Serving Larchmont Village, Hancock Park, and the Greater Wilshire neighborhoods of Los Angeles since 2011.

‘Tis the Season…for Holiday Scams

 

If you’re anything like us (or tens of millions of other folks), you’re probably doing a lot of online shopping this holiday season, and maybe also a lot of holiday-season shipping…or waiting for things that are being shipped to you.  So you may be expecting, or at least not surprised, to receive emails from businesses such as PayPal, UPS, specific retailers, or companies such as Geek Squad that supply  extended warranties or service contracts for gifts you may have purchased.

But beware.

At this time of year, at least some of those emails can be very well-timed (and very official-appearing) scams, which are not tied to your legitimate purchases in any way…and which do have the potential to do some real financial harm.

And, yes, we get these phishing notes too.  Here are just a few of these thinly (or not so thinly) veiled scam attempts our Buzz staff have received in just the last week or so…along with some notes about how to recognize the scams, and how to keep yourself (and your personal/financial information) safe if you receive similar messages.

 

PayPal

 

Many of us use PayPal to pay for specific purchases, especially through websites like Ebay or Etsy, or from non-chain retailers or independent craftspeople of various types (not to mention some of the plumbers, carpenters, and other service people we use year-round).  So it’s common at this time of year to receive at least a few PayPal confirmation notices, and/or PayPal fund requests if that’s how a particular vendor is set up.  But make sure you read any such notices carefully, and that you’re absolutely certain, before paying for something through an email that comes from PayPal, that it’s for something you actually purchased.

We’ve seen two different versions of PayPal scams in the last couple of weeks, both arriving as emails branded with the actual PayPal logo, a big blue “View and Pay Invoice” button about half way down the page, and lots of official-sounding anti-scam text in the small print at the bottom of the note, which makes it look like could indeed have come from PayPal. Here’s what the email looks like (minus the graphics and some personal name and address info).

 

From: Christian Perez <[email protected]>
Subject: Reminder: Payment due for the Invoice INV2-YM94-XZHU-H2EK-HEFY
Date: December 15, 2022 at 7:09:13 AM PST
Reply-To: Christian Perez <[address removed]@gmail.com>

Hello, [recipient name removed]

Please pay your invoice
Christian Perez would like to remind you to pay invoice 0017.
Amount due: $699.99 USD
Due on receipt

View and Pay Invoice

Buy now. Pay over time.
Simply select PayPal Credit at checkout and enjoy No Interest if paid in full in 6 months. Subject to credit approval. See terms. US customers only.

Seller note to customer
Your Payment of $699. 99 to TREND MICRO® LLC appears to have been unauthorized. If you did not make this transaction contact us @ +1-(888)-681-0523

Don’t know this seller?
You can safely ignore this invoice if you’re not buying anything from this seller. PayPal won’t ask you to call or send texts to phone numbers in an invoice. We don’t ask for your credentials or auto-debit money from your account against any invoices. Contact us if you’re still not sure.

PayPal
Help & Contact | Security | Apps
Twitter Instagram Facebook LinkedIn
PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing
Please don’t reply to this email. To get in touch with us, click Help & Contact.
Not sure why you received this email? Learn more
Copyright © 1999-2022 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.
PayPal RT000274:en_US(en-US):1.3.0:02fc3f898c6e5

 

How You Know It’s Fake…

As with almost all scam emails, there are several good clues here that this is not legitimate.  They include:

  • While the “From” address in the email header does look like a real PayPal address, the “Reply To” address a couple of rows down is a GMail address, and NOT a PayPal address. Legitimate PayPal emails would direct replies to a PayPal.com address.
  • The email both asks for a payment and then claims the “payment” is unauthorized.  It seems to be playing both sides of the fence, asking for money and at the same time warning that a payment perhaps already made may not be legitimate.  Again, not something you’d typically find in a real PayPal notice.
  • You probably don’t remember buying anything from “Trend Micro, LLC” (which is a legitimate company)

…and What You Should/Shouldn’t Do

  • If your suspicions have been aroused by any of the items above, DO NOT CLICK on any links above, or call any of the phone numbers in the email.  While some of the links (especially those in the fine print) may go to actual PayPal.com pages or addresses, the major links – like the email reply-to, and the big blue payment button – probably do not.
  • Google the name of the company the payment request seems to be coming from.  In this case, Trend Micro, LLC is a real company, but it may not look familiar to you, and you may not remember doing business with it.
  • Google some of the key words from the email, to see if it’s something anyone else has received and had questions about.  In this case, it’s pretty easy to turn up confirmation that this is indeed a scam that other people have received:

 

 

UPS/Shipping Notices

 

