Users in English speaking countries are quite familiar with the Nigerian scam: an important guy in Nigeria needs your help getting his money out of the country and if you assist with some transaction fees, a chunk of his fortune could be yours. But what about non-English speaking countries? What forms the baseline level of internet crap? Today we’re going to look at the Chinese version – the seminar scam.
Step 1: the pitch
This is actually more common via SMS, presumably due to limited mobile spam tools. The subject line will reference upcoming training for generic business skills like project management, book keeping, or HR.
This particular message we received is advertising a “project leadership” seminar.
These pitches vary in topic, generally staying around vague business topics and are so common that almost any Chinese internet user is likely to see one eventually. The provided mobile number doesn’t show any results besides more spam and the QQ isn’t registered to any notable groups. Generally, the accounts associated with these emails are used exclusively for the scam.
Step 2: the form
Naturally, we want to attend said seminar, so we sent a response asking how to register. Within a day, the scammer responded:
He’s referencing a file that has a detailed agenda, as well as registration info. He also wants our Weixin, so that we can “maintain a long-term relationship.”
The attached, clean file includes a “registration form” requiring the following:
- Company name, address, and bank with account number
- Attendee’s name, phone number, and email addresses.
This is the point where generic business spam begins to edge closer to malicious. Scammers will take the target’s money, and PII as well for use in further scams. Should a user actually fill this out, they will be signed up for every spammer’s list in perpetuity.
Step 3: the payment
Just in case we were wondering about receipts, the form lets us know that we can pick up our tickets the day of the “training,” and then provides a bank account that we can wire money directly to.
Given that we didn’t pay the guy and we did not go to Shanghai to check out the “venue”, there’s still a possibility that this may be legit. That said:
- We responded from a free Chinese webmail, offering no company affiliation. This did not faze the scammer.
- There are estimates that up to 40% of Chinese private educational institutions (training centers, job skills, etc.) are unlicensed and/or fraudulent
- The price of this training is 1800 yuan, which makes up a significant portion of the average Chinese monthly wage of 2300 yuan.
The odds are fairly good that there either isn’t any training, or the venue specified actually hosts a pyramid scheme that will train members on how to recruit new marks. Much like a Nigerian scam, this form of advance fee fraud is very common and familiar. Its familiarity is actually a plus, as anyone who responds to such an obvious pitch more or less preselects themselves as a vulnerable and easily manipulated target. And similar to the 419 scam’s exploitation of underdeveloped financial institutions in Nigeria, the seminar scam exploits a void in regulation in the Chinese adult education market. Seminar scams are a great reminder that regardless of the language or culture used, scammers will exploit the same weaknesses online, wherever they are.
So how do you defend yourself against seminar scams? First, don’t respond to the email and definitely don’t disclose any personal information. But also ask yourself, “Have I heard of this institution? Does it have a local reputation?” As well as “What reputable organization advertises in this way?” Probably not too many. Stay safe: be vigilant.
*** This is a Security Bloggers Network syndicated blog from Malwarebytes Labs authored by William Tsing. Read the original post at: https://blog.malwarebytes.com/cybercrime/2017/09/nigerian-scams-without-the-nigerians/