Email scammers are luring people with an unusual bait: a free piano. Since January, at least 125,000 piano-themed scam emails have targeted inboxes in North America, according to anti-phishing security vendor Proofpoint.
Proofpoint’s research reveals that these scam emails deceive victims into thinking they are being offered a free piano, often due to a supposed family death. When recipients reply, they are directed to contact a shipping company, which is just an email address controlled by the scammers. The fraudsters then request payment for delivery via Zelle, PayPal, Apple Pay, and cryptocurrency, and ask for personal information such as name, address, and phone number, which can be used for identity theft.
Victims end up paying hundreds of dollars and sharing sensitive information, only for the scammers to disappear with the money. Proofpoint warns that this malicious email campaign is ongoing, mainly targeting students and faculty at North American colleges and universities, but also industries like healthcare and food services.
Despite circulating for years, the scam’s recent surge led Proofpoint to engage with one of the cybercriminals, uncovering an IP address and device information linking the operation to Nigeria. A Bitcoin address used by the scammers contained $900,000, likely from various scams.
Proofpoint advises being wary of offers that seem too good to be true and notes that these piano-themed scams often come from freemail accounts with names and numbers. Multiple variations of email content and contact addresses are used in these campaigns. Stay vigilant and avoid falling for such traps.