Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2018-10-25 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Fake Bank/Post Office Phone Calls Targeting Chinese Immigrants

Published: 2018-10-25
Last Updated: 2018-10-25 14:22:10 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

The most visible scams you typically see are distributed rather broadly without targeting specific groups. They usually operate on the assumption that it will his at least a couple of victims willing to fork over some money for the elusive gain promised by the scam. On the other hand, scams can be more effective if they are targeting smaller groups. The scam can use a message that is particularly focusing on concerns to the group.

More recently, I have observed a number of phone calls that appear to target in particular Chinese immigrants to the US. The phone calls are typically using mandarin, even though they don't always appear to use native mandarin speakers but speakers with an accent (likely call centers, maybe in more rural China or in another Asian country).

So far, there appear to be two main types of calls:

- The call claims to be from an airport/post office claiming that there is mail waiting and customs fees need to be paid first.

This is a rather convincing scam for immigrants who are more likely to receive mail from outside the US. Customs fees may be due, even though I personally never had to deal with this and not sure if you would even receive a phone call. If so, the phone call would most likely not be in Chinese (without offering an English option).

- The second call claims to come from Wells Fargo and asks for additional information to prevent the account from being locked.

Now this one is in particular tricky. Banks have been asked in recent years to collect more information from their customers to comply with the "know your customer" regulation to avoid money laundry and other criminal activity. As a result, in particular, Wells Fargo was in the news recently because the bank closed some small business accounts after not being able to contact the owners. Immigrants tend to be more affected by this in particular if they don't speak English and are more likely to discard mail sent by the bank. So they may have heard stories about closed accounts online or from other businesses.

Here is a voicemail left behind by the Wells Fargo scam:

Transcription: 

Translation: Wells Fargo Notice. Your account has an anomaly and will be forcibly closed today, please press one for details, and connect to the Chinese language specialist.

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

Keywords:
3 comment(s)
Diary Archives