A malicious email campaign has been discovered leveraging piano-themed messages to perpetrate advance fee fraud (AFF) scams.
These campaigns, active since at least January 2024, primarily target students and faculty at North American colleges and universities.
However, industries such as healthcare and food and beverage services have also been affected. According to Proofpoint, who discovered the campaign, over 125,000 emails have been observed in connection with this scam cluster so far this year.
In these deceptive emails, the fraudsters offer a free piano, often citing personal circumstances like a family member’s death. Respondents are then directed to a fake shipping company, also controlled by the scammer, which demands payment for delivery before sending the piano.
The scammers accept payments through various methods, including Zelle, Cash App, PayPal, Apple Pay and cryptocurrency. Additionally, they attempt to gather personal information such as names, addresses and phone numbers from their victims.
A notable discovery in this investigation was a Bitcoin wallet used by the fraudsters, which has processed over $900,000 in transactions.
The substantial transaction volume suggests multiple threat actors might be using this wallet for various scams.
Despite the uniformity in the email content, the sender addresses vary, made up of combinations of names and numbers, and typically utilize free email services. These campaigns also feature several iterations of email content and contact addresses.
To gain further insights into the scammers, Proofpoint engaged in discussions with them, using a researcher-managed redirect service to capture one perpetrator’s IP address and device information. This data led researchers to confidently assess that part of the operation is based in Nigeria.
Read more on cryptocurrency fraud: Six Austrians Arrested in Multi-Million Euro Crypto Scheme
Advance Fee Fraud, also known as 419 scams, typically involves scammers requesting a small upfront payment in exchange for a larger, promised payout.
These schemes often include intricate stories about inheritances, job opportunities or other lucrative offers. Once the victim sends the initial payment, the scammers cease all communication, disappearing with the money.
These frauds rely heavily on social engineering and diverse payment methods. Because of this, Proofpoint warned the public to remain vigilant.
“People should be aware of the common techniques used by threat actors and remember that if an unsolicited email sounds too good to be true, it probably is,” the company advised.