Criminals are using phishing and advanced social engineering tactics to swindle unsuspecting victims out of Bitcoin by routing them to fake cryptocurrency websites, Proofpoint researchers report. The operation sends functioning sets of login credentials to fake cryptocurrency exchange platforms.
"This scheme spreads credentials to alleged private Bitcoin investment platforms and lures victims with the promise of withdrawing hundreds of thousands of dollars worth of cryptocurrency from an already established account on the platform(s)," researchers write in a blog post on their findings.
Cashing out the full balance of the account requires the victim to first deposit some Bitcoin to the platform, which is the point of the scheme, according to Proofpoint.
Researchers say while the con is similar to traditional "advance fee fraud" schemes, it is more sophisticated from a technical standpoint, fully automated, and requires substantial victim interaction. They note the use of cryptocurrency indicates the threat actor is targeting individuals that are somewhat technically savvy as they will need to be comfortable handling Bitcoin and a digital wallet.
Each of the email campaigns has been sent to anywhere from tens to hundreds of recipients around the globe, researchers report. Emails from the same campaign contain the same credential pairs (user id and password) for all recipients.
"It appears that multiple people can log in with the same user id and password if they log in from a different IP address and browser. However, once they change the password, as detailed in the next section, and add in a phone number, the account becomes unique, and victims will not see any trace of other victims' activities," researchers note.
The campaigns do not target a specific vertical or geography; emails are sent to targets worldwide.
More details on how the campaign works can be found here.