A new phishing scam strategy is targeting families or individuals related to an active soldier on duty. These malicious actors offer fake services that steal the victim's identity, bank account details and other sensitive information.
Researchers from Lookout recently discovered a new threat on the internet, and this one targets families of US military personnel. The scammers impersonate military support organizations, making their scheme very convincing to unsuspecting individuals.
The scammers cleary aims to steal the victim's name, address, phone number, photo identification and bank account details. Note that the malicious actor could also steal the victim's identity and impersonate them online with this information.
Phishing Scam Targeting US Military Families
Lookout listed some of the fake services offered by the scammers. These are typically services applied by family members or loved ones on behalf of the soldier. The scammers are taking advantage of the fact that the soldier is on-duty or difficult to communicate with, so the victim has no way of validating the service.
Here are three fake services offered on scam websites:
Applying Leave for a Soldier
Scammers offer to file requests for an emergency leave on the soldier's schedule. The leave days are supposedly used for the soldier's health benefit or vacation. The cost of this service is determined by the length of leave.
- 4 weeks: $3,500
- 10 weeks: $20,123
- 18 weeks: $40,976
- 26 weeks: $60,342
Sending Care Packages
Family members are also scammed with opportunities to send care packages to the deployed troops. These services notably feature a highly inflated price.
- Mini care package - $800
- Airbourne care package - $1,200
- Premium Care package - $1,700
Reclaiming Compensation Fund
On a much more morbid strategy, they fake services for families or individuals who lost their soldiers in the line of duty. Scammers will request information to "help process the compensation fund" for the victims. Be warned that applying for this service lets the scammer steal a lot of sensitive data like:
- Name of Soldier
- Country Deployed
- MOS Code
- Your Full name
- Your ID (Attach a clear photo of it to the mail)
- Email Address
- Relationship with the soldier
- Bank Name
- Account Number
Researchers suggest immediate phishing countermeasures against these attacks. Related parties are also recommended to familiarize themselves with phishing and scam messages to avoid falling victim.
How to Stay Safe Against Phishing Scams
According to OOC, the best way to stay protected from phishing scams is to practice these four reminders:
- Never provide personal information to an unsolicited request. This applies to emails and messages that come from suspicious or unknown sources.
- Contact the financial institution yourself. To validate the suspicious messages, contact the organization or institution through public channels. Their official phone number and email should be available on their website or phonebooks.
- Never provide passwords. Be warned that official sources will never ask for passwords to validate an identity. Only scammers and thieves will ask for pin codes and passwords.
- Review account statements regularly. In an unfortunate situation where an account is already hacked, a few suspicious expenses might reflect on the monthly bills. Contact the service and validate the costs immediately.
Related Article: EwDoor Malware Infects AT&T Users: How to Detect Data-Stealing Virus, Remove from Your Phone