The Spanish OSI (Oficina de Seguridad del Internauta), also known as the Spanish Internet Security Office, issued a number of warnings to alert citizens about new scams involving fake promises of iPhones and the so-called “suitcase fraud.”
While the scam tide is rising, many new frauds appear, and others return in new forms. Social engineering and phishing scams have become the most prevalent tools of cybercriminals to spoof legitimate organizations in order to obtain sensitive information. As such, we have witnessed a spike in SMS and shopping-related scams, which have accelerated during the holiday season.
OSI has notified users of the fraudulent methods currently employed by cybercriminals looking to obtain financial and personal information.
The iPhone scam
Phishing and social engineering are popular tactics to trick users into voluntarily sharing their data. The OSI reports hundreds of emails going around which attempt to get the victim to fill out a survey using the illusory prize as bait - specifically, an automatic entry into an iPhone-13 raffle.
The email appears to use elaborate language, a legal disclaimer, and the option to unsubscribe. However, as in the case of many phishing messages, the email contains grammatical errors.
After clicking the link and filling out the survey, a user gets to choose between six boxes to claim their prize. The first choice is always the wrong one. A user is then invited to choose again, and - oh miracle! - gets a congratulations window pop up in a winning box. If you’d like to claim your iPhone, you have to enter personal information and credit card details, as well as pay € 5.99 for shipping.
Predictably, there is no shipping and no prize - in the best case, a victim will lose € 5.99, and in the worst - their funds on the entered credit. Furthermore, they might fall victim to identity theft, with threat actors attempting to take out loans, claim benefits, and even commit crimes in their name.
The suitcase scam
The suitcase scam is another type of fraud reported by OSI, which is primarily spread via social media platforms and messaging apps, such as WhatsApp, Twitter, and Facebook.
It uses social engineering techniques to impersonate a person the victim knows (such as a relative or friend.) After reaching out via social media, an impersonator tells a lengthy story of how they are traveling home (in this case, to Spain,) but are facing logistical issues (due to COVID-related reasons or missing a flight.) However, their suitcase got stuck in a foreign airport and is currently on its way to Spain. They request a victim to pay for custom costs, which can amount to anything between 500-1500 EUR. To make themselves sound more convincing, they even call a victim posing as a customs agent.
Again, after receiving the money, the threat actor will be nowhere to be found.
Follow these rules to avoid falling victim to these and other types of scams:
- Always check links within an email by hovering over a link (not clicking!) and seeing where it is supposed to send you. If it does not match the sender’s information or your expectations, do not click.
- Watch out for typos and grammatical errors.
- Don’t trust unknown senders, especially those who promise you financial rewards in return for any information.
- If your friend or family member suddenly contacts you with an unusual request, reach out to them via other methods to learn whether their issue is legitimate.
- Use 2FA authentication and a strong password to ensure your personal details are secured.
- Be sensible about money requests on the Internet and trust your gut.
More from CyberNews:
Subscribe to our newsletter