Scammers Employing Justin Bieber Tickets, The Weekend Concerts, and Phony Gun Sales to Propagate Malware

Scammers Employing Justin Bieber Tickets, The Weekend Concerts, and Phony Gun Sales to Propagate Malware

Proofpoint, a cybersecurity firm, issued new research on Thursday outlining a rise in call center-based attacks. Some attacks performed by threat actors lead to a collection of almost $50,000 per attack.

Researchers at Proofpoint claim that their organization encounters thousands of phone-based intrusions every day, with the majority belonging to two different categories. Some criminals use phony call centers to steal money from victims, while others use them to transmit malware used in other operations.

According to Proofpoint experts, the activity was linked to personnel operating in the Indian cities of Mumbai, Kolkata, and New Delhi.

Cybercriminals pitch themselves as “Justin Bieber ticket dealers, computer security services, COVID-19 relief funds, or internet shops, guaranteeing refunds for incorrect purchases, software upgrades, or financial help” to legitimize their frauds.

Victims receive an email with a phone number that connects them to a “customer support” representative, who is actually a cybercriminal. 

Other scams start with phony Amazon or PayPal invoices instructing the victim to contact the cybercriminals to dispute the charge.

When victims phone the scam call center, they are guided by downloading malware files or software such as AnyDesk, Zoho, and TeamViewer, allowing cybercriminals to access a device remotely. Proofpoint says that some fraudsters even ask victims just to enter their bank account information to collect refunds.

The invoicing lures in malware-focused campaigns like BazaCall are frequently more complex, with themes like lingerie, Justin Bieber concerts, and fake movie sites. According to the researchers, users are routed to rogue websites where they are instructed to download a document to enable a refund but instead become infected with malware.

Researchers from the cybersecurity firm accompanied one fraudster as they took them through the attack to discover enemy tactics. Some attackers pretended to be ticket vendors for Justin Bieber’s global tour in 2022 and future The Weeknd concerts.

According to Proofpoint, the fraudsters even play Justin Bieber’s song as victims wait to talk with a representative. The cyber-attacker persuaded a Proofpoint analyst to visit a rogue website to challenge a charge relating to the performances. As soon as the malicious file had been downloaded, the attacker hung up on the call.

Unwanted scam calls have become a big problem for several Americans, with some reporting receiving hundreds of calls every week. According to a Truecaller report, 60 million Americans wasted $29.8 billion because of these calls between 2020 and 2021.

Sherrod DeGrippo, VP of Proofpoint’s threat research and detection, said that malicious actors are becoming more inventive with their lures. Fake receipts for Justin Bieber concert tickets or a firearm transaction, for example, are attention-getting enough to fool even the most diligent email receiver.

According to NetEnrich chief threat hunter John Bambenek, call center fraud is not new and has been used effectively in the past to try to lend legitimacy to cybercriminal frauds.

He did say, though, that this tactic doesn’t scale and that it’s “very unusual for defenders to phone these numbers to tie up the attackers’ time.”

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.