communication and block the scammer. Then, report the user on the platform where they contacted you. Find the website on review platforms and leave a detailed review describing your situation to warn other users. If you’ve provided confidential information (like credit card details), block the online payment option and inform your bank that your card details have been compromised. This will prevent unauthorized transactions using your card. If you’ve entered your passwords anywhere, change them immediately.

The post Signs You’re Dealing With an Online Scam appeared first on Gridinsoft Blog.

What Does “Scam Likely” Mean?

For customers of T-Mobile, Metro by T-Mobile (formerly MetroPCS), and Sprint (post-T-Mobile merger), “Scam Likely” is an alert that identifies potential spam callers. This feature is a part of T-Mobile’s “Scam Shield” protection, designed to block fraudulent calls before they reach you. This proactive measure is automatically enabled for all subscribers, ensuring you don’t have to tweak settings to benefit from it.

T-Mobile utilizes a comprehensive database of known scam numbers and automatically screens incoming calls against this list. Calls flagged as “Scam Likely” could involve various scam tactics, such as:

• Impersonating government officials
• Demanding payments via gift cards
• Proposing fake tech support solutions
• Initiating disruptive robocalls

This identification is managed at the network level, so regardless of whether you use an iPhone, Android, or a basic button phone, you’ll see the “Scam Likely” alert. There’s no need for any additional apps, although the free T-Mobile Scam Shield app is available for those who want extra control over these features.

While the “Scam Likely” system is robust, no system is perfect. There may be instances where legitimate calls are mistakenly labeled as scam. It’s advisable to approach these calls with caution. If you choose to answer, protect your personal information vigilantly. If the call feels suspicious or the caller pressures you, it’s safe to hang up. Genuine callers will likely leave a voicemail if it’s important.

How to Block Scam Calls

Although your carrier may alert you about “Scam Likely” calls, these calls aren’t blocked by default. If you find yourself inundated with unwanted calls, T-Mobile offers a free Scam Blocker feature. Here’s how to activate it:

1. Open your phone’s dialer app.
2. Enter the code #662# and make the call to activate the blocking.
3. To confirm activation, dial #787#.

How to Spot Scam Calls?

Most operators have similar services to combat fraudulent calls. This is due to the STIR/SHAKEN, a set of protocols that allows carriers to fight caller ID spoofing. Thanks to these standards, the operator can display a “Call Verified” message on your phone. This way, he confirms that it has not been spoofed. This feature is now becoming available on more and more devices and carriers as they all work to reduce spam calls.

So, if you’re an AT&T customer, you can download their official software. It’s available for iPhone or Android and contains free spam and fraud blocking features as well as advanced protection that’s available by subscription. And if you use Verizon, a free call filtering service is available as well. To manage this feature, you can also install the Verizon Call Filter app, available for iPhone or for Android. Like AT&T, Verizon also offers a paid subscription to improve this. Other carriers likely provide similar services as well. For more information, visit the store, log in to your account management page, or contact your carrier’s customer service number.

How to Block Calls?

Suppose you are annoyed by a spammer, and your operator does not provide such a service. In this case, you can block the annoying number using the standard tools of the operating system of your device. In addition, there are third-party applications available in the app store that can handle this task. These applications usually have a database of fraudulent numbers and will alert you if an incoming call is potentially unsafe. In addition, these apps allow you to detect and block fraudulent calls, regardless of which carrier you have. The disadvantage of such applications is that they are often paid and require a subscription.

How to Block Scam Calls on Android

If your phone has the default dialler app from Google, it will alert you to potential spammers by default. If your Android device uses a different dialer app, do the following:

1. Open the dial app and tap the number you want to block.
   
2. Click on Details, then select Block number.
   
3. Scroll down and tap Block this caller.
   

This straightforward process makes it easy to block unwanted calls directly from your call log, helping you manage your privacy and security on your device.

