{"id":15268,"date":"2020-01-16T14:05:23","date_gmt":"2020-01-16T10:05:23","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/data-leak-compensation-scam\/15268\/"},"modified":"2020-01-16T14:06:35","modified_gmt":"2020-01-16T10:06:35","slug":"data-leak-compensation-scam","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/data-leak-compensation-scam\/15268\/","title":{"rendered":"Uncle Sam compensates you for data leaks (yeah, right)"},"content":{"rendered":"

Data leaks<\/a> of all sorts regularly crop up in the news, and recently so have fines, some potentially reaching into the billions<\/a>, slapped on the companies responsible. If companies have to pay for data leaks, surely some of that money goes to the victims, right?<\/p>\n

Surprise from the US Trading Commission<\/h2>\n

Recently, a curious site caught our eye. Seemingly owned by a certain Personal Data Protection Fund, the website\u2019s main page states that the fund was created by the \u201cUS Trading Commission.\u201d<\/p>\n

At first glance, the site looks reasonably sound, with a restrained design showing a hefty sum on the right. A large banner at the top of the page announces that the fund awards compensation for leaks of personal data \u2014 for which citizens of any country in the world can apply.<\/p>\n

\"US<\/a>

US Trading Commission offers compensation for data leaks<\/p><\/div>\n

For those interested, the site offers to check whether your data has ever leaked. For this, you need to specify your surname, first name, phone number, and social media accounts. Above the input form is a warning that entering other people\u2019s data will result in a severe penalty.<\/p>\n

\"To<\/a>

To find out how much money you are entitled to, you must provide personal information<\/p><\/div>\n

However, it turns out that the website accepts any information, even complete gobbledegook. For example, we inquired about the personal data of a citizen named fghfgh fghfgh. The site pondered for a while, seemingly connecting to a database of information about leaks\u2026<\/p>\n

\"The<\/a>

The site supposedly searches for information about leaks<\/p><\/div>\n

\u2026and lo and behold, found that our fictional character with an unpronounceable name had indeed had their data leaked. Moreover, it turned out that someone had already used their photos, videos, and contact information, and so fghfgh was entitled to compensation in excess of $2,500!<\/p>\n

\"The<\/a>

The site found information about a leak and calculated the amount of compensation<\/p><\/div>\n

Buy a temporary SSN<\/h2>\n

One might think it would suffice to give a bank card number and wait for the payment to be credited. Not quite. The charitable fund cannot send money without knowing your SSN (social security number), a nine-digit number issued to U.S. citizens as well as permanent and temporary working residents.<\/p>\n

This unique number is used for almost everything in the U.S., including paying taxes, applying for a job, renting a home, and so on.<\/p>\n

But if you don\u2019t have one, never fear: You can simply check the box next to the line \u201cI\u2019am don\u2019t have SSN\u201d (English grammar doesn\u2019t seem to be the scammers\u2019 strong point).<\/p>\n

\"Form<\/a>

Form for entering a card number and SSN<\/p><\/div>\n

To get around the problem of not having an SSN, the site offers to sell you a temporary one! In comparison with the amount of compensation dangling in front of your eyes, the $9 price tag is a trifle.<\/p>\n

\"Scammers<\/a>

Scammers offer a temporary SSN for a small fee<\/p><\/div>\n

If you do try to complete the transfer without buying an SSN, the site will return an error and demand a temporary number. And if by some chance you happen to specify a valid SSN in the fraudulent form, you will still be asked to buy a temporary one.<\/p>\n

\"The<\/a>

The site returns an error if the user tries to complete the transfer without a temporary SSN<\/p><\/div>\n

Those who decide to purchase a temporary SSN get redirected to a payment form. If you happen to do it from a Russian IP address, this payment form appears in Russian, and the purchase price is specified in rubles. This is strange. Why would a U.S. government agency require payment in a foreign currency?<\/p>\n

\"Russian-language<\/a>

Russian-language temporary SSN payment form<\/p><\/div>\n

Residents of other countries are likely to be redirected to a less suspicious English-language form asking for payment in dollars.<\/p>\n

\"English-language<\/a>

English-language temporary SSN payment form<\/p><\/div>\n

Are Russian online scammers going international?<\/h2>\n

Of course, this is scam. The Personal Data Protection Fund does not exist, and neither does the US Trading Commission, as you might have guessed. The name of the real organization the scammers apparently are trying to impersonate here is Federal Trade Commission, but the FTC does not hand out compensation indiscriminately.<\/p>\n

The scammers themselves are most likely Russian speakers, as suggested by the ruble payment form, plus the suspicious similarity of the scheme to other easy money offers that regularly tempt residents of Russia and the CIS.<\/p>\n

The e-bait in those schemes varies \u2014 giveaways<\/a>, surveys<\/a>, secret retirement savings<\/a>, even a part-time job as a taxi dispatcher<\/a> \u2014 but they tend to be in Russian (as are some of the preceding links), and the bottom line is always the same: the juicy promise of quite a bit of easy money, followed by a demand to pay for an inexpensive service, be it a commission, a \u201csecuring\u201d payment, or a temporary SSN.<\/p>\n

The present scheme uses the same payment systems as previous ones. This too leaves a familiar trail of Russian cybercriminal breadcrumbs. The only difference with the compensation scam is the wider attack geography. For example, this time victims were located not only in Russia and neighboring countries, but also in Algeria, Egypt, the UAE, and elsewhere.<\/p>\n

How to avoid the trap<\/h2>\n

Such scams are aimed at those hopeful victims who wouldn\u2019t find such an offer suspicious. Therefore, our main tip is to remain vigilant:<\/p>\n