The FBI has warned that financial organizations' refund payment portals are being impersonated in an effort to exfiltrate sensitive data, BleepingComputer reports.
Threat actors have been masquerading as technical or computer repair service representatives in emails and phone calls to lure individuals, particularly the elderly population, into handing them computer access, according to the FBI, which added that specific services will be indicated on messages as renewable for a fee between $300 and $500.
Windows batch files have been leveraged by attackers to effectively impersonate refund payment portals in campaigns as recent as last month, with BleepingComputer discovering Chase Bank as one of the impersonated entities. The FBI noted that scripts used by attackers facilitate collection of personal and banking details that would enable unauthorized fund transfers.
"The executable will generally run a command prompt made to look like a service screen. Additionally, the script contains commands to write information to a text file, and several pauses that provoke user engagement as they 'wait' for a refund or other action to take place," said the FBI.