Buying fake Justin Bieber tickets could see your phone infected with malware

Scammers use fake call centers to steal money and infect victims with malware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Scammers are increasingly leveraging call centers to carry out cyberattacks and infect their victims withmalwareafter first roping them in by using PayPal invoices and even tickets to Justin Bieber’s upcoming 2022 world tour as lures, experts have warned.

According to anew reportfromProofpoint, the firm’s security researchers have observed an increase in attacks that rely on victims to call scammers directly and initiate the interaction after receiving an email with their phone number.

However, there are two types of these attacks, with one using freeremote assistance softwareto steal money while the other, which is frequently associated with BazaCall, uses theBazaLoader malwaredisguised as a document to compromise a victim’s computer and gain access to their online accounts.

Bieber fakes

In recent attacks, threat actors have begun emailing victims claiming to be representatives from Justin Bieber ticket sellers, computer security services, Covid-19 relief funds or online retailers with the promise of refunds for mistaken purchases, software updates or financial support. These emails contain a phone number for customer assistance but when a victim calls for help, they are instead connected with a malicious call center attendant who begins the attack.

What’s clever about this new attack method is that by having victims call on their own accord, scammers are able to bypass some automated threat detection services which are only capable of flaggingmalicious linksor attachments inemails.

Call center lures

One of Proofpoint’s researchers recently identified a financially motivated telephone-oriented attack delivery (TOAD) threat that mimicked a PayPal invoice from a weapons manufacturer in the US. After calling the number on the invoice, the researcher was told to downloadAnyDeskand login to his bank account.

With Justin Bieber’s 2022 Justice World Tour set to begin in February of next year, Proofpoint said it has seen the Canadian pop star being used quite frequently as a lure associated with BazaCall threats.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

After calling the number on a fake ticket invoice, the firm’s researcher was put on hold with Bieber’s music playing in the background. Once the scammer got on the line, they claimed that someone had erroneously placed an order on the researcher’s credit card and by going to ziddat[.]com/code.exe, a refund could be issued. After visiting the site, the BazaLoader malware was successfully downloaded on the researcher’svirtual machine.

What makes call center-based email threats so dangerous is that the scammers behind them don’t specifically target victims based on demographics, jobs or location but likely procure their contact information from legitimate data brokerages or other telemarketer resources. Proofpoint is aware of victims losing nearly $50k in one attack with the threat actor pretending to be a representative fromNortonLifeLock.

In addition to PayPal and Justin Bieber, call center-based email threat campaigns often impersonate a number of popular brands including Norton, MacAfee, eBay, GeekSquad, Santander Bank,Amazon, Symantec and others.

To prevent falling victim to these sorts of attacks, users should remain vigilant when checking their email and avoid calling the phone numbers contained in any suspicious emails, especially for items they didn’t purchase.

Protect your identity and data online with thebest antivirussoftware, thebest malware removalsoftware and thebest identity theft protectiontools

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well