An age-old customer support scam has taken a new turn, the FBI warns – though the aim remains the same – to steal people’s identities (opens in new tab)sensitive data, payment details and ultimately money.
In a recent public service announcement, the agency urged customers (usually older people) to remain vigilant when receiving emails pretending to be from service representatives of a company’s tech or computer repair service.
Fraudsters usually send a phishing email telling victims that their bank account has been charged (or has already been charged) between $300 and $500 for various services. If victims want to cancel the payment or request a refund, they should call the phone number in the body of the email and do so urgently.
Fake payment portals for refund
If the victims call the number, the “representative” would trick them into downloading and using remote access software, which is more than enough for the attackers to drain the victims’ bank accounts.
The twist in this story, according to the FBI, is that they are now also creating little scripts built to look like a refund payment portal user interface. Law enforcement did not say which companies are impersonated in this attack, but BleepingComputer did some digging and found script samples called Chase Bank, the commercial banking subsidiary of JPMorgan Chase.
Chase Bank does not appear to be the only financial institution to be impersonated in this attack, the publication further claims, as other batch files were discovered, which can be modified on the fly to change the bank’s name.
Usually, scripts and scams like this one aim to steal sensitive data from people such as full names, bank names, zip codes and refund amounts, giving the attackers enough information to initiate wire transfers. Moreover, calling the fraudsters on the phone also gives them the phone number, which can later be used for additional fraud attempts.
Via: BleepingComputer (opens in new tab)