Scammers are placing their bets on the fact that if individuals receive an unexpected free piano, someone will seize the opportunity. It seems this scenario is indeed unfolding.
As per the cybersecurity company Proofpoint’s threat researchers, cybercriminals have been employing various ongoing strategies since January to lure targets into advanced fee fraud (AFF) scams through emails themed around pianos. In a report released on Wednesday, researchers Tim Kromphardt and Selena Larson indicated that at least one of the scammers hails from Nigeria.
Proofpoint has identified approximately 125,000 emails related to the piano scam campaign clusters this year. Most of the targets are students and faculty members at colleges and universities in North America, with some emails also appearing in healthcare facilities and food and beverage establishments, according to the researchers.
The AFF scheme unfolds when the threat actor sends an email to a target offering a free piano, typically following a situation like a family bereavement. For instance, one email allegedly sent by a professor at a college to students, faculty, and staff mentions that due to downsizing, he wishes to give away his late father’s piano to a caring individual.
If the target responds, they are directed to arrange piano delivery by contacting a shipping company – one that utilizes a bogus email address managed by the threat actor. Subsequently, the fraudulent shipping company asks the victim to pay a shipping fee before dispatching the piano.
One email purportedly from a "shipping company" displayed by Proofpoint includes a detailed message featuring the company name, piano details, and three shipping options with fees ranging from $595 to $915.
Towards the end of the email, the scammer tries to escalate urgency by claiming that multiple individuals are interested in the piano. "We will ship it to the first person who pays for delivery," the email asserts.
Negative Note: Diverse Payment Methods
Within the AFF plot, there are multiple payment channels available, such as Zelle, Cash App, PayPal, Apple Pay, and cryptocurrencies. Throughout the scam, the perpetrators also attempt to gather the user's personal information like names, physical addresses, and phone numbers, as mentioned by Kromphardt and Larson. Once a target makes the payment, the scammers cease communication.
The researchers uncovered at least one Bitcoin wallet address to which the fraudsters directed payments. As of this week, the address had processed over $900,000 in transactions. "Given the high transaction volume, varying transaction prices, and substantial funds associated with the account, it is likely that multiple threat actors are running several different scams simultaneously using the same wallet address," they remarked. "Although the email contents are similar, the sender addresses differ."
The scammers typically utilize free email accounts and incorporate combinations of names and numbers in the email addresses. Primarily, the piano scam initiatives consist of variations in the lure email content and contact addresses.
Kromphardt and Larson engaged with some of the scammers, communicating through a researcher-monitored redirection service. They managed to pinpoint one scammer's IP address and details, thereby determining with high certainty that a portion of the operation originates from Nigeria.
Scaling Up: Prolonged Existence of AFF Strategies
Advanced fee fraud schemes are not a recent phenomenon, with origins tracing back to scams like the infamous "Nigerian prince" cons that have persisted alongside the advent of email. The UK Finance association noted a 33% annual rise in such scams in its fraud report last year. Julien Lacombe, a senior business development director focused on the European Union at NetGuardian (a cybersecurity firm using AI to combat fraud and financial crimes), delved into the intricacies not only of these scams but also why individuals continue to fall victim to them.
"Various forms of advance fee scams exist, including lottery scams, inheritance scams, loan scams, employment scams, and romance scams," Lacombe highlighted. "Although the narratives differ per type, the underlying premise remains consistent: paying a fee upfront for a promised reward."
Main Insights: Factors Contributing to Vulnerability
Several factors contribute to individuals falling for AFF scams, ranging from ignorance about such schemes to feelings of isolation, financial distress, or an inclination towards overly optimistic views – known as 'optimism bias' where individuals presume negative outcomes are less likely to affect them compared to others, potentially leading to carelessness.
Kromphardt and Larsen from Proofpoint highlighted the company’s previous studies on AFF schemes involving job offers and crypto fraud. They reported on a campaign from last year in which scammers enticed students in North American universities with the prospect of job opportunities in fields like bioscience and healthcare. In 2021, Proofpoint also detailed a sophisticated scheme involving crypto, where scammers furnished operational login credentials to fake crypto exchange platforms.
"Across all scenarios, AFF schemes hinge on detailed social engineering tactics and the deployment of multiple payment platforms," they emphasized. "It is crucial for individuals to be alert to the common techniques employed by threat actors and bear in mind that if an unsolicited email sounds too good to be true, it likely is."
Photo by Wim van ‘t Einde on Unsplash
About Author
