One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8509140 |
| Date de publication | 2024-05-29 05:00:00 (vue: 2024-05-29 09:07:32) |
| Titre | Mémoire de sécurité: chantez-nous une chanson que vous êtes l'arnaque du piano Security Brief: Sing Us a Song You\\'re the Piano Scam |
| Texte | What happened Proofpoint recently identified a cluster of activity conducting malicious email campaigns using piano-themed messages to lure people into advance fee fraud (AFF) scams. The campaigns have occurred since at least January 2024, and are ongoing. Most of the messages target students and faculty at colleges and universities in North America, however other targeting of industries including healthcare and food and beverage services was also observed. Proofpoint observed at least 125,000 messages so far this year associated with the piano scam campaigns cluster. In the campaigns, the threat actor purports to offer up a free piano, often due to alleged circumstances like a death in the family. When a target replies, the actor instructs them to contact a shipping company to arrange delivery. That contact address will also be a fake email managed by the same threat actor. The “shipping company” then claims they will send the piano if the recipient sends them the money for shipping first. Lure email purporting to be giving away a “free” piano. Shipping options provided by the fake shipping company. The actor requests payment via multiple options including Zelle, Cash App, PayPal, Apple Pay, or cryptocurrency. The actor also attempts to collect personally identifiable information (PII) from the user including names, physical addresses, and phone numbers. Proofpoint identified at least one Bitcoin wallet address the piano scam fraudsters directed payment to. At the time of this writing, it contained over $900,000 in transactions. It is likely that multiple threat actors are conducting numerous different types of scams concurrently using the same wallet address given the volume of transactions, the variations in transaction prices, and overall amount of money associated with the account. While the email body content of the messages is similar, the sender addresses vary. Typically, the actors use freemail email accounts, usually with some combination of names and numbers. Most of the campaigns include multiple variations on the email content and contact addresses. Attribution To obtain more information about the fraudsters, researchers started a discussion with the actors and convinced them to interact with a researcher-managed redirect service. Proofpoint was able to identify at least one perpetrator\'s IP address and device information. Based on the information obtained, researchers assess with high confidence that at least one part of the operation is based in Nigeria. Screenshot of a part of a conversation between a researcher and threat actor. Advance Fee Fraud (AFF), which in the past has been referred to as 419,” “Nigerian 419,” or “Nigerian Prince” email fraud, occurs when a threat actor asks the potential victim for a small amount of money in advance of a larger, promised payout to be given to the victim at a later date. There are endless variations of this type of fraud. Typical schemes contain elaborate stories that explain why there is a large sum of money, job opportunity, or other goods or services available to the victim and why the sender needs a small upfront or advanced fee before the victim gets the promised money or goods. The fraudsters often bait victims with subjects such as inheritance, awards, government payouts, and international business. Once the victim provides the small amount of money to the fraudster, however, they cut all contact and disappear. Why it matters Proofpoint has previously published research on AFF campaigns using a variety of different themes to entice recipients to engage with them, including employment opportunities targeting university students and cryptocurrency fraud. In all cases, AFF relies on elaborate social engineering and the use of multiple different payment platforms. People should be aware of the common techniques used by threat actors and remember that if an unsolicited email so |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | $900 000 125 17ke4hzqaipxwoc7rqhwjhopwak2bv2hku 2024 2024 24hrs@email 419 @anahuac abcity113 able about account accounts activity actor actors address addresses advance advanced aff aldo all alleged also america amount app apple are arrange asks assess associated as inheritance attempts attribution available awards aware away bait based been before between beverage bitcoin body brief: brireedmoversse@outlook btc business campaigns cases cash circumstances claims cluster collect colleges com combination common company company” compromise concurrently conducting confidence contact contain contained content conversation convinced corshkimberlys&@outlook cryptocurrency cut date death delivery dereckadamsprivatemail21@mail description device different directed disappear discussion due elaborate email email employment endless engage engineering entice explain faculty fake family far fee first food fraud fraudster fraudsters free freemail from gets given given to giving good goods government hamj6842@gmail happened has have healthcare high however identifiable identified identify include including indicator indicators industries information instructs interact international january job kentronphillipsemail large larger later least like likely lure malicious managed march matters messages money moran97 more most multiple mx names needs a nigeria north number numbers numerous observed obtain obtained occurred offer often once one ongoing operation opportunities opportunity options other over overall part past pay payment payout payouts paypal people perpetrator personally phone physical piano pii platforms potential previously prices prince” probably promised proofpoint provided provides published purporting purports recently recipient recipients redirect reference referred relies remember replies requests research researcher researchers same scam scams schemes screenshot security seen send sender sends service services shipping should similar since sing small social some song sounds started stories that students subjects such sum target targeting techniques them themed themes then threat time too transaction transactions true type types typical typically universities university unsolicited upfront use used user using usually variations variety vary verocaress@gmail victim victims victim at volume wallet wallet what when when a which why will writing year you zelle “free” “nigerian “shipping however occurs the they |
| Tags | Threat Medical |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.