Chinese international students in the U.K. have been targeted by persistent Chinese-speaking scammers for over a year as part of an activity dubbed RedZei (aka RedThief).
“The RedZei fraudsters have chosen their targets carefully, researched them and realized it was a rich victim group that is ripe for exploitation,” cybersecurity researcher Will Thomas (@BushidoToken) said in a write-up published last week.
The most notable aspect about the operation is the steps taken by the threat actors to bypass steps taken by users to prevent scam calls, using a new pay-as-you-go U.K. phone number for each wave so as to render phone number-based blocking ineffective.
Thomas, pointing out the meticulous tradecraft employed by the scammers, said the threat actor alternates between SIMs from several mobile carriers such as Three, O2, EE, Tesco Mobile, and Telia.
Indications are that the lucrative RedZei campaign may have started as far back as August 2019, with a report from The Guardian detailing a visa scam that tricked Chinese students into shelling out huge sums of money to avoid getting deported.
