An advance fee fraud scheme has been sending low-volume email campaigns to fool unsuspecting cryptocurrency users into giving out their Bitcoins. It is not aimed at any particular country or industry and is just spreading around the world. The scam is fully automated and seeks victims’ engagement.
What’s the fuss about?
According to Proofpoint researchers, the ongoing advance fee fraud campaigns employ well-crafted, technically sophisticated social engineering tactics.
The attackers behind these campaigns are targeting tech-savvy individuals, who are skilled at handling their digital wallets, via emails.
It lures victims with the promise of making hundreds of thousands of dollars worth of cryptocurrency by abusing the credentials of an already established account on crypto exchange platforms.
But, the catch is that the victim has to first deposit a little amount in bitcoin to the attackers' wallet to be a part of this scheme.
The first set of these campaigns was spotted in May using a coins45[.]com landing page, while the latest one was spotted in July redirecting any possible victims to securecoins[.]net.
How does the scheme work?
The advance fee fraud activity begins with an email enclosing fake credentials and requesting users to log in to a specific Bitcoin wallet website.
The victims are first asked to change their passwords and add a recovery phone number so that MFA can be processed to set up an account.
Then victims are forced to use an internal messaging system to communicate with the platform support service, after which they are promised to get 28.85 BTC into their wallets.
Inside the portal, users can see transactions records and exchange of messages between the previous user and customer support, giving a sense of authenticity to victims.
In the next stage, the victims are asked to withdraw only 0.0001 BTC as the first transaction to ensure that everything works as expected from both sender/receiver ends.
Roughly after 40 minutes, the proof of the first successful transaction starts to appear on the account, in real-time.
Now when a victim attempts to transact the rest of the BTC, the platform then prompts that the owner had specified minimum transaction requirement to 29.029 BTC, which means now the user has to transfer at least an additional 0.0291 BTC to resolve this issue.
Unsuspecting victims may deposit the required balance but the vice-versa isn’t true, leaving the victim at a loss of 0.0291 BTC, approximately $1400 USD.
Earning quick money by investing in Bitcoin and other cryptocurrencies has been a common lure used to trick crypto enthusiasts. This advance fee fraud campaign uniquely employs sophisticated techniques to keep victims on their feet as they think they got an inch closer to get free BTCs. Crypto investors and users are suggested to avoid any shortcut to earn BTC or any other cryptocurrency.