Proofpoint researchers are sounding the alarm about a new wave of scams targeting French citizens. This scam involves contacting tenants under the pretext that their rent has not been paid on time. The cybercriminal pretends to be the debt collector for an "accounting and management company".
Note that this is not the first time that unpaid rent scams have wreaked havoc in France. At the beginning of last year, Cybermalveillance had already taken the time to warn the French about a "rent diversion scam". The site claims that this type of trap has been spreading online since the end of 2022.
Emails that cause "anxiety"
The attack begins with the sending of an email indicating that the "rent payment" is still pending. To regularize the situation, the target is asked to make the payment using the "new banking information" provided in the email. The message states that the "banking details have recently been changed.".
Other versions of the email instead claim "a technical error" with the landlord's bank account, which prevented the final rent payment. Sometimes, the initial email does not include any payment information. The scammers then ask the targeted tenant to reply to the email to obtain the banking information needed to pay the rent. During some exchanges, the cybercriminals even asked the target to provide "automatic payment authorization for future rent payments" to the account.
To trick victims, the hackers send the emails using compromised email accounts belonging to property management companies. These accounts were likely hacked using viruses or previous phishing attacks. As the CNIL (French Data Protection Authority) indicates, France has been the scene of numerous data breaches in recent months, providing hackers with a wealth of information to leverage their operations. To draft the email, they then carefully collect information on the identity of the company, the person whose name is being used, and add the appropriate logos. It's possible that the emails are written with the help of AI.
"Two dozen IBAN numbers"
If the target decides to make the payment urgently, the rent money will be sent to the cybercriminals' bank account. To collect rent, the scammers use IBAN accounts that "change frequently, which makes detection more difficult." In fact, the hackers will orchestrate two to three campaigns using the same account before using a new one. Experts counted "nearly two dozen IBAN numbers in more than 50 campaigns.".
Well-organized, the hackers opened accounts in branches of major French banks, likely using fake IDs. These accounts were carefully set up to receive the proceeds of the scam, ahead of the campaign's launch.
A gang targeting the French
According to the investigation conducted by Proofpoint, a single hacker gang is behind all the attempted rent-related scams. Referred to under the code name TA2900, the group operates from an unknown country. Despite the attack's modus operandi, there's no indication that the hackers speak French or are located in France.
What to do in case of a scam?
Before responding to a payment request received by email, we recommend you think carefully. Make sure the recipient is who they claim to be. If you have the slightest doubt, take the time to call your landlord or the person in charge of rental management, Cybermalveillance recommends in its report from last year:
Above all, don't act in a hurry. This is the best way to lose money and be trapped by cybercriminals. If you acted too quickly and have paid, "immediately alert your bank of the fraudulent transaction to try to suspend the transfer," advises Cybermalveillance.
Source: Proofpoint
0 Comments