Cover Designer Directory | Author Resources Just another Cover Designer Directory site Related Articles
One of our members contacted us to spread awareness. We did some digging on the info provided and we discovered this was a very complex social engineering scam that even we didn’t catch at first glance! Here is how the scam works:
A “client” books a project with you (actually putting down money!) and then contacts you with something like this message from an email:
“Can you call me? (I’m pretty sure you’re in the US aren’t you, if not disregard) This is strictly professional, (remember, I’m 66 years old, so I have no thoughts of dating you or harassing you and will never give your number out to others) but perhaps I can better relay my vague thoughts to you. I have to warn you though, I am a little hard of hearing.”
The scam appears to be very complex and highly technical. It is odd that money would be deposited, but we assume they do this to gain trust and establish credibility using stolen credit cards that they would file a dispute to get their money back if the scam doesn’t play out. They are most likely using either a hard-of-hearing relay service or an “AI” voice generator which explains the hard-of-hearing warning. Plus it makes you feel sympathy. The “can YOU call me” is so they can get your phone number to sell to other scammers or make you pay a “service fee” to talk to this person. And they are clearly only targetting people in the US possibly because that is where they have their money mules located and because they expect your business to comply with the Americans with Disabilities Act and may threaten to report your business if you don’t comply. If you called them, they may additionally try to pull a refund scam, romance scam, or tech support scam. They may even overpay for a service (using stolen credit cards) so that you can send the extra money back to them helping in the laundering scheme.
We did an analysis on the email domain and found it was created 4 years ago at the start of the pandemic, has ties to the Philippines, and was flagged by several security vendors as a threat in early 2020. The domain is now only used for sending an email which decreased its threat score to “none”.
HOW TO IDENTIFY A SCAM:
Ask yourself questions like, am I expecting this? is this too good to be true? or I can’t believe this really bad thing is happening to me. Chances are it is a scam.
Here is some more info about this particular scam and more ways to protect your business: https://mn.gov/…/protect-yourself-from-phone-fraud…
