A new email scam campaign has recently been uncovered, utilizing piano-themed messages to carry out advance fee fraud (AFF) scams. These fraudulent activities have been active since at least January 2024 and primarily target students and faculty at North American colleges and universities. However, other industries, such as healthcare and food and beverage services, have also fallen victim to this scheme. Proofpoint, the cybersecurity firm that uncovered this campaign, has identified over 125,000 emails associated with this scam cluster so far this year.
In these deceptive emails, scammers offer a free piano, often fabricating personal stories such as a family member’s passing. Victims who respond to these emails are directed to a fake shipping company, controlled by the scammer, that requests payment for the delivery of the piano before it is sent. The scammers accept payments through various methods, including Zelle, Cash App, PayPal, Apple Pay, and cryptocurrency. Additionally, they attempt to gather personal information, such as names, addresses, and phone numbers, from their targets.
One significant finding in this investigation was the discovery of a Bitcoin wallet used by the fraudsters, which has processed over $900,000 in transactions. The high transaction volume suggests that multiple threat actors may be utilizing this wallet for various scams. Despite the consistency in email content, the sender addresses vary, consisting of combinations of names and numbers, and typically using free email services. These campaigns also feature multiple versions of email content and contact addresses.
To gain further insights into the scammers behind this operation, Proofpoint engaged in conversations with them, utilizing a researcher-managed redirect service to capture one perpetrator’s IP address and device information. This data led researchers to determine that part of the operation is based in Nigeria.
Advance Fee Fraud, also known as 419 scams, involves scammers requesting a small upfront payment in exchange for a larger promised payout. These scams often involve elaborate stories about inheritances, job opportunities, or other lucrative offers. Once the victim sends the initial payment, the scammers vanish, taking the money with them.
These fraudulent activities heavily rely on social engineering tactics and various payment methods. Therefore, Proofpoint has advised the public to remain vigilant. “People should be aware of the common techniques used by threat actors and remember that if an unsolicited email sounds too good to be true, it probably is,” the company cautioned.
For more information on cryptocurrency fraud, you can read about the recent arrests of Six Austrians in a Multi-Million Euro Crypto Scheme. Stay informed and stay safe in the digital world.