Fake 'compensation' scheme exploits fears of data leaks
A new online fraud scheme is designed to trick people into thinking they are owed compensation for data leaks only to scam them out of cash.
Researchers at Kaspersky uncovered the scam which tries to get users to purchase 'temporary US social security numbers' at a cost of around $9 each. Victims have been found in Russia, Algeria, Egypt and the UAE, as well as other countries.
The site helpfully offers to check whether user data has ever been leaked. The user is asked to provide their name, phone number, and social media accounts. The site then displays an alert, indicating that the user has indeed experienced a leak -- surprise, surprise -- which can include data such as photos, videos and contact information, entitling the user to compensation of thousands of dollars. However, fraudsters don't just ask for a user to enter a bank card number and wait for the payment to be credited; users instead need to offer their own social security numbers.
In the absence of a social security number, or even when one exists, the website highlights 'mistakes' and offers to sell you a temporary number for $9.
"The scammers themselves are most likely Russian speakers, as suggested by the request for payments in rubles, plus the suspicious similarity of the scheme to other easy money offers that regularly tempt residents of Russia and the CIS," says Tatyana Sidorina, security expert at Kaspersky. "The e-bait in those schemes varies -- giveaways, surveys, secret retirement savings, even a part-time job as a taxi dispatcher -- but they tend to be in Russian (as are some of the preceding links). The bottom line is always the same: the juicy promise of quite a bit of easy money, followed by a demand to pay for an inexpensive service, be it a commission, a 'securing' payment, or a temporary SSN. The new scheme is quite a topical one and is related to offering compensation for data leaks. Once some organizations have started to pay users, fraudsters decided there is a monetary opportunity for them as well."
In order to stay safe, Kaspersky advises users not to trust payment offers and use trusted sources to find out if a scheme is genuine.