Heimdal
article featured image

Contents:

RedZei (or RedThief) Chinese-speaking hackers are targeting U.K.-based Chinese international students, a wealthy victim group, with scam calls.

The campaign is ongoing for more than a year and shows that threat actors have meticulously selected and researched their victims.

Details About the Campaign

To bypass security measures, like phone number-based blocking, RedZei group takes several steps on its scam calls operation. They use a new pay-as-you-go U.K. phone number for every attack wave.

The threat actor alternates between SIMs from several mobile carriers such as Three, O2, EE, Tesco Mobile, and Telia.

Source

Victims were called once or twice a month, each time from a different U.K. phone number, and received an “unusual” automated voicemail if they did not answer the phone.

Chinese Students in the U.K. Are Victims of RedZei Scam Calls

Source

In that voicemail, cybercriminals impersonate organizations like the Bank of China, China Mobile as well as the Chinese embassy. The social engineering techniques were meant to trick students into disclosing their personal information.

Other themes exploited by RedZei include the ‘abnormal usage of your NHS number’ and international parcels being delivered from DHL, which are both common concerns for Chinese students studying in the UK.

Will Thomas via The Hacker News

It seems that this very profitable campaign has been started by RedZei in August 2019, when a Visa scam tricked Chinese international students to transfer enormous amounts of money to avoid deportation.

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE