Scammers exploit data leak fears

Read time 2min 40sec

Researchers from Kaspersky have uncovered a new online fraud scheme designed to fool people into thinking they are owed compensation for personal data leaks.

The scam involves a Web site allegedly owned by the Personal Data Protection Fund, founded by the US Trading Commission. The fund issues compensation to those who may have been subject to a personal data leak and is available to citizens from any country in the world.

The site offers to check whether user data has ever been leaked, and all the individual needs to do is provide their name and surname, phone number, and social media accounts. Once this has been done, an alert is shown indicating that the user has experienced a leak, which might include data such as photos, videos, and contact information, entitling the user to compensation of thousands of dollars.

But fraudsters do not just ask for a user to enter a bank card number and wait for the payment to be credited; users are asked to enter their own social security numbers (SSN), a nine-digit number issued to US citizens as well as permanent and temporary working residents.

In the absence of a SSN, the Web site offers to sell a temporary one with a $9 price tag. Upon agreement, the target is redirected to a payment form in Russian or English with the purchase price specified in rubles or dollars respectively. The specific form depends on the victim’s IP address.

To date, individuals in Russia, Algeria, Egypt and the UAE, as well as other countries have fallen for the scam.

Tatyana Sidorina, security expert at Kaspersky, says the scammers are most likely Russian speakers, as suggested by the request for payments in rubles, plus the suspicious similarity of the scheme to other easy money offers that regularly tempt residents of Russia and the CIS.

“The e-bait in those schemes varies - giveaways, surveys, secret retirement savings, even a part-time job as a taxi dispatcher - but they tend to be in Russian (as are some of the preceding links). The bottom line is always the same: the juicy promise of quite a bit of easy money, followed by a demand to pay for an inexpensive service, be it a commission, a ‘securing’ payment, or a temporary SSN.”

Sidorina says as data privacy has been a hot topic for several years, the scam is both topical and compelling. Once certain organisations began to compensate users, fraudsters latched on to the idea, and saw an opportunity to cash in.

In order to stay protected from the potential risks of online fraud, Kaspersky experts advise to never trust payment offers. 

"If someone promises a large cash payout for something as trivial as taking part in a survey, it is almost certainly a trick. And if you are asked to pay something to then receive the funds, you can be doubly sure it’s a swindle."

Login with