An age-old customer support scam has gotten a new twist, the FBI is warning – although the goal remains the same – to steal people’s identities (opens in new tab), sensitive data, payment data and, ultimately, money.
In a recent public service announcement, the bureau urged customers (mostly the elderly population) to stay vigilant when receiving emails pretending to be from service representatives of a company’s technical or computer repair service.
Fraudsters typically send a phishing email, telling the victims that their bank accounts will be charged (or have been charged already) anywhere between $300 and $500 for various services. Should victims want to cancel the payment, or request a refund, they would need to call the phone number provided in the body of the email, and do it urgently.
Fake refund payment portals
If the victims do call the number, the “representative” would trick them into downloading and running remote access software, which is more than enough for the attackers to empty the victims’ bank accounts.
The twist in this story, according to the FBI, is that they’re now also creating small scripts built to look like a user interface of a refund payment portal. The law enforcement agency did not say which companies are being impersonated in this attack, but BleepingComputer did a little digging and found script samples naming Chase Bank, JPMorgan Chase’s commercial banking subsidiary.
Chase Bank doesn’t seem to be the only financial…
