Email Fraud Scheme Sends Victims to Fake Cryptocurrency Platforms

  /     /     /  
Publicated : 23/11/2024   Category : security


Email Fraud Scheme Sends Victims to Fake Cryptocurrency Platforms


Malicious emails promise hundreds of thousands of dollars in cryptocurrency to victims and sends credentials to alleged private Bitcoin investment platforms.



Criminals are using phishing and advanced social engineering tactics to swindle unsuspecting victims out of Bitcoin by routing them to fake cryptocurrency websites, Proofpoint researchers report. The operation sends functioning sets of login credentials to fake cryptocurrency exchange platforms.
This scheme spreads credentials to alleged private Bitcoin investment platforms and lures victims with the promise of withdrawing hundreds of thousands of dollars worth of cryptocurrency from an already established account on the platform(s), researchers write in a blog post on their findings. 
Cashing out the full balance of the account requires the victim to first deposit some Bitcoin to the platform, which is the point of the scheme, according to Proofpoint.
Researchers say while the con is similar to traditional advance fee fraud schemes, it is more sophisticated from a technical standpoint, fully automated, and requires substantial victim interaction. They note the use of cryptocurrency indicates the threat actor is targeting individuals that are somewhat technically savvy as they will need to be comfortable handling Bitcoin and a digital wallet.
Each of the email campaigns has been sent to anywhere from tens to hundreds of recipients around the globe, researchers report. Emails from the same campaign contain the same credential pairs (user id and password) for all recipients.
It appears that multiple people can log in with the same user id and password if they log in from a different IP address and browser. However, once they change the password, as detailed in the next section, and add in a phone number, the account becomes unique, and victims will not see any trace of other victims activities, researchers note.
The campaigns do not target a specific vertical or geography; emails are sent to targets worldwide.
More details on how the campaign works can be found
here
.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Email Fraud Scheme Sends Victims to Fake Cryptocurrency Platforms