A New Wave of Piano-Themed Email Scams Hits North American Colleges and Universities
A malicious email campaign has recently surfaced, targeting students and faculty at North American colleges and universities. This scam, which has been active since January 2024, uses piano-themed messages to lure victims into advance fee fraud (AFF) schemes.
According to cybersecurity firm Proofpoint, over 125,000 emails have been identified as part of this fraudulent operation so far this year. While educational institutions are the primary targets, other industries such as healthcare and food and beverage services have also reported being affected.
The Scam Operation
In these deceptive emails, scammers offer a free piano to recipients, often fabricating personal stories such as a family member’s death to evoke sympathy. Victims are then directed to a fake shipping company, controlled by the fraudsters, which demands payment for delivery before sending the promised piano.
Payment methods accepted by the scammers include Zelle, Cash App, PayPal, Apple Pay, and cryptocurrency. Additionally, the perpetrators attempt to collect personal information such as names, addresses, and phone numbers from their targets.
Discovery of Bitcoin Wallet
During the investigation, a Bitcoin wallet used by the scammers was uncovered, processing over $900,000 in transactions. This significant transaction volume indicates that multiple threat actors may be utilizing the same wallet for various fraudulent activities.
Despite the consistency in email content, the sender addresses vary, often comprising combinations of names and numbers and utilizing free email services. The campaigns also feature multiple versions of email content and contact addresses.
Unveiling the Scammers
Proofpoint engaged in discussions with the scammers, utilizing a researcher-managed redirect service to capture one perpetrator’s IP address and device information. This data led researchers to determine that part of the operation is based in Nigeria.
Advance Fee Fraud Warning
Advance Fee Fraud, commonly known as 419 scams, involves scammers requesting a small upfront payment in exchange for a larger, promised payout. These scams often include elaborate stories about inheritances, job opportunities, or other lucrative offers. Once the victim sends the initial payment, the scammers disappear, taking the money with them.
Due to the reliance on social engineering and various payment methods, Proofpoint issued a warning for the public to remain vigilant. “People should be aware of the common techniques used by threat actors and remember that if an unsolicited email sounds too good to be true, it probably is,” the company advised.