Scammers pose as government officials to commit card fraud

A newly discovered fraudulent campaign is tricking customers into giving their credentials and credit card information, resulting in a widespread card fraud operation.

Reports revealed that the new operation is a multi-staged fraud scheme targeting a particular customer group. The researchers stated that the fraudsters that operated this campaign purchased login credentials of government accounts on the dark web, caused by previous infostealing activities.

Subsequently, these malicious individuals can contact consumers by phone who have filed customer complaints about goods or services through a legitimate government portal.

 

The attackers impersonate government personnel to acquire info for executing card fraud.

 

This new campaign that wants to commit card fraud impersonates government personnel. The attackers can initiate the activity by claiming to be staff who can assist targets in processing a refund.

Moreover, these fake officials will encourage the targets to download remote access software to their mobile devices to expedite the process. Once screen sharing is complete, the scammers will ask the victim to upload a snapshot of their credit card to the complaints app.

While the target follows the instructions, the scammers can grab the credit card information and prepare to conduct fraudulent online transactions.

During this process, text notifications with one-time passwords (OTPs) will also be displayed on the shared screen. The scammer then intercepts these OTPs and uses them to make verified but fraudulent purchases.

As of now, this operation targets consumers in Middle Eastern countries. Recent statistics have shown that it is very effective since it exploits accurate customer information to engineer the victim socially.

Furthermore, victims of these activities are typically female consumers with minimal technological knowledge. A survey shows that scammers earn earnings by purchasing gift cards or 3D-secure merchandise from e-tailers or recharging e-wallets.

This malicious activity can be the actions of an organised cybercriminal group since it is well-structured and sophisticated, needing mature operations, coordinated infrastructure, and multiple specialist positions.

Consumers worldwide, especially from Middle Eastern countries, should avoid sharing screens with unknown callers. Verify the legitimacy of unsolicited communications, like the ones that introduce themselves as important individuals, such as government officials or help providers.