Scammers are playing college kids with free piano offers

Cybercriminals are targeting college students and faculty with advance fee scams centered around pianos.

Since January, Proofpoint has seen at least 125,000 messages in which a free piano is offered “often due to alleged circumstances like a death in the family.”.

“When a target replies, the actor instructs them to contact a shipping company to arrange delivery,” Proofpoint said. 

“That contact address will also be a fake email managed by the same threat actor. The ‘shipping company’ then claims they will send the piano if the recipient sends them the money for shipping first.”

In an advance fee fraud (AFF) scam, victims are usually asked for a small amount of money up front in exchange for a larger amount to be paid at a later date. Proofpoint has tracked dozens of different advance fee fraud (AFF) scams over the years, attributing many to groups based in Nigeria. 

The piano-themed scammers typically ask for personal information and payment through cryptocurrency or bank transfer platforms like Zelle, Cash App, PayPal and Apple Pay. Once the payment is sent, the fraudsters stop answering. 

At least one of the Bitcoin wallet addresses connected to the campaign ”contained over $900,000 in transactions.” according to Proofpoint, but it is unclear whether all of the money was from piano scams or if it was being pooled with other cybercriminal operations. 

Proofpoint researchers communicated with one of the scammers and were able to obtain IP addresses, one of which was based in Nigeria. 

Selena Larson, threat researcher at the company, told Recorded Future News that they frequently see AFF scams that use products like computing equipment or other types of technology to get victims to pay money ahead of time. 

Larson noted that in her conversations with friends, she learned it is actually common for people to give pianos away for free if the recipient pays for transport. 

“So, for many people receiving this type of lure, it wouldn’t be unusual. However, the hoops the recipient is asked to jump through – like contacting multiple different emails and sending money to a seemingly unrelated account – should signify to the recipient that the offer is not legitimate,” she said. 

“While pianos might seem a bit unusual, they’re just one lure theme actors are using. What surprised me the most was the amount of money the scammers appear to have made – small requests for payment really do add up when threat actors are conducting these types of scams at scale.”

AFF actors likely research what products people typically sell online in an effort to make their lures more realistic, Larson noted, adding that the schemes can work with practically any product. 

Proofpoint has often seen scammers bait victims with emails about potential jobs, inheritance, awards, government payouts, and international business. The company previously tracked a campaign where fraudsters targeted college students with employment opportunities, writing that small amounts of money were needed to pay for computers or cameras for the fake jobs.