The FBI warns that tech support scammers are now impersonating financial institutions’ refund payment portals to harvest victims’ sensitive information and add legitimacy.
In today’s public service announcement, the federal law enforcement agency said that the fraudsters trick victims (generally someone from within the elderly population) via email or phone calls into giving them access to their computers by impersonating representatives of technical or computer repair services.
“Within the body of the email, the scammers will indicate the specific service to be renewed with a price commonly in the range of $300 to $500 USD, provoking a sense of urgency in the victims to contact them and provide information for a refund,” the FBI said.
“In this case, the scammers claim to aid in securing a refund through remote access to the victim’s computer.”
While tech support scams have been around for years, the FBI added that since as recently as October 2022, the scammers are using scripts (Windows batch files) designed to display what looks like the user interface of refund payment portals in a command prompt window.
Even though the FBI has not revealed the names of impersonated organizations, BleepingComputer has found samples of these scripts that pretend to be Chase Bank, JPMorgan Chase’s consumer and commercial banking subsidiary.
BleepingComputer has also discovered other batch files deployed in this tech support campaign that can be customized on the fly by setting Windows environment variables to change the bank name injected into the output.
However, these scripts are used to collect the targets’ personal and banking info (i.e., full name, bank name, ZIP code, refund amount) that will help the crooks make unauthorized wire transfers of funds from the victim’s bank accounts.
“The executable will generally run a command prompt made to look like a service screen,” the FBI added.
“Additionally, the script contains commands to write information to a text file, and several pauses that provoke user engagement as they ‘wait’ for a refund or other action to take place.”
Those who have fallen victim to this tech support scam are advised to report it as soon as possible by filing a complaint with the Internet Crime Complaint Center (IC3).
The FBI also urged potential targets not to grant remote access to their computers to unknown entities or persons and not to send wire transfers based on instructions from people they spoke to on the phone or online.