Beware of Free Piano message that Steal Personal & Financial Data

A malicious email campaign is targeting students, faculty, and other professionals with piano scams. Since January 2024, over 125,000 emails have been sent offering free pianos due to fabricated situations. 

Responding to the emails leads to fake shipping companies requesting upfront payment for delivery, while the promised piano is non-existent, which is a classic example of an Advance Fee Fraud (AFF) scam where cybercriminals impersonate legitimate entities to trick victims into sending money. 

Lure email purporting to be giving away a “free” piano. 

A social engineering scam targeting college communities uses free piano offers to trick victims into paying for nonexistent delivery fees, where the scammers use various methods like Zelle, Cash App, and cryptocurrency to collect money while simultaneously gathering personal information. 

The high volume of transactions and use of a single Bitcoin wallet with over $900,000 suggest multiple actors are running similar scams. The emails originate from freemail accounts with generic names and numbers, and the content varies slightly across campaigns. 

Shipping options are provided by the fake shipping company.  

Researchers engaged with fraud actors, persuading them to interact with a researcher-controlled redirection service, which captured at least one perpetrator’s IP address and device details. 

Through the examination of these data, they came to the conclusion with a high degree of certainty that a few of the fraudulent activities originated in Nigeria. 

Screenshot of a part of a conversation between a researcher and a threat actor.  

Advance Fee Fraud (AFF) utilizes social engineering tactics to trick victims into sending upfront payments. Perpetrators, often referred to as threat actors, fabricate scenarios like inheritances or business deals, promising a significant reward in exchange for a small initial fee. 

The elaborate stories legitimize the request for the upfront payment, which serves as the sole purpose of the scam, and once the victim sends the money, the perpetrator ceases communication, leaving the victim with financial loss. 

An investigation by Proofpoint identified several indicators of compromise (IOCs) potentially linked to a malicious campaign, including sender email addresses used in March 2024, such as KentronPhillipsemail.24hrs@email[.]com, aldo[.]moran97 @anahuac[.]mx , and others. 

Additionally, a suspicious Bitcoin wallet address (17kE4HzqAiPxwoC7rqHwJHoPwAk2bV2hKU) and a reference number (ABCITY113) were flagged, which suggest potential phishing attempts or malware distribution campaigns that may have begun in March 2024. 

Also Read:

Kaaviya
Kaaviyahttps://cyberpress.org/
Kaaviya is a Security Editor and fellow reporter with Cyber Press. She is covering various cyber security incidents happening in the Cyber Space.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here