Kaspersky experts have identified a new online fraud system designed to trick people, making them believe they are owed compensation.
Under the guise of offering compensation for personal data leaks, scammers urge users to buy “temporary U.S. social security numbers” worth about $9 each. Victims were identified in Russia, Algeria, Egypt and the UAE, among other countries.
Privacy and data are among the most discussed topics of recent years. This is not surprising, as aren’t the penalties imposed on companies that have experienced data breaches. This, like any other topic that attracts attention, would not help to attract scammers who are eager to earn money at the expense of others.
Kaspersky experts have identified a brand new system that exploits these privacy issues. The system includes a website allegedly owned by the Personal Data Protection Fund, which was established by the U.S. Trade Commission. As mentioned, the fund issues compensation to those who may have leaked personal data and is available to citizens from any country in the world.
For those interested, the site offers to check whether there has ever been a leak of user data. For this purpose, the user must provide his full details (full name, phone number and social media accounts). Once this is done, a notification appears indicating that the user has been leaked, which may include data such as photos, videos, and contact information, allowing the user to receive thousands of dollars in compensation. However, scammers do not only ask the user to enter a credit card number and wait for the amount of compensation to be credited to him. Users inevitably need to enter their social security number (SSN; a nine-digit number issued for US citizens, as well as for permanent and temporary workers in the US).
In any possible scenario –whether it’s the absence of SSN or the inserting of a valid existing SSN– the site reports errors and offers to sell a temporary one for $9. By agreement, the victim shall be redirected to this payment form in Russian or English with the purchase price fixed in rubles or dollars respectively. This form depends on the victim’s IP address.
To remain protected from potential cyber fraud risks, Kaspersky experts advise:
- Do not trust payment offers. If someone promises you a lot of cash payment for something seemingly insignificant as participating in a survey, it’s almost certainly a gimmick. And if you are asked to pay something to receive the money, you can be doubly confident that it is a scam.
- Use reliable sources. Look for the organization to see if it really exists and if it exists, carefully check its website. Mind the language: a trusted organization will not publish text full of errors and typographical bugs.
- Use a reliable security solution for complete protection against a wide range of threats.