Beware: Piano-themed Scams Targeting Universities and Beyond

News Desk -

Share

Security researchers at Proofpoint have unearthed a series of fraudulent email campaigns exploiting piano-themed messages to ensnare unsuspecting victims in advance fee fraud (AFF) scams. These scams, ongoing since January 2024, primarily target students and faculty across North American colleges and universities, with additional targets in sectors like healthcare and food services. The scammers have already dispatched over 125,000 deceptive emails this year.

Modus Operandi:

In these nefarious campaigns, scammers offer free pianos under various pretexts, such as claiming a recent family tragedy. Upon receiving a response, they instruct victims to coordinate delivery through a sham shipping company, which, unsurprisingly, shares connections with the same malicious actors. To receive the purported piano, victims are coerced into paying upfront for shipping costs via channels like Zelle, Cash App, PayPal, Apple Pay, or cryptocurrency. Additionally, scammers attempt to harvest personal information like names, addresses, and phone numbers from victims.

Financial Implications:

Proofpoint’s investigation uncovered at least one Bitcoin wallet accumulating over $900,000 in transactions, indicating the scale and profitability of these scams. The volume of transactions, varying prices, and substantial funds associated with the account suggest the involvement of multiple threat actors orchestrating a myriad of scams under the same umbrella.

Identification of Culprits:

By engaging with the fraudsters through a researcher-managed redirect service, Proofpoint was able to trace back to at least one perpetrator’s IP address and device information, leading to a high-confidence assessment that a faction of the operation originates from Nigeria.

The Menace of Advance Fee Fraud (AFF):

AFF scams, colloquially known as “419” or “Nigerian Prince” scams, involve soliciting a small upfront payment from victims in exchange for promised future benefits, which inevitably never materialize. These scams often employ elaborate narratives, such as inheritance claims or job offers, to lure victims into parting with their money.

Significance:

Proofpoint’s research underscores the persistent threat posed by AFF scams, which exploit diverse themes to manipulate recipients into engaging with them. Whether it’s job offers targeting students or cryptocurrency fraud, these scams rely on sophisticated social engineering tactics and exploit multiple payment platforms. Vigilance is paramount, and individuals should exercise caution when encountering unsolicited emails promising unrealistic rewards, as they often serve as bait for malicious schemes.