Threat Management

FBI: Refund payment portals spoofed in new scams

The FBI has warned that financial organizations' refund payment portals are being impersonated in an effort to exfiltrate sensitive data, BleepingComputer reports. Threat actors have been masquerading as technical or computer repair service representatives in emails and phone calls to lure individuals, particularly the elderly population, into handing them computer access, according to the FBI, which added that specific services will be indicated on messages as renewable for a fee between $300 and $500. Windows batch files have been leveraged by attackers to effectively impersonate refund payment portals in campaigns as recent as last month, with BleepingComputer discovering Chase Bank as one of the impersonated entities. The FBI noted that scripts used by attackers facilitate collection of personal and banking details that would enable unauthorized fund transfers. "The executable will generally run a command prompt made to look like a service screen. Additionally, the script contains commands to write information to a text file, and several pauses that provoke user engagement as they 'wait' for a refund or other action to take place," said the FBI.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.