Email Fraud Scheme Sends Victims to Fake Cryptocurrency Platforms
Malicious emails promise hundreds of thousands of dollars in cryptocurrency to victims and sends credentials to alleged private Bitcoin investment platforms.
Criminals are using phishing and advanced social engineering tactics to swindle unsuspecting victims out of Bitcoin by routing them to fake cryptocurrency websites, Proofpoint researchers report. The operation sends functioning sets of login credentials to fake cryptocurrency exchange platforms.
"This scheme spreads credentials to alleged private Bitcoin investment platforms and lures victims with the promise of withdrawing hundreds of thousands of dollars worth of cryptocurrency from an already established account on the platform(s)," researchers write in a blog post on their findings.
Cashing out the full balance of the account requires the victim to first deposit some Bitcoin to the platform, which is the point of the scheme, according to Proofpoint.
Researchers say while the con is similar to traditional "advance fee fraud" schemes, it is more sophisticated from a technical standpoint, fully automated, and requires substantial victim interaction. They note the use of cryptocurrency indicates the threat actor is targeting individuals that are somewhat technically savvy as they will need to be comfortable handling Bitcoin and a digital wallet.
Each of the email campaigns has been sent to anywhere from tens to hundreds of recipients around the globe, researchers report. Emails from the same campaign contain the same credential pairs (user id and password) for all recipients.
"It appears that multiple people can log in with the same user id and password if they log in from a different IP address and browser. However, once they change the password, as detailed in the next section, and add in a phone number, the account becomes unique, and victims will not see any trace of other victims' activities," researchers note.
The campaigns do not target a specific vertical or geography; emails are sent to targets worldwide.
More details on how the campaign works can be found here.
About the Author
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024