Email users have been urged to check their inboxes immediately to find a worrying new threat. The latest batch of messages to be sent out by scammers attempt to trick users by suggesting they’ve purchased high-value items, such as sought-after concert tickets, and that the only way to stop this pricey transaction is to call a customer service number.
Once someone is fooled, the number connects to a cybercriminal who tries to steal money by acquiring your account details, or makes an attempt to install nasty malware onto your PC by taking a number of crucial details over the phone under the guise of stopping a fraudulent transaction.
It’s a growing problem, with the security team at Proofpoint claiming that ten of thousands of people are being targeted by this scam every day.
And don’t think for one minute that these types of attacks don’t work, with the Proofpoint cyber experts estimating that around 60 million people have already lost money due to these call centre scams.
The most recent attacks spotted by Proofpoint are using popular and trusted names such as Justin Bieber ticket sellers, computer security services like Norton, COVID-19 relief funds, or online retailers such as Amazon. The emails usually promise refunds for mistaken purchases, software updates, or financial support.
The spoof emails always then contain a phone number for customer assistance and once called the attack begins. Explaining more about these new scams, Proofpoint said: “Financial extortion actors typically use invoice lures associated with companies like Amazon, Paypal, or security software.
“Once a person calls the number listed in the email, the actor will direct the victim to install remote access software such as AnyDesk, Teamvier, Zoho, etc. and provide them access to interact with the machine under the guise of customer service.
“Often, the victim is directed to login to their bank account to get a refund, or purchase gift cards. Once the attacker is connected, they blackout the screen to hide their activities. They might edit the HTML of the banking webpage to show a different amount or attempt to steal the money directly.”
If you receive an email claiming you have made a purchase, then you should delete it without delay and never call the number listed in the message.