HQ/EMEAFind out how we can help your business
The payment refund portals of several financial institutions were found to be impersonated by threat actors, specifically by tech support scammers, to steal victims’ data. The FBI stated that the campaign involves scammers tricking people via email or phone calls into providing access into their devices by impersonating tech support service representatives.
As seen from the malicious email’s content, the scammers have indicated the service that the victims have to purportedly renew, with a price ranging from $300 to $500. Moreover, the email provokes a false sense of urgency in the recipients, saying they must contact them as soon as possible and provide their details for an alleged payment refund.
By remote access on the victim’s computer, the scammers will display a fake payment interface portal where they must input their credentials.
The threat actors act as if they would help the victims secure a refund through fake payment refund portals but would steal the entered credentials.
The impersonated financial institutions were not disclosed. However, the researchers found samples of the scripts (Windows batch files) used by the scammers, revealing that they imitated Chase Bank in one of their operations.
Other batch file samples have also been analysed, which the scammers could easily customise by setting Windows environment variables and changing the financial institution’s name to their preference in the output.
Once the victims have provided their sensitive banking details to the scammers, such as their full names, bank info, ZIP codes, and refund amounts, the threat actors could perform unauthorised fund wire transfers from the victims’ bank accounts.
Victims of these tech support scams must immediately testify to the Internet Crime Complaint Center (IC3) to aid them in investigating and resolving the incident.
Most importantly, it is best to evade being a victim of such fraud. People are strongly advised never to grant unknown entities remote access to their computers or mobile phones and not to give away their sensitive information without extensive research on who they are engaging with.
