A new scheme of scammers with fake invoice

0
563
Vlada Komar / Splaitor

In today’s world, it’s no longer possible to surprise anyone with a scam. Now there is information about a new method of getting what you want by scammers. A cyber ransomware gang uses phishing emails, social engineering, and a network of fake call centers. The goal is to get hundreds of thousands of dollars from victims. It works by tricking the scammer into providing remote access to their computer and then stealing data, threatening to leak it if they don’t pay the ransom.

It turned out that phishing emails containing malicious documents were used to trick victims into installing the BazarLoader malware. This malware was then used to gain access to the network, steal data and blackmail the victim into paying extortion fees to prevent data leakage.

It usually works by sending an email to the employee’s corporate email account with a PDF attachment for a credit card bill, usually for less than $1,000.

Also, to keep suspicion to a minimum, the email includes a unique identifier and phone number, suggesting that if there is a problem, the victim should call to ask a question or cancel the payment. These letters aren’t made under the copy. They are unique and don’t arouse any suspicions.

The way it worked was that the victim calls the number provided and is connected to a call center operated by those behind the extortion scam. During the call, the operator could determine the victim’s company by asking for an identification number. Then, under the pretense of helping the victim cancel a fake payment, he guides the victim through the steps necessary to download and run the remote access software.

As a result, after the cybercriminal gains access to the remote administration tool from the victim’s computer, the cybercriminal gains access to confidential files and servers.

Then the victim receives another email demanding to pay extortion and threatening to disclose information if the payment isn’t made. The demands are in bitcoins and can be hundreds of thousands of dollars.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.