Account Upgrade Scam: How It Works
Similar to the Bank Account Upgrade scam, this comes as an e-mail requesting you to update your Facebook, Twitter, LinkedIn, eBay, Apple, iTunes, or PayPal accounts. The scammers inform you that:
– the site is going through a revolutionary change to make communication better.
– your account has been frozen until you take action.
– your account has been suspended or deleted.
To take advantage of the changes and the new system or to recover your account, you are required to log in by clicking on the link provided. The link opens a fake Facebook, Twitter, eBay, or PayPal webpage, which has – just like the real one – spaces for a username and password. The duplicates are very well done, looking similar to the homepage of the above-mentioned websites. If they don't look alike, there might be questions about your login credentials.
Here are three examples of emails that you might get:
Subject: Your Apple ID has been suspended
Text: The following information for your Apple ID was updated on
Shipping and/or billing address
Please confirm your identity today or your account will be disabled due to concerns we have for the safety and integrity of the Apple community. To confirm your identity, we recoomend that you go to:
Verify now (hyperlinked, so you are sent to the scammy login)
Subject: Your PayPal account has been deleted
Text: This message confirms that your PayPal account was deleted. If you didn't delete your account, click on the link below to restore your account immediately:
(button) Recover account
PayPal accounts can be only restored within a short period of time after deletion.
Subject: Your iTunes account has been frozen
Text: Dear iTunes customer, This is an automatic message sent by our security system to let you know that you have 48 hours to confirm your account information. Click HERE (scammy login link) to validate your account. We apologise for the inconvenience caused.
Apple Security Department
How to avoid:
Do not click on their links. It will open look-alike sites asking you for your login credentials. Before writing your username and password look at the web address in the browser. The fake ones look similar to this: http://k2nxw.com/cgi-bin/login/ or www.paypal5281.com. If you are not sure, log into your real account just like you usually do, by typing the web address in the browser by yourself and not using the links provided.