There is a more radical method that will solve the problem of unwanted calls. Your iPhone has a feature that allows you to silence all calls from unknown numbers. To do this:

1. Open Settings and scroll down to iPhone.
   
2. Tap Silence Unknown Callers.
   
3. Toggle it to on.
   

It’s important to understand that if you turn this on, all calls from numbers that aren’t in your contacts will be rejected automatically. Most people receive legitimate calls from unknown numbers from time to time, such as a meeting reminder or an important call from someone using a friend’s phone. We recommend using this method only in extreme cases, such as if you receive much spam. Otherwise, you might miss important calls.

How to Stop Scam Likely Calls

Protecting your cell phone number is the best way to prevent scam calls. You need to add your number to the National Call Barring Registry to do this. Unfortunately, this does not stop all calls, but it will filter out annoying telemarketing and other such garbage.

You also have to be careful when you’re sharing your number. Nowadays, almost every online ad, account, and other services will ask for your phone number. Plus, in some cases, companies can share your number with affiliates for marketing purposes. So think carefully before sharing your number with anyone online. Instead, you can sign up for a free Google Voice number and use it as an additional method of communication. The plus side of this method is that if you provide this number for all secondary services, you can always disconnect the number and not worry about incoming calls, even if they are spam.



The post Scam Likely Calls: How to block them? appeared first on Gridinsoft Blog.

]]> https://gridinsoft.com/blogs/how-to-block-scam-likely-calls-iphone-android/feed/ 1 12677 https://gridinsoft.com/blogs/windows-defender-security-warning-scam-how-to-remove/ https://gridinsoft.com/blogs/windows-defender-security-warning-scam-how-to-remove/#comments Tue, 02 Jul 2024 09:14:36 +0000 https://gridinsoft.com/blogs/?p=12958 Have you ever encountered a Windows Defender security warning pop-up while browsing? This type of malicious activity is designed to trick you into contacting scammers. Fortunately, you can quickly get rid of it. Here, we will explain how to remove this scam and protect yourself from other viruses. What is the Windows Defender Security Warning?… Continue reading Windows Defender Security Warning

The post Windows Defender Security Warning appeared first on Gridinsoft Blog.

]]> Have you ever encountered a Windows Defender security warning pop-up while browsing? This type of malicious activity is designed to trick you into contacting scammers. Fortunately, you can quickly get rid of it. Here, we will explain how to remove this scam and protect yourself from other viruses.

What is the Windows Defender Security Warning?

This warning is the result of scareware or a phishing scam. Its purpose is to redirect you to a webpage that visually resembles the official Microsoft website. However, the URL does not match the official site. The page may display a message claiming that your computer is infected with malware and that you need to contact a support agent by phone to fix the problem.



Unfortunately, the notification looks like a legitimate Windows message, making it especially dangerous – many users may not even attempt to verify i= on Google. Scammers commonly make the pop-up as convincing as possible so that people don’t suspect anything is wrong. The provided phone number will likely connect you to a fraudulent call center. The agent may try to get you to install malware to infect your computer, steal your personal information, or demand money for fake services.

Why is the Windows Defender Security Warning False?

At first glance, you might mistake this for a legitimate warning from Windows Defender. However, if you’re familiar with Windows Defender, you’ll notice differences from a genuine notification. Therefore, please do not call the phone number provided in the window because it is not a real alert. Here’s why:

• It’s not the Windows Defender interface. Windows Defender, also known as Windows Security, is a built-in Windows application with a different interface. It will never display a browser pop-up or webpage; it uses system notifications instead.
• Strange text and typos. A banner or page showing a Microsoft Defender alert often contains strange text designs and grammatical and stylistic errors, which sharply contrast with the short and informative Defender notifications.
• Microsoft never provides contact numbers for users. Users can contact Microsoft support through the “Get Help” application if they encounter problems.

This Windows Defender security alert is flawed in both format and content. It’s often a low-level phishing scam aiming to sell a rogue antivirus service, which can harm your computer. In some cases, you might not be able to close the alert or switch to other applications.

Causes of the Windows Defender Security Warning

There are several reasons why you might see a Windows Defender security warning. Here are the most common ones:

• You clicked on an ad that redirected you to a fake site.
• You visited a hacked website that redirected you to a fraudulent page.
• You have a malicious program installed on your device, often a result of adware activity.

