A new scam finds fraudsters using a website designed to look like the U.S. Federal Trade Commission (FTC) site in an attempt to con people out of their money. This FTC fraud is an example of an imposter scam. It’s a type of attack where threat actors disguise themselves as a trusted authority to trick people into handing over their personal and/or financial information.

People as far away as Russia, Ukraine, Belarus, Kazakhstan and Latvia reported this latest imposter scam to the FTC. Some say they fell victim to the ploy and lost money in the process.

Learn more about how this fake website works and how to stay safe against an imposter scam.

FTC Fraud Working Under the Name ‘US Trading Commission’

Hopefully, you haven’t heard the name of this agency before. That’s because it isn’t real. Threat actors use this name to pretend to be the FTC. They also added a sense of truth to their site by using FTC branding without permission.

On the site, the threat actors stated the US Trading Commission was capable of using a ‘personal data protection fund’ to compensate people whose information had been exposed online. Visitors would ‘instantly receive’ a cash payment if they clicked a few links and submitted their personal data along with their banking information.

Visitors, who complied with this FTC fraud, risked having digital criminals empty their banking accounts, installed malware on their devices and/or leveraged their personal details to carry out identity fraud. The fake website claimed that cash ‘is available to residents of all countries of the world.’

To be clear, the FTC does compensate U.S. consumers who have lost money as a result of unfair business practices. But it does not ask their victims for their personal information or banking details to return those funds.

Other U.S. Federal Imposter Scams

Along with the FTC fraud, look out for these lookalike scams pretending to be government agencies. A recurring theme is calls claiming to come from the U.S. Social Security Administration (SSA). For example, a July 2019 scam saw threat actors calling people and telling them someone had stolen their Social Security number. They then told their victims that the SSA could help them keep their money safe against identity thieves if they withdrew all of their money and sent it to what they thought was an account run by the agency. The real SSA notes that it will sometimes call people, but will never ask for an immediate payment.

Other digital attackers pretended to be employees of the U.S. Department of Justice in 2020. They used that disguise to trick people into calling a number that then led them to an ‘investigator’ who tried to steal their information.

Recently, the FBI warned against spoofed domains designed to look like the law enforcement agency’s official websites.

How to Defend Against FTC Fraud and Other Imposter Scams

Organizations can defend themselves and their employees from falling victim to FTC fraud or another imposter scam by creating a security awareness training program. They should leverage this ongoing training to get their employees used to common social attacks such as imposter scams.

To make these training programs as relevant as possible, organizations should obtain access to reliable threat intelligence feeds. They can use these to keep their entire workforce informed about emerging threats. Then, you can use that knowledge to put appropriate defensive measures in place.

More from News

HHS Releases Hospital Cyber Resiliency Landscape Analysis

4 min read - On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of its Hospital Cyber Resiliency Initiative Landscape Analysis. This landmark analysis reports on domestic hospitals’ current state of cybersecurity preparedness. The scope of the HHS study was limited to activities that protect access to patient care and safety and reduce the negative impact of cyber threats on clinical operations. Breaches of sensitive data were considered only if the breach had a direct…

4 min read

Zombie APIs are a Top Security Concern as API Attacks Surge 400%

4 min read - Organizations of all sizes rely on application programming interfaces (APIs). The API explosion has been driven by several factors, including cloud computing, demand for mobile/web applications, microservices architecture and the API economy as a business model. APIs enable developers to access data remotely, integrate with other services, build modular applications and monetize their data/services. For enterprises that participated in a recent research study, the average number of APIs per organization was 15,564. Large enterprises (over 10,000 employees) had an average…

4 min read

Google’s Bug Bounty Hits $12 Million: What About the Risks?

4 min read - Bug bounty numbers have never been better. In 2022, Google rewarded the efforts of over 700 researchers from 68 different countries who helped improve the security of the company’s products and services. The total amount of awards grew from $8.7 million paid in 2021 to $12 million in 2022, a nearly 38% increase. Over the past few years, bug bounty programs have gained significant traction. Companies have been lured in by the potential to identify vulnerabilities quickly, enhance product security…

4 min read

Swiss Army Knife Malware Slices Through Systems In so Many Ways

4 min read - What if one single malware strain could cut through any security that tried to stop it? In a new study of more than 550,000 live malware strains, the Picus Red Report 2023 has unveiled a trove of over 5 million malicious activities. In the report, researchers identified the top tactics utilized by cyber criminals in 2022. Picus' findings also highlighted the growing prevalence of "Swiss Army knife malware". This type of malicious software is capable of executing a range of…

4 min read