Cybersecurity Blog

Scammers getting really clever with MasterClass phishing emails – 04/28/22

Over the last few weeks phishing emails with fake invoices from MasterClass have been popping up in inboxes all over campus.  I have been posting them to the Phish Bowl, but you can see an example here.

Most of you will have probably noticed that the attachment itself isn’t malicious.  Instead the scammers are hoping you will call them and ask for a refund. If you do, there a number of scams they can pull.

The simplest is asking for your credit card number so they can issue a fund to the correct card.  They assure you that the refund will appear on your credit card statement within 48 hours. Of course, no such refund is made. Instead they go on a 48 hour shopping spree on your dime.

The more sophisticated scams  take you through a “refund” process where they deposit funds directly into your bank account. They then show you a fake screen shot that indicates they accidentally refunded you too much money and then ask you to e-transfer the excess funds.  When you point out that the refund doesn’t appear on your online bank account statement, they say that it will take 24 hours to do so. If you ask to wait until it shows up, they say if they don’t fix the error now, they will get fired.  They can be very persuasive. Sometimes they will cycle you through several “supervisors” and “mangers” to convince you that the excess funds must be returned immediately.

Of course, they never charged your card in the first place, nor will you ever see the money refunded to your bank account. Instead you will have handed over thousands of dollars to the scammers.

Fortunately, it doesn’t appear as though there have been many people on campus who have fallen for this scam.  As a result, the scammers have upped their game. We are now seeing the following email arrive in inboxes shortly after the one I previously shared.

You see people are getting smart. The scammers are realizing that an email with an attachment maybe isn’t the best way to get people to call them. Instead, they have set up a remote support session. The diabolical part,  is this email comes from a legitimate service,  Zoho Assist.  So malware filters won’t think anything is amiss. Your only clue is the little note at the bottom that mentions the email comes from a generic email account instead of MasterClass itself.  This is something they hope won’t notice as the previous email has already got you thinking about that MasterClass subscription you didn’t sign up for.

I have to admit, this is very very clever. The good news is, if you take your time and look closely you can identify the scam and delete the email before things ever get to the excess refund stage.

Leave a Reply

Your email address will not be published.