Kaspersky experts detected a new online fraud scheme designed to trick people into thinking they are owed compensation. Under the pretext of offering compensation for personal data leaks, scammers instead urge users to buy “temporary US social security numbers” worth around $9 each. Victims were found in Russia, Algeria, Egypt and the UAE, as well as other countries.
Privacy and data protection emerged as issues of public concern in recent years. As is often the case with such attention-grabbing subjects, this attracted fraudsters who are eager to cash in on people’s fears.
The new scheme exploited those heightened concerns over data privacy. It involved a website allegedly owned by the Personal Data Protection Fund, founded by the US Trading Commission. The fund purportedly issued compensation to those who may have been subject to a personal data leak and is available to citizens from any country in the world.
For those interested, the site offered to check whether user data has ever been leaked. The user was asked to provide their name, phone number, and social media accounts. The site then displayed an alert, indicating that the user experienced a leak, which can include data such as photos, videos, and contact information, entitling the user to compensation of thousands of dollars. However, fraudsters do not just ask for a user to enter a bank card number and wait for the payment to be credited; users instead need to offer their own social security number (SSN).
In any possible scenario – be it the absence of the SSN or entering the correct existing SSN – the website alerts mistakes and offers to sell a temporary number for the $9 price. Upon agreement, the victim is redirected to a payment form in Russian, or English with the purchase price specified in rubles or US dollars. The specific form depends on the victim’s IP address.
“The scammers themselves are most likely Russian speakers, as suggested by the request for payments in rubles, plus the suspicious similarity of the scheme to other easy money offers that regularly tempt residents of Russia and the CIS,” said Tatyana Sidorina, security expert at Kaspersky. “The e-bait in those schemes varies — giveaways, surveys, secret retirement savings, even a part-time job as a taxi dispatcher — but they tend to be in Russian (as are some of the preceding links). The bottom line is always the same: the juicy promise of quite a bit of easy money, followed by a demand to pay for an inexpensive service, be it a commission, a ‘securing’ payment, or a temporary SSN. The new scheme is quite a topical one and is related to offering compensation for data leaks. Once some organisations have started to pay users, fraudsters decided there is a monetary opportunity for them as well.”
In order to stay protected from the potential risks of online fraud, Kaspersky experts advise:
- Do not trust payment offers. If someone promises a large cash payout for something as trivial as taking part in a survey, it is almost certainly a trick. And if you are asked to pay something to then receive the funds, you can be doubly sure it’s a swindle.
Use trusted resources. Search the organisation to see if it actually exists and if it does, take a close look at its website. Pay attention to the language: a reputable organisation will not publish text full of errors and typos.