Is there anyone who isn’t tracking or expecting to receive packages at this time of year?  Again, this is so common that when you see a notice from a shipping company like UPS or FedEx come in, saying there’s a problem with a delivery, you’re likely to click on it without reading too carefully.  But again, it’s especially important to take that extra moment and notice the details.  Here’s an email we received a couple of days ago, again with familiar logos and branding graphics:

 

from: ®MyUPS’Quantum_View <[address removed]@yoga.co.jp> via srs.pair.com
to: [name removed]
date: Dec 21, 2022, 10:38 AM
subject: MyUPS Shipment Notification 1ZY3507062421828115
mailed-by: srs.pair.com
security: Standard encryption (TLS) Learn more

Dear [name removed],

The delivery address provided for this parcel is incomplete and is required further details.

Your package is on hold.
Global Shipping & Logistics Services | UPS – Canada

Missed Delivery

12/21/2022 6:38:35 PM
Track Your Package ›
®UPS Private Package

1ZGW35070624218281153
You will be prompted to accept Terms and Conditions to change delivery.
2022 United Parcel Service of Canada, Inc. UPS, the UPS brandmark, and the color brown are trademarks of United Parcel Service of Canada, Inc. All rights reserved.
Please do not reply to this email.
Manage Delivery Alerts | Privacy Notice | Service Terms | Opt Out

 

How You Know It’s Fake…

This one is actually easier than the first one:

  • If you look at the very first “from” line in the address, although it says “MyUPS Quantum View,” the address it shows next to that name is NOT a ups.com address.  Instead, it goes to something at yoga.co.jp…definitely not your friendly brown truck company.
  • Something about the grammar is off.  First, in the first line of text after the Dear customer opening, “is required further details,” is not correct English, and not something that would have been approved by UPS’s corporate communications department.  A few lines down, “Your package is on hold,” while OK grammatically, is not really idiomatically correct.  People (and companies) whose first language is English would be more likely to say something like, “Your package could not be delivered,” or “Your package is being held for further delivery information.”
  • Also, if you mouse over the “Track Your Package” button/link, you’ll see the address it links to is also not a UPS.com page, but something at S2.amazon.aws.com, a web services/hosting platform owned by Amazon.  Wrong place.

…and What You Should/Shouldn’t Do

  • Again,  DO NOT CLICK on any links here.
  • Do Google the supposed tracking number listed at the bottom of the note (1ZGW35070624218281153). A real UPS tracking number will bring up a link to track that package through the actual UPS website.  The long number at the bottom of this note does not bring up any such results or links in a Google search.
  • Ignore or trash the email.

 

Extended Warranties or Computer Service Contracts

 

This version of the email scam targets the many, many people who buy computers and/or other electronic products at this time of year.  If you’re not one of them, that makes these scams easy to spot or ignore.  But if you did buy some sort of electronic item, you might not be surprised to see a warranty purchase, or contract renewal notice, pop up in your email…from either a retail vendor such as Best Buy, or a service company – such as Geek Squad – that contracts through Best Buy or another well-known vendor.  Here’s a recent example:

 

Geek Squad Warranty

John N. Graves <[address removed]@gmail.com>
Wed, Dec 21, 6:28 AM (1 day ago)
to [name removed]

Date: 21 December, 2022
Gêêk Squãd (Plan Update)

Helpline Number +1 888 750 2432

INVØICE

Hello Customer [name removed]

Once more, welcome to our business. And we are happy to learn that you have decided to use our services once more.

Your 5 devices are protected by an Anti Protection Plan through our internet services. The purpose of this email is to let you know that your plan’s validity is about to expire today.

As a loyal customer, it is our responsibility to resume your services. So, as we inform you, we also let you know that your services are restarting.

And for this a charge of $379.99 will be deducted from your account within 24 hours. If you need any information related to our services or you need any information related to this transaction.

ORDER INFORMATION:-
Plan Order: Geêk SS Pro Advanced Shield
Order Id: GSS709252469254
Renewal Date: 21-Dec-2022
Valid Till: 21-Dec-2023
Payment Mode: Auto-Debit
Total Amount: $379.99

So you can also get your services switched on or off by talking to our customer care executive on this toll free number:- (+1 888 750 2432 )

Yours cørdially,

John N. Graves
Support Team – Gêék Squad Tech

 

How You Know It’s Fake…

  • You don’t remember purchasing a warranty or Geek Squad contract
  • The person the email is from has a GMail and NOT a Geek Squad address
  • There are many more grammar, syntax and idiomatic errors than you’d expect from a legitimate notice from an American English-speaking company
  • There are odd character accents and diacritical marks in the letters used in otherwise standard English words

…and What You Should/Shouldn’t Do

  • Do not click on any links in the email
  • Do not call the phone number in the email
  • Trash or ignore the message

 

Sound-Alike/Look-Alike Companies

 

Related to the fake Geek Squad email above, we’ve also recently received a similar notice from “Geek Services,”  which does exactly what the fake Geek Squad email does, but without directly stealing the Geek Squad name:

 

Geek Services <[name removed]@gmail.com>
Wed, Dec 14, 9:43 AM (8 days ago)
to [name removed]

Service confirmation
ID #GQ-DEC14-293899916

Hello Subscriber,

Thank you for choosing Geek Total Tech Protection.

