«
»

A SiriusXM #Scam Is Making The Rounds…. With A Twist

I woke up this morning to a new and different scam email sitting in my inbox:

Now anyone who has a car that was made in the last two decades or so likely has a SirusXM radio in it. And most of us buy the car, use it for the free trial period, and never use it again. So a free 90 day offer to use the SirusXM radio may entice some to click the “Extend for Free” button. Which by the besides looking weird because of the yellow bar above the button, doesn’t go to SiriusXM.com:

Simply hovering my mouse over the button indicates that this is some sort of phishing website and not something that SirusXM controls. An example of that is sirusxm.com. Now this is the part of this article where I tell you to never click anything on the email. But because I want to find out what the scam is all about, I did click the button. Here’s what I got:

It took me to website that looked just like the email. And it wanted to send me notifications as well as evidenced by the prompt on the top left that appeared. Now what notifications could it possibly want to send me? How about these ones?

So we now have fake pop ups that are warning you that your McAfee has expired today. What happens when you click on this pop up. Which by the way, you should never do:

OMG! I am infected with 3 viruses. Well actually I am not because this is totally fake. The threat of your “personal and banking information” being at risk is meant to encourage you to click the proceed button along with the countdown clock. Neither of which any legitimate antivirus program would have. Clicking the proceed button takes you to an odd place:

It takes you to what appears to be the real Avira website. At first that seems odd. But looking at the URL, it shows that this is a referral link. Meaning that the scammer is trying to make money by using the pop ups to get a cut of any sales of Avira Antivirus Pro. It would be a shame if Avira found out about this. Which by the way, they are going to find out about this when I send them the referral link and explain what is going on.

But this scammer isn’t done yet. Let’s go back to the SirusXM part of this. Here’s what you get when you click on “Extend for Free”:

So it’s the usual “let’s get you to fill in your credit card details so that we can go on a shopping spree on your nickel” scam. And it has logic to check for the validity of credit card numbers.

The bottom line, is that this scammer is trying to make money in two ways. That’s pretty bad and I’ll be alerting both SiriusXM and Avira about this so that they can both deprive him of some cash. In the meantime, if you get this email you should delete it and go on with your day.

This entry was posted on December 6, 2023 at 9:04 am and is filed under Commentary with tags . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “A SiriusXM #Scam Is Making The Rounds…. With A Twist”

  1. Rick Slupski Says:
    February 7, 2024 at 12:30 pm

    It’s still active n going on as I just got the email today with a similar links bs..2/7/24

    Reply

Leave a Reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading