Scammers Build Fraud Campaigns Around Free Piano Offers


Scammers are betting that if people are offered a free – yet unsolicited – piano, somebody will jump at the deal. That appears to be happening.

According to threat researchers at cybersecurity firm Proofpoint, bad actors running multiple ongoing campaigns since January have been using such piano-themed emails to entice targets into advanced fee fraud (AFF) scams. At least one of the scammers comes from Nigeria, wrote researchers Tim Kromphardt and Selena Larson in a report released on Wednesday.

Proofpoint has seen at least 125,000 messages this year that are linked to the piano scam campaign clusters. Most target students and faculty at colleges and universities across North America, though some such email messages have also popped up at healthcare facilities and food and beverages services, the researchers wrote.

The AFF attack occurs when the threat actor sends an email to a target offering a free piano, with the promise coming in the wake of a circumstance such as a death in the family. One example, supposedly sent from a professor in a college to students, faculty, and staff, notes that he is “downsizing and looking to give away his late dad’s piano to a loving home.”

If the target replies, they’re instructed to arrange to have the piano delivered by contacting a shipping company — one that has a fake email address that the threat actor manages. The fraudulent shipping company then tells the victim that they will ship the piano after the target sends them the money for the shipping fee.

One email from a “shipping company” shown by Proofpoint shows a detailed message that includes the name of the company, the details of the piano and three shipping options, where the fees are between $595 and $915.

At the end of the email the scammer tries to ramp up the urgency, saying that the victim is “not the only person inquiring about the piano. “We are going to be delivering it to the first person that pays for delivery.”

A Sour Note: Many Ways to Pay

In the AFF scheme, there are multiple payment options, including Zelle, Cash App, PayPal, Apple Pay, and cryptocurrency. During the scam, the bad actors also try to collect the user’s personally identifiable information, such as names, physical addresses, and phone numbers, Kromphardt and Larson wrote. If a target makes the payment, the bad actors cut off communication.

The researchers found at least one address of a Bitcoin wallet that the fraudsters directed payments to, adding as of this week it held more than $900,000 in transactions. “It is likely that multiple threat actors are conducting numerous different types of scams concurrently using the same wallet address given the volume of transactions, the variations in transaction prices, and overall amount of money associated with the account,” they wrote. “While the email body content of the messages is similar, the sender addresses vary.”

The scammers tend to use freemail email accounts and combine names and numbers in the email address. In addition, most of the piano scam campaigns include variations of the content of the lure emails and contact addresses.

Kromphardt and Larson corresponded with some of the bad actors, interacting via a researcher-managed redirect service. They identified one of the scammer’s IP address and information, which is how they learned with high confidence that at least part of the operation is based in Nigeria.

At Scale: The Long Life of AFF Schemes

AFF schemes are nothing new, dating as far back as the “Nigerian prince” scams that seem to have been around as long as email itself. The UK Finance trade association in its annual fraud report last year noted a 33% year-to-year increase in such scams. Julien Lacombe, senior business development director in the European Union for NetGuardian, a cybersecurity firm that uses AI to battle fraud and financial crimes, did a deep dive on not only the scams themselves but also why people keep falling for them.

“Advance fee scams can take various forms such as lottery scams, inheritance scams, loan scams, employment scams, and also romance scams,” Lacombe wrote. “Each type involves a different narrative, but the central idea remains the same: paying a fee in advance for a promised reward.”

Key Points: Why Some People Fall for Them

There are a number of reasons why people get taken by AFF scams, from a lack of awareness of such schemes to loneliness, financial desperation, or optimism bias – “the belief that negative events are less likely to happen to oneself compared to others” – which can lead to carelessness.

Proofpoint’s Kromphardt and Larson noted that Proofpoint has published other research on AFF schemes that use employment opportunities and cryptocurrency fraud. They reported last year on a campaign in which the bad actors used the promise of jobs in such fields as bioscience and health care to lure students at North American universities. In 2021 Proofpoint wrote about a sophisticated campaign involving crypto, where the scammers sent functioning login credentials to fake crypto exchange platforms.

“In all cases, AFF relies on elaborate social engineering and the use of multiple different payment platforms,” they wrote. “People should be aware of the common techniques used by threat actors and remember that if an unsolicited email sounds too good to be true, it probably is.”

Photo by Wim van ‘t Einde on Unsplash



Source link