1. Home
  2. Departments
  3. Computer Services Center
  4. Information Security
  5. Scam of the Week

Scam of the Week

 

Thousands of shoppers worldwide pay for an Amazon Prime membership to access special deals and fast shipping. Cybercriminals know this and attempt to use this to their advantage. In this week’s scam, you receive an email alerting you that your Prime membership will soon expire. A link in the email directs you to a PDF file. 

If you open the PDF file, you will be redirected to what looks like an Amazon login page. Even though the login page looks genuine, it’s actually fake and controlled by cybercriminals. If you enter your login information, the page asks for more sensitive data, such as your home address and credit card information. If you enter your personal information and credit card number, your Amazon Prime membership won’t be renewed. Instead, cybercriminals will have stolen your login and financial information! 

Follow these tips to avoid falling victim to an Amazon Prime phishing scam:

  • You should always be cautious when opening an attachment, especially if the email is unexpected.
  • If you’re concerned that your Amazon Prime membership has expired, go directly to Amazon’s official website or mobile app to check its status.
  • Be suspicious of emails that create a sense of urgency or request sensitive information. If you’re unsure an email is legitimate, contact Amazon directly through their official website or customer service number.

It’s tax season in many countries, and cybercriminals are trying to take advantage of this. In this week’s scam, cybercriminals are targeting Pakistani taxpayers. They are sending phishing emails containing attachments that appear to be official tax documents. The email includes an attachment that appears to be an official tax form from the Pakistani government.

Opening this fake file will install malware on your computer. The malware uses Microsoft Management Console (MSC) files, which can be used to run scheduled tasks on your computer. Because the malware uses scheduled tasks, it can stay active for a long time, even if you reboot your computer. This malware will infect your computer, gather your sensitive information, and steal your data. Your taxes won't be paid, but the cybercriminals will!

Follow these tips to avoid falling victim to a malware phishing scam: 

  • Avoid downloading attachments from unexpected emails. Only download attachments and documents from sources you trust. 
  • This attack targets Pakistani taxpayers, but remember that cybercriminals can use similar methods to target residents of any country. 
  • Always access and download tax-related forms from official financial or government websites. When in doubt, visit an official tax-related website.

Millions of people use PayPal to make secure payments online, but cybercriminals have figured out a way to use it maliciously. In this week’s scam, you receive a legitimate email from PayPal requesting that you make a payment. The email is actually from PayPal and even contains a real PayPal link. Even though the email is real, it’s part of a clever trick by cybercriminals. 

The email that is sent to your email address is also sent to an email address you do not recognize. This unrecognized email address actually belongs to the cybercriminals. If you click the link in the email, their email address will be connected to your PayPal account. Once their email address is linked to your account, the cybercriminals will have full access to your PayPal account. They will be able to view all your account details, including your user credentials and financial information!

Follow these tips to avoid falling victim to a phishing scam: 

  • While this scam targets PayPal users, never submit payments after receiving an unexpected email. Instead, navigate directly to an organization’s official website or app to submit a secure payment.
  • Check the email recipients carefully. Be suspicious of emails sent to multiple addresses, especially ones you don't recognize.
  • Remember that emails can be malicious even if the sender’s email address is from a trusted domain. Cybercriminals can gain access to trusted domains to make their scams more believable