Chinese international students in the U.K. have been targeted by persistent Chinese-speaking scammers for over a year as part of an activity dubbed RedZei (aka RedThief).
“The RedZei fraudsters have chosen their targets carefully, researched them and realized it was a rich victim group that is ripe for exploitation,” cybersecurity researcher Will Thomas (@BushidoToken) said in a write-up published last week.
The most notable aspect about the operation is the steps taken by the threat actors to bypass steps taken by users to prevent scam calls, using a new pay-as-you-go U.K. phone number for each wave so as to render phone number-based blocking ineffective.
Thomas, pointing out the meticulous tradecraft employed by the scammers, said the threat actor alternates between SIMs from several mobile carriers such as Three, O2, EE, Tesco Mobile, and Telia.
Indications are that the lucrative RedZei campaign may have started as far back as August 2019, with a report from The Guardian detailing a visa scam that tricked Chinese students into shelling out huge sums of money to avoid getting deported.
The modus operandi involves calling potential targets once or twice a month from a unique U.K. phone number and leaving an “unusual” automated voicemail should the calls be left unanswered.
The voicemails impersonate companies like Bank of China and China Mobile as well as the Chinese embassy to social engineer the students into sharing their personal information.
“Other themes exploited by RedZei include the ‘abnormal usage of your NHS number’ and international parcels being delivered from DHL, which are both common concerns for Chinese students studying in the UK,” Thomas noted.