Scammers are spoofing online refund portals to steal your data, FBI warns

Bad Bots
(Image credit: Gonin / Shutterstock)

An age-old customer support scam has gotten a new twist, the FBI is warning - although the goal remains the same - to steal people’s identities, sensitive data, payment data and, ultimately, money. 

In a recent public service announcement, the bureau urged customers (mostly the elderly population) to stay vigilant when receiving emails pretending to be from service representatives of a company’s technical or computer repair service.

Fraudsters typically send a phishing email, telling the victims that their bank accounts will be charged (or have been charged already) anywhere between $300 and $500 for various services. Should victims want to cancel the payment, or request a refund, they would need to call the phone number provided in the body of the email, and do it urgently. 

Fake refund payment portals

If the victims do call the number, the “representative” would trick them into downloading and running remote access software, which is more than enough for the attackers to empty the victims’ bank accounts.

The twist in this story, according to the FBI, is that they’re now also creating small scripts built to look like a user interface of a refund payment portal. The law enforcement agency did not say which companies are being impersonated in this attack, but BleepingComputer did a little digging and found script samples naming Chase Bank, JPMorgan Chase’s commercial banking subsidiary.

Chase Bank doesn’t seem to be the only financial institution being impersonated in this attack, the publication further claims, as other batch files were discovered, that can be customized on the fly to change the bank name. 

Most of the time, scripts and scams such as this one aim to steal people’s sensitive data, such as full names, bank names, ZIP codes and refund amounts, giving the attackers plenty of intel to kick off wire transfers. Furthermore, calling the fraudsters on the phone also gives them the phone number, which can later be used for additional fraud attempts.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.