An Advance Fee Fraud Scheme is Taking Techies for Surprise

What’s the fuss about?

• The attackers behind these campaigns are targeting tech-savvy individuals, who are skilled at handling their digital wallets, via emails.
• It lures victims with the promise of making hundreds of thousands of dollars worth of cryptocurrency by abusing the credentials of an already established account on crypto exchange platforms.
• But, the catch is that the victim has to first deposit a little amount in bitcoin to the attackers' wallet to be a part of this scheme.
• The first set of these campaigns was spotted in May using a coins45[.]com landing page, while the latest one was spotted in July redirecting any possible victims to securecoins[.]net.

How does the scheme work?

• Then victims are forced to use an internal messaging system to communicate with the platform support service, after which they are promised to get 28.85 BTC into their wallets.
• Inside the portal, users can see transactions records and exchange of messages between the previous user and customer support, giving a sense of authenticity to victims.
• In the next stage, the victims are asked to withdraw only 0.0001 BTC as the first transaction to ensure that everything works as expected from both sender/receiver ends. 
• Roughly after 40 minutes, the proof of the first successful transaction starts to appear on the account, in real-time. 
• Now when a victim attempts to transact the rest of the BTC, the platform then prompts that the owner had specified minimum transaction requirement to 29.029 BTC, which means now the user has to transfer at least an additional 0.0291 BTC to resolve this issue.
• Unsuspecting victims may deposit the required balance but the vice-versa isn’t true, leaving the victim at a loss of 0.0291 BTC, approximately $1400 USD.

Conclusion