Tech support scammers trick victims into old-school offline money transfer
We’re all familiar with tech support scams – where the unwary are tricked into granting remote access to their computers by fraudsters, in the belief that the “tech support person” will fix a non-existent “problem” (such as a “virus infection”) or make a refund after claiming that there has been fraudulent activity detected on an account.
It’s not uncommon for the fraudster, who can put their well-honed social engineering skills to play when talking to their intended victim, to make it appear as though they have accidentally transferred too much money into their target’s online bank account, and tells the victim to return the extra cash or the scammer will lose their job.
Often times the victim will be asked to wire money, or put money on a gift card, or use cryptocurrency or a money transfer app – as these are transfers that are hard to reverse.
However, according to a new bulletin from the FBI, tech support scammers are increasingly telling their victims to send actual cash, concealed in a newspaper or a magazine, via a shipping company.
Quite why scammers are using this rather old-school offline method of receiving money is unclear, but it’s possible it is related to action taken by the FTC against payments firm Nexway, which has been accused of knowingly processing fraudulent credit card payments on behalf of tech support scammers.
Would it be a surprise if tech support scammers who had been deprived of their normal routes of receiving funds, looked for other methods which helped it conceal payments from detection by the authorities?
Most recently, according to the FBI bulletin, scammers have instructed their victims to ship the money packages to retail businesses that are able to receive shipping company packages on behalf of their customers.
The FBI is asking anyone who has received, or fallen for, such scams to contact the FBI Internet Crime Complaint Center (IC3), including details of:
- The name of the person or company that contacted you.
- Methods of communication used, to include websites, emails, and telephone numbers.
- The address where the cash was shipped and the recipient name(s).
My guess is that most readers of State of Security are unlikely to fall for a scam like this. Would we really be tricked into sending concealed money in a package to a random address because someone claims to represent a legitimate company? I think it’s unlikely.
But the truth is that you may have friends or relatives who are less security-savvy and are more vulnerable to being scammed. And if they have “seen” with their online eyes what appears to be an accidental deposit in their bank account (when in truth it is the manipulation of a browser window by a remote scammer) they may find it hard to disbelieve.
And don’t make the mistake of thinking that it is just the elderly who may be tricked into tech support scams. A 2021 study by Microsoft discovered that Gen Zers (aged 18-23) and Millennials (aged 24-37) were also prone to losing money to scammers.
It is essential for all of us with an interest in cybersecurity and online privacy to ensure that we help our loved ones, and those who may be more vulnerable to scammers than ourselves, to share advice on the tricks used by online fraudsters, and keep a watchful eye.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire.