Lure email purporting to be giving away a “free” piano. Image Source: Proofpoint |
The NJCCIC recently received reports of a phishing campaign that was also identified by Proofpoint. The campaign involves malicious emails using piano or musical instrument-themed messages to lure people into advance fee fraud (AFF) scams. At least 125,000 messages associated with a piano scam campaigns have been identified since January, primarily targeting students and faculty at North American educational facilities. Proofpoint noted that some healthcare and food and beverage organizations were also targeted. |
The phishing emails claim that a staff member is giving away a piano and other musical instruments for free due to downsizing or moving. When a target replies, the threat actor instructs them to arrange delivery by contacting a shipping company via a fraudulent email address managed by the threat actors. The “shipping company” then claims they will send the piano if the recipient sends the money for shipping first. |
Proofpoint reported that a single Bitcoin wallet address linked to this campaign currently holds over $900,000, although it is unknown if all funds were accumulated from the “free piano” lure. Analysts assess that multiple threat actors are likely conducting different types of scams simultaneously using the same wallet address due to the volume of transactions, variation in transaction prices, and the overall amount of money associated with the account. Proofpoint analysis also revealed that one of the cybercriminals used a Nigerian IP address, suggesting that at least part of the operation is based in Nigeria. |