There are also many other ways you could be exposed to fraud, depending on various factors, such as the external devices you share with others. Simply closing the window may not solve the problem, especially if adware is causing it. The pop-up message may appear every time you open your browser.

How to Remove the Windows Defender Security Warning

Since the Windows Defender security warning appears in your browser, most actions to get rid of it are related to your browser. These steps can help resolve the issue of Windows Defender security warning pop-ups:

• Force close and reopen your browser.
• If the problem with redirecting to a fraudulent page persists, reset your browser (instructions below) or reinstall the browser completely.
• If this continues, you may have adware or a PUP (potentially unwanted program) installed on your computer, and you need to remove it.

If you’re unsure which installed application is causing the pop-up notifications, install antivirus software to detect and remove the infection from your computer.

How to Clear the Browser from the Windows Defender Security Warning

Resetting your browser settings is one of the first steps to eliminate the Windows Defender security warning scam. Here are the instructions for different browsers:

Remove the Windows Defender Scam from Chrome

1. Click on the three vertical … in the top right corner and Select Settings.
   
2. Select Reset and Clean up and Restore settings to their originals defaults.
   
3. Click Reset settings.
   

Remove the Windows Defender Scam from Firefox

1. Click the three-line icon in the upper right corner and select Help
   
2. Select More Troubleshooting Information
   
3. Select Refresh Firefox… then Refresh Firefox
   

Remove the Windows Defender Scam from Microsoft Edge

1. Press the three dots
   
2. Select Settings
   
3. Click Reset Settings, then Click Restore settings to their default vaues.
   

Remove the Windows Defender Scam from Safari

1. Open the terminal (press ⌘ Command + Spacebar to open the spotlight, type “terminal” and press “Enter”)
2. Enter these commands one at a time. Execute each command by pressing “Enter” after copying it into the terminal:


rm -Rf ~/Library/Caches/Metadata/Safari;
rm -Rf ~/Library/Caches/com.apple.Safari;
rm -Rf ~/Library/Caches/com.apple.WebKit.PluginProcess;
rm -Rf ~/Library/Preferences/Apple\ -\ Safari\ -\ Safari\ Extensions\ Gallery
rm -Rf ~/Library/Preferences/com.apple.Safari.LSSharedFileList.plist;
rm -Rf ~/Library/Preferences/com.apple.Safari.RSS.plist;
rm -Rf ~/Library/Preferences/com.apple.Safari.plist;
rm -Rf ~/Library/Preferences/com.apple.WebFoundation.plist;
rm -Rf ~/Library/Preferences/com.apple.WebKit.PluginHost.plist;
rm -Rf ~/Library/Preferences/com.apple.WebKit.PluginProcess.plist;
rm -Rf ~/Library/PubSub/Database;
rm -Rf ~/Library/Safari/*;
rm -Rf ~/Library/Safari/Bookmarks.plist;
rm -Rf ~/Library/Saved\ Application\ State/com.apple.Safari.savedState;


What to Do if the Problem Persists?

If you have followed all the steps above and still see this warning every time you use a web browser, it is a clear sign that malware is still on your computer. You can use professional antimalware software such as GridinSoft Anti-Malware to scan your computer and remove any viruses or malware found. After taking such drastic measures, the antimalware software will remove and neutralize more dangerous cyber threats that could cause severe damage to your files.



Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

Download Anti-Malware

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.



Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.



How to Avoid Scams like the Windows Defender Security Warning

As mentioned earlier, the Windows Defender security warning scam is not the only threat you may encounter on your computer. There is much more severe malware on the Internet, and as a prudent user, you should take every precaution to avoid them. Here are some basic tips:

• Ensure your OS and apps are up to date
• Only download apps from official websites
• Avoid clicking on random links without knowing where they will take you
• Don’t download suspicious apps
• Do not open attachments in suspicious emails
• Use an ad blocker to block malicious ads
• Use advanced antivirus software

Your computer should now be clean and free of Windows Defender scams. To prevent this from happening again, practice good online hygiene to protect yourself from fraud. Perform regular scans and use malware protection to stop threats before they happen.

