Threat Actors Abuse Google Groups to Send Fake order Notifications

Threat actors continue to evolve their spam tactics by utilizing legitimate  Google Groups to send Fake order messages to target multiple users. 

Fake order scams work by notifying victims about the purchase status or confirmation that originally was not placed by the recipient.

They are motivated to steal the victim’s personal credentials – name, address, credit, or banking information, or trick the victim into installing malware on their computer.

Trustwave SpiderLabs has identified a notable surge in these Geek Squad scam email activities delivered via Google Groups.

The new variant of the fake order scam sent to the users to notify them about the victim has been added to the Google group.

Fake Google Notifications Warning

Above is a sample of a scam message sent to the user to join the client support geek squad, and by clicking view, this group will redirect to a fake discussion group.

Later, threat actors can automatically add email addresses, even non-Gmail accounts, into a group and start spamming users. 

Fake Email

The spam email notified the users about the renewal of their membership in Geek Squad and the amount for the renewal. The customer ID was mentioned to make it legitimate.

It also leaves the customer care number to contact the support team to avoid charging the amount if they do not wish to continue.

If the victims contact the customer care number mentioned in the email, it will connect with spammers, and they are asked to update the online form.

They then instruct the victims to access a website where an application can be downloaded to access the victim’s machine remotely. 

Once the scammer has remote access, they pretend to process the refund while secretly browsing their files and accessing sensitive information such as personal documents, banking details, and passwords.


These deceptive schemes cause financial harm to victims and lead to breaches of their personal data.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Sujatha

Recent Posts

New Zhong Stealer Malware Exploit Zendesk to Attack Fintech and Cryptocurrency

A newly identified malware, dubbed Zhong Stealer, has emerged as a significant threat to the…

9 hours ago

SPAWNCHIMERA Malware Exploits Ivanti Buffer Overflow Vulnerability by Applying a Critical Fix

In a recent development, the SPAWNCHIMERA malware family has been identified exploiting the buffer overflow…

2 days ago

Sitevision Auto-Generated Password Vulnerability Lets Hackers Steal Signing Key

A significant vulnerability in Sitevision CMS, versions 10.3.1 and earlier, has been identified, allowing attackers…

2 days ago

NSA Allegedly Hacked Northwestern Polytechnical University, China Claims

Chinese cybersecurity entities have accused the U.S. National Security Agency (NSA) of orchestrating a cyberattack…

2 days ago

ACRStealer Malware Abuses Google Docs as C2 to Steal Login Credentials

The ACRStealer malware, an infostealer disguised as illegal software such as cracks and keygens, has…

2 days ago

Nagios XI Flaw Exposes User Details and Emails to Unauthenticated Attackers”

A security vulnerability in Nagios XI 2024R1.2.2, tracked as CVE-2024-54961, has been disclosed, allowing unauthenticated…

2 days ago