Spam trends of the week: Crypto phishing, phony Costco prizes and disaster relief scams are cluttering inboxes this week

We all have an active role to play in remaining safe online, and one easy way you can achieve this is by learning how to spot and react to fraudulent spam emails.

Our most recent “spam trends of the week” episode, courtesy of our diligent researchers at Bitdefender Antispam Lab, further supports our commitment to keeping you informed and scam-free during Cybersecurity Awareness Month and beyond.

Now let’s check the latest scam tendencies threatening your identity and wallet this week:

The crypto deposit gimmick

Cryptocurrency is a hot topic nowadays. Everyone wants a piece of the pie and is looking for the easiest way to double their digital assets. Now, there are plenty of crypto-doubling scams on social media, but the trouble doesn’t stop there.

Our Antispam Lab researchers are warning about a surge of phony crypto-themed correspondence targeting users this week, with scammers impersonating well-known cryptocurrency exchanges or wallet services such as Binance, Coinbase, Trust Wallet and OKX.

The email layout of these fraudulent emails is identical for three out of the four separate crypto-themed phishing campaigns, with scammers only changing the sender’s name in the header. The scam emails originate from IP addresses in China and the US and have been spread globally in an attempt to gain access to users’ accounts.

Say goodbye to your Amazon Prime benefits

Users in the UK, US, Ireland, Australia and Germany have been bombarded with poorly drafted Amazon Prime membership cancellation emails. The usual suspects, in terms of red flags, include:

• A far too long email subject that reads: “Your Prime Membership: Payment declined: Payment method has been declined, please update your payment method so that your order is not canceled and your account is not suspended” - the phrase was likely recycled from another campaign.
• Poorly rendered stock photos
• A warning about a problem with a listed payment method
• Threats of suspending or canceling the account
• The obvious typo “Cusotmer” and generic greeting

Costco wants to send you a prize

Remember that Costco online contest you most certainly didn’t enter? Cybercrooks are counting on it to steal your personal data and money. Online giveaway scams are highly versatile and profitable for scammers who can reuse them repeatedly to dupe unwary internet users. The sample below, targeting users in Canada, says the recipient is one of the lucky participants who’s won an iPhone.

Once the short survey is complete, users are told they must pay a small fee of only $1 to receive their prize.

Natural disaster relief scams

Natural disasters leave victims extremely vulnerable and in need of monetary and emotional support. This is what opportunistic, cold-hearted fraudsters are after in this next email-based scam. They target people with fake disaster relief payments by posing as government agencies or officials to steal highly sensitive data that can be used to commit identity theft crimes.

The sample below is part of a campaign targeting users in the US (most likely the devastating Hawaii wildfires).

The so-called account verification process requires recipients to fill out a form with personal information, including SSN and bank account number, which could allow the threat actors to commit fraud.

How to stay safe

• Remain vigilant against any unsolicited correspondence
• Be wary of requests to provide personally identifiable information. Government officials and financial institutions will never ask for credit card information or other sensitive data via email, phone, or text.
• Don’t click on unsolicited links or attachments you receive in your inbox. Scrutinize all messages that offer too-good-to-be-true deals, gifts, or prizes
• Whenever you receive an alert regarding one of your online accounts, don’t click on any embedded links or buttons. Head to the account directly from your browser search engine or bookmark.
• Use a password manager and a security solution on your device. Password management software such as Bitdefender Password Manager protects you against phishing attacks by only permitting password entry on verified domains, meaning that even if you unknowingly access a fraudulent link, the password manager will not autofill your credentials. Security solutions such as Bitdefender Total Security also protect you with anti-fraud and anti-phishing technologies that block malicious and fraudulent links.

Want to secure your digital life and enjoy a stress-free October?

Opt for a Bitdefender all-in-one security solution to protect all your devices from malicious and fraudulent activity no matter where your online activity takes you.

With Bitdefender's all-in-one plans, you get award-winning antimalware protection and benefit from advanced anti-fraud and anti-phishing filtering systems that warn you whenever you visit a website that may try to scam you. You also get a state-of-the-art Password Manager to help you store your passwords, a powerful Premium VPN with unlimited traffic and Digital Identity Protection.

Don’t forget to think before you click and stay tuned for more spam insights on our blog!