The post Windows Defender Security Warning appeared first on Gridinsoft Blog.

]]> https://gridinsoft.com/blogs/windows-defender-security-warning-scam-how-to-remove/feed/ 2 12958 https://gridinsoft.com/blogs/mcafee-popups-chrome-stop/ https://gridinsoft.com/blogs/mcafee-popups-chrome-stop/#comments Sat, 29 Jun 2024 08:47:57 +0000 https://gridinsoft.com/blogs/?p=11201 It’s a good tone to be concerned about safety on the Internet. It’s ok when you have antivirus software installed, and it sometimes sends you a threat alert. However, getting notifications from an application you don’t use or haven’t even installed is a reason to think twice. For example, you may have heard of McAfee,… Continue reading How To Stop McAfee Pop-ups

The post How To Stop McAfee Pop-ups appeared first on Gridinsoft Blog.

]]> It’s a good tone to be concerned about safety on the Internet. It’s ok when you have antivirus software installed, and it sometimes sends you a threat alert. However, getting notifications from an application you don’t use or haven’t even installed is a reason to think twice. For example, you may have heard of McAfee, which some programs offer to install as additional software, so many people are not confused by alerts from that application. Seeing such notifications too often can negatively affect your online experience. So, let’s review some tips and tricks that help you to stop McAfee pop-ups on Chrome.

What are McAfee Pop-ups? Is It McAfee Scam?



McAfee pop-up notifications can be divided into two types: legitimate ones, which are sent by a browser extension, and fake ones, which are sent by adware installed on the system. But how to stop them? Suppose you have deliberately installed a McAfee browser extension. In that case, it is expected that you will see pop-up notifications from it. On the other hand, if you have no McAfee installed as the app or the browser extensions in Chrome, these are probably fake McAfee pop-ups. Next, we’ll figure out how to disable unwanted pop-up notifications in Chrome and solve the problem of fake notifications.





How to Stop McAfee Pop-ups on Chrome?

You can use Incognito mode in Chrome, temporarily removing the pop-up notifications from McAfee. However, if you need to block them completely, you can do so in Chrome’s notification settings. Alternatively, you can restore Chrome’s default settings. However, if you need to keep all your saved data and browser settings, we have several other options listed below.

Block notifications from McAfee

First, you can block push notifications from any site in Chrome, including the McAfee site. This is the most straightforward action you can take to hide all pop-up notifications from McAfee.

1. Click the three vertical dots, then “Settings“.
   
2. Click “Privacy and security” ⇢ Site Settings.
   
3. Select the “Notifications” option.
   
4. Select “Don’t allow to send notifications“.
   
5. Click the “Add” button next to the “Not Allowed to Send Notifications” section.
   
6. In the “Add Site” window, add the website URL for what you want to stop receiving notifications and click “Add“. In this case, it is a McAfee site.
   Alternatively, click the “Extra Actions” button (three vertical dots) next to the specific site and click “Remove“.

Remove the McAfee Chrome extension

If the first method didn’t work, and you still get the pop-up notifications from McAfee when you open Chrome, chances are that your system is infected by adware. However, to be sure, you can uninstall the McAfee Chrome extension. If necessary, you can always reinstall it later from the Chrome Web Store.

1. Launch the Chrome app. Click the three dots in the top right corner.
   
2. Then select More Tools ⇢ Extensions.
   
3. Turn off the McAfee Extensions button.
   
4. Restart the Chrome app and make sure it’s not running. Or, click the “Remove” button on the McAfee extension to remove it from Chrome.
McAfee scam email is a dangerous form of phishing scam that centers around your account with this antivirus vendor.


Scan Your System for Viruses

It is possible for malware to force the appearance of the McAfee pop-ups and the consequent Subscription Expired page. In particular, adware and browser hijackers are two malware types that do this nasty trick particularly often. They bring profit to their masters by throwing users of infected systems to unwanted websites, with the fake McAfee sites being just one of the examples. And to get rid of the malware, the anti-malware software scan is needed.



Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

Download Anti-Malware

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.



Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.