Your annual subscription has been auto-renewed as you have opted for it.

Now your services are valid for another one year till Dec 14, 2023. We promise to serve you in the same way as we have been serving.

If you wish to stop this subscription, reach us at +1 (8 4 4) 2 2 7 – 2 8 1 0

Renewal details
Subscription renewal
Renewed on 2022-12-14
Total Tech Protection
Annual Subscription
05 Devices

USD 345.49

Mode: Auto-Debit
Total: USD 345.49
If you don’t recognise this charge, inform us immediately +1 (8 4 4) 2 2 7 – 2 8 1 0 . We are here to assist you in every aspect.

We hope to see you again soon!
Geek Services

This email was sent from a notification-only email address that can’t accept incoming email. Please don’t reply to this message.

 

How You Know It’s Fake…

  • You don’t have an annual contract covering five devices, with any warranty or service company
  • “Geek Services” is a rather poor copy of the more familiar “Geek Squad”
  • The “From” address is a GMail address, and not from a specific product or service company
  • There are many grammar errors in the text
  • Interestingly, there are no links in this message, only phone numbers

…and What You Should/Shouldn’t Do

  • Do not call the phone number in the email
  • Trash or ignore the email

 

Credit Cards

 

As with payment and shipping services, it’s highly likely that we’re all giving our credit cards a workout this month.  And you may receive one or more notices that there has been a questionable purchase on one or more of your cards…which can be a very legitimate inquiry from your credit card company, or a scam.  We’ve received a couple of these this month.  Here’s one that looks like it’s from American Express:

 

Amex

Amercan Express [name removed]@comcast.net via srs.pair.com
Mon, Dec 19, 11:19 AM (3 days ago)
to [name removed]

Your Account Number Ending: 37*****

Dear Card Member:

Did you recently use your card ?

To help protect your identity your access to your credit has been paused, We want to be sure that you made this transaction.

See americanexpress.com/inv/s2pfq829 Have your card handy, Sign ln and follow the simple step, Then our intelligent security system will connect you back instantly.

Thank you for your Card Membership,
Amex Customer Care

****************************************************************************************************************

Please do not reply to this email as we do not accept messages to this email address.

© 2022 American Express. All rights reserved.

This email was sent to: %E-mail_address%

 

How You Know It’s Fake…

I’ve been traveling this month, which makes it more likely than ever that I might get one of these notices, which are often generated if a charge comes through from a location or city where you don’t usually shop.  But there were still good clues here:

  • I have several credit cards, but no currently active American Express account
  • The “from” address is comcast.net, NOT American Express
  • Grammar/syntax/punctuation errors

…and What You Should/Shouldn’t Do

  • Do not call the phone number in the email
  • Trash or ignore the email

 

In general, most savvy shoppers and email users won’t have too much trouble identifying most of these scams.  But the best rule to follow is always “if it looks suspicious, for any reason, it probably is.”

If you do have any questions about a notice’s legitimacy, and you have done business recently with the company it appears to be from, look for one of the “tells” above…or just go directly to the company’s website using its direct URL (e.g. ups.com, bestbuy.com, or americanexpress.com), rather than clicking the links in the questionable email.  Once you’re at the legitimate website, you can log in directly (if you already have an account),or search the site for a legitimate customer service phone number if you’d prefer to speak to someone in person.

The holiday season is stressful enough without the added angst of falling victim to a scammer…but if you take a few extra moments to read carefully, or to investigate when something seems even just a bit off, it’s usually pretty easy to stay safe.  Happy holiday shopping!

 

Print Friendly, PDF & Email
Elizabeth Fuller
Elizabeth Fuller
Elizabeth Fuller was born and raised in Minneapolis, MN but has lived in LA since 1991 - with deep roots in both the Sycamore Square and West Adams Heights-Sugar Hill neighborhoods. She spent 10 years with the Greater Wilshire Neighborhood Council, volunteers at Wilshire Crest Elementary School, and has been writing for the Buzz since 2015.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Calendar

Latest Articles

.printfriendly { padding: 0 0 60px 50px; }