As users, we’ll do just about anything to ensure that our devices run as efficiently as possible. This includes renewing subscriptions to online services we use daily. However, cybercriminals often take advantage of these tendencies as part of their malicious schemes. We saw this in action this week, as Tech Republic recounted two recent phishing attacks impersonating a software subscription company using a “subscription renewal” scam to trap unsuspecting users into giving up their personal and financial information.
How These Phishing Scams Work
These sneaky phishing scams all begin with an email sent to the victim’s inbox containing fraudulent links. The first one is hosted on a fake web domain, which is registered by the website builder Wix – meaning just about anyone could have created the illicit link. The scammer sends out an email telling the user that the software has an updated brand name and that they should renew their subscription to the platform by a certain due date. The email contains a link that says, “Click to Renew,” taking the victim to a submission form requesting sensitive information, including their name, address, and credit card number.
Then there’s the second but similar campaign, which also warns the recipient that their subscription has expired and needs to be renewed by a certain date. However, the link contained in this phishing email is to an actual PayPal page that prompts them to enter their payment details. This sneaky tactic is likely to trip up unsuspecting users since the real subscription service does accept PayPal. However, the payment page on a user’s real account page would not redirect them to the PayPal site, as this phishing scam does.
Protect Your Personal Data
In both schemes, the scammers attempt to harvest either the victims’ software subscription credentials or PayPal credentials by stating that the victim must renew before a specific date. Hackers tend to trick consumers by creating a sense of urgency, as tech-savvy users like you and I consider device software to be an essential part of our everyday lives. Luckily, there are steps that we can take to continue to live our lives free from worry. To avoid the digital drama that comes with phishing scams, follow these tips:
Go directly to the source
Be skeptical of emails or text messages claiming to be from organizations with peculiar asks or information that seems too good to be true. Instead of clicking on a link within the email or text, it’s best to go straight to the organization’s website or contact customer service.
Be cautious of emails asking you to act
If you receive an email or text asking you to take a certain action or download software, don’t click on anything within the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links.
Hover over links to see and verify the URL
If someone sends you a message with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.