The post How To Stop McAfee Pop-ups appeared first on Gridinsoft Blog.

]]> https://gridinsoft.com/blogs/mcafee-popups-chrome-stop/feed/ 3 11201 https://gridinsoft.com/blogs/geek-squad-email-scam/ https://gridinsoft.com/blogs/geek-squad-email-scam/#comments Thu, 20 Jun 2024 08:09:21 +0000 https://gridinsoft.com/blogs/?p=10560 Suppose you receive an email from someone claiming to be from Geek Squad. He informs you about a transaction made in your account, but you don’t remember buying anything. This is probably part of the Geek Squad email scam. You may have heard about it somewhere before, so below, we’ll find out how this scam… Continue reading Geek Squad Email Scam

The post Geek Squad Email Scam appeared first on Gridinsoft Blog.

]]> Suppose you receive an email from someone claiming to be from Geek Squad. He informs you about a transaction made in your account, but you don’t remember buying anything. This is probably part of the Geek Squad email scam. You may have heard about it somewhere before, so below, we’ll find out how this scam works, how to avoid it, and what you can do if you’ve already fallen victim to it

What Are Geek Squad Email Scams? How Do They Work?

The Geek Squad scam is an imposter scam in which criminals pose as Best Buy Technical Support and offer “help” with devices, accounts, or apps. In reality, these scoundrels are trying to steal your personal information, get you to give them remote access to your devices, or pay for their fraudulent services. Here is the typical procedure of this scam:

• Scammers reach out in any way they can (via email, text messages, phone calls, or fake websites) and pretend to be Best Buy Geek Squad employees.
• They will then claim that your device has been compromised, you owe money for your subscription, or that you need to “prove” your identity by providing confidential information (e.g., credit card numbers, social security number SSN, etc.).
• Sometimes they may even make you download malware or apps to access your device remotely.
• If successful, they trick you into cheating you out of even more money by emptying your accounts, stealing sensitive information on your device, or demanding payment for their services.

Anyone who has dealt with Geek Squad or Best Buy may face a Geek Squad scam. Unfortunately, more than 60% of their victims are over 60.

Geek Squad scams can take many forms, so it’s important to know what they look like so you can detect and avoid them. Below are the most common methods of this scam and ways to identify them.

Geek Squad subscription auto-renewal texts or emails

Perhaps one of the nastiest scams from Geek Squad is that scammers send emails or text messages claiming that you have signed up for the Geek Squad subscription service. You will be billed hundreds of dollars unless you cancel your subscription. The message has a phone number to call if the payment is a “mistake”. However, they will ask for your credit card or other banking information to “get your money back” if you call that phone. Fraudsters use this information to commit financial fraud.



This fraud can often turn into a “refund scam.” This happens when scammers use stolen accounts or credit cards to send you extra money and ask you to “reimburse” the difference. Unfortunately, when the original account holder reports the fraud, you will lose the entire amount and everything you sent to the fraudster.

Identifying a scam:

• You receive an invoice or automatic renewal notice for Geek Squad services you did not request.
• The message is not from a BestBuy.com email address, contains spelling or grammatical errors, and does not use the correct Geek Squad logo.
• The number listed in the message is not the official Best Buy number.

Emails pressuring to download fake antivirus software

In this scam, fraudsters pass themselves off as Geek Squad technicians and tell you that your device is infected with malware. So they force you to download the “antivirus software” or give them remote access to your device. In both cases, you give the hackers full access to your device and your sensitive information, photos, or videos. The “antivirus software” hides malware that allows hackers to spy on you and your computer. Giving hackers remote access means they can do whatever they want with your device.

How to identify a scam:

• You receive an unwanted phone call or e-mail claiming that your device is infected with a virus. No one can tell you if your computer has been hacked without access.
• Fraudsters request remote access to your device to “fix” the problem. Always be careful if someone asks you to download software or wants access to your computer.

Tech support phone call scams

Unfortunately, these nasty guys often annoy their victims over the phone. If you are on the phone, the scammers force you to send them money for their services or make you download malware onto your devices.

