An application for a seizure warrant filed by the U.S. Secret Service reveals that threat actors were able to steal $34,000 through fake antivirus renewal subscription emails.
Special Agent Jollif of the United States Secret Service (USSS) submitted the warrant to recover the stolen funds. The money was obtained through a scam involving a fake Norton subscription renewal email that allowed the threat actor to access a victim’s PC and bank account.
According to court documents, the stolen money is held in a Chase bank account belonging to “Bingsong Zhou,” who is associated with phishing scams impersonating Norton Antivirus renewal subscriptions.
The phishing emails claim that the recipient is about to be charged for renewing an antivirus subscription license and instructs them to call a provided number to cancel the charge.
When the victim calls the number, the scammers direct them to perform various actions such as installing remote access software, infecting their computers with malware, and entering their account credentials on a phishing page.
Special Agent Jollif noted that this type of scam has been ongoing for years and has recently increased in volume.
Illusionary deposit
The court document highlighted a case where a victim received a phishing email on November 28, 2023, informing them that they would be charged $349.95 for a Norton antivirus subscription unless they canceled the charge.
Although the phishing email received in this attack is not shown in the court document, it is likely similar to past attacks.
The victim, after contacting the scammers, allowed them remote access to their laptop under the pretense of ensuring a refund of $349.95. The scammer then falsely claimed that $34,000 had been refunded in error and convinced the victim to return the amount to avoid legal trouble.
Thinking that the $34,000 deposit in their checking account was from Norton, the victim complied. In reality, the scammer had manipulated the victim’s monitor and transferred $34,000 from their savings account to their checking balance without their knowledge.
After discovering the fraud, JP Morgan Chase restricted Zhou’s access to the funds and moved them to a suspense account controlled by the bank on December 7.
The seizure warrant seeks to claim the $34,000 as potentially criminal proceeds and Zhou is facing charges of wire fraud and involvement in a phishing scam, as well as potential charges of money laundering, bank fraud, and conspiracy to commit wire fraud.
