Threat analysts at Lookout have reported in new findings that a phishing campaign is victimizing members of the United States military units and their families. As per the report, it is a long-running operation that has impersonated various military support organizations and personnel profiles to lure victims into advance-fee scams, stealing sensitive personal information and financial data.
Motivated by monetary benefits, malicious actors are stealing financial sensitive data from victims which includes bank account information, photo identification, names, addresses, and phone numbers, Lookout said in the report.
“Based on our analysis, it’s clear that the threat actor is looking to steal sensitive data from victims such as their photo identification, bank account information, name, address, and phone number…,” wrote Lookout’s threat analysts in a blog post published today.
“…With this information, the actor could easily steal the victim’s identity, empty their bank account and impersonate the individual online,” the blog further read.
The group of scammers created a series of websites that appears legitimate and genuine, the operators enhanced the authenticity of the sites by adding various advertisements for Department of Defense services (DODS) to falsely indicate their affiliation with the military.
Sources accounted, the operators offer high-priced services that are never delivered such as leave applications, communication permits, and care packages, to lure clients into thinking that they are interacting with a military member. Cybersecurity threat analysts have also reported that Nigeria is the scammers’ operational base.
“The websites were primarily hosted by Nigerian providers that are offshore or ignore the Digital Millennium Copyright Act (DMCA). We were able to further confirm the operator’s location from a phone number one of the web developers accidentally left on the draft version of the site. The country code of the number is from Nigeria,” said researchers.
“We were also able to link this group to numerous other scams advertising fake delivery services, crypto-currency trading, banks, and even online pet sales,” researchers added.