Here are the two main ways phone scammers call you:

1. Scammers call you, claiming that your device is infected with malware or that you owe money for services.
2. Scammers create fake Web sites that provide fraudulent phone numbers for Geek Squad. Then, when you call, they route the calls to their phones and start the scam.

Detecting the fraud:

• You receive an unsolicited phone call from Geek Squad or another tech support group. These companies will rarely contact you directly. So be careful of anyone who calls you unsolicited.
• Once you get on the phone, the scammer won’t let you get off. Instead, they will do and say anything to keep you talking.

Browser pop-ups with alerts that your device is infected

Sometimes scammers use pop-ups on websites (often adult websites and illegal streaming platforms) and claim that your device is infected and requires immediate action. If you click on the pop-up, you will automatically download what looks like antivirus but is malware, adware, keylogger, or ransomware.



Spotting the fraud:

• No browser plug-in can check your device for viruses. So if you get a message that your device is infected, it’s a scam.
• Beware of device cleaner apps, as they often contain malware. If you are unsure about an app or software, google its name + “scam” or “safe”. If you have an installation file, you can check it here.

BestBuy.com password reset scam

Scammers send emails purporting to be from Best Buy, claiming that your “password reset didn’t work. The email will appear genuine and contain a link to update your account, even if you don’t have one. If you click on the link, it will take you to a site identical to the “BestBuy.com” login page. It’s a phishing site whose purpose is to steal your personal information. So, if you enter your real username and password for your “BestBuy.com” account, fraudsters will get that information and use it to make fraudulent purchases, buy untraceable gift cards, or steal your financial information.



How to detect this scam:

• You get an email to reset the password for an account you don’t have.
• When you click on the link, you are taken to a site that is not secure or not in the official “BestBuy.com” domain.

Accidental refund or overpayment scams

Scammers send you more stolen money than you expected, then ask you to “refund” the extra amount. If you call support, they will ask you to complete a form to proceed with a refund. But the form doesn’t work, so the support agent will ask for remote access to your desktop to help you complete the refund. As a result, you will lose the entire amount of money – the supposed refund and the “accidental” extra money.

Detecting this trick:

• Fraudsters ask to access your computer remotely to facilitate a refund.
• You have been told about a “refund” for more than the amount on your bill. If this happens, do not send the money. Instead, wait a few days for the funds to be transferred, or contact your bank and let them know what happened.

Fake Offers: Protection Service Plan

Although not as dangerous as other Geek Squad scams, this useless protection plan can still cause damage. In this scheme, scammers posing as specialists contact you by phone or e-mail to sell you protection services, such as antivirus. But these “tools” either do nothing or contain malware.

How to understand this is a scam:

• The tool has no online reviews or is not listed on popular review sites.
• Scammers contact you to try to sell you digital security services. An unsolicited email or phone call indicates that you are dealing with a scammer.

What to do when you become the victim of the Geek Squad email scam

If you have been the victim of a Geek Squad email scam, here’s what you should do:

• Never do anything you are told if you have been in contact with scammers.
• Block the number you just dialed so that scammers won’t contact you again.
• If you have provided personal information, such as credit card information, contact your bank immediately and have your funds blocked.
• Immediately change your login information if you signed up through a link that scammers sent you from your email address. You should not use the same login information for multiple accounts, but unfortunately, many people do it anyway.
• If you’ve downloaded software or any files from email, delete them. Check your computer for viruses!


Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

Download Anti-Malware

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.



Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.



How to Avoid This Scam?

When you receive an email from Geek Squad and fear it may be a scam, you’ve done half the work of preventing it. Never send personal information by email or any other method. Likewise, don’t reply to the email or call the number listed. It would help if you remember some rules to avoid falling for scammers’ tricks: avoid clicking on links and do not download attachments. It’s better to delete the letter altogether, as well as to block the sender. To summarize, it can be said that ignoring a fraudulent Geek Squad email and blocking the sender is the best way to avoid many problems.

The post Geek Squad Email Scam appeared first on Gridinsoft Blog.

]]> https://gridinsoft.com/blogs/geek-squad-email-scam/feed/ 2 10560