My next class:

Fake Bank/Post Office Phone Calls Targeting Chinese Immigrants

Published: 2018-10-25. Last Updated: 2018-10-25 14:22:10 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

The most visible scams you typically see are distributed rather broadly without targeting specific groups. They usually operate on the assumption that it will his at least a couple of victims willing to fork over some money for the elusive gain promised by the scam. On the other hand, scams can be more effective if they are targeting smaller groups. The scam can use a message that is particularly focusing on concerns to the group.

More recently, I have observed a number of phone calls that appear to target in particular Chinese immigrants to the US. The phone calls are typically using mandarin, even though they don't always appear to use native mandarin speakers but speakers with an accent (likely call centers, maybe in more rural China or in another Asian country).

So far, there appear to be two main types of calls:

- The call claims to be from an airport/post office claiming that there is mail waiting and customs fees need to be paid first.

This is a rather convincing scam for immigrants who are more likely to receive mail from outside the US. Customs fees may be due, even though I personally never had to deal with this and not sure if you would even receive a phone call. If so, the phone call would most likely not be in Chinese (without offering an English option).

- The second call claims to come from Wells Fargo and asks for additional information to prevent the account from being locked.

Now this one is in particular tricky. Banks have been asked in recent years to collect more information from their customers to comply with the "know your customer" regulation to avoid money laundry and other criminal activity. As a result, in particular, Wells Fargo was in the news recently because the bank closed some small business accounts after not being able to contact the owners. Immigrants tend to be more affected by this in particular if they don't speak English and are more likely to discard mail sent by the bank. So they may have heard stories about closed accounts online or from other businesses.

Here is a voicemail left behind by the Wells Fargo scam:

Transcription: 

Translation: Wells Fargo Notice. Your account has an anomaly and will be forcibly closed today, please press one for details, and connect to the Chinese language specialist.

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

Keywords:
3 comment(s)
My next class:

Comments

The mp3 file for the voicemail seems to be missing or misaddressed.
> https://isc.sans.edu/diaryimages/voicemail-83.mp3
> Sorry, the page you where [sic] looking for could not be displayed at this time.

Typical "tell" of a spammer -- misuse of homonyms.
That might explain the mystery calls we have received in the last 2 days where the caller starts with "Si hablo Espanol". When we ask ( in English) "who is calling" they hang up. We'll flesh this out the next time by answering in Spanish and finding out what they want. My guess is that it is either an legitimate entreaty for Hispanic voters to vote or a scam targeting illegal aliens.

Diary Archives