Kaspersky Lab experts have exposed a relatively new fraudulent trend: the development of cryptocurrency is not only attracting investors, but also cyber-criminals seeking to boost their profits. During the first half of 2018, Kaspersky Lab products blocked more than a hundred thousand triggers related to cryptocurrencies on fake exchanges and other sources. With each attempt, criminals have been trying to involve more and more unsuspecting users in fraudulent schemes.
The cryptocurrency phenomenon and the growth of a keen audience of cryptocurrency owners was never going to go unnoticed by cyber-criminals. To achieve their nefarious goals they typically use classical phishing techniques, however these often go beyond the ‘ordinary’ scenarios we have become familiar with. By drawing inspiration from ICO (initial coin offering) investments and the free distribution of crypto coins, cyber criminals have been able to profit from both avid cryptocurrency owners and rookies alike.
Some of the most popular targets are ICO investors, who seek to invest their money in start-ups in the hope of gaining a profit in the future. For this group of people, cyber-criminals create fake web pages that simulate the sites of official ICO projects, or try to gain access to their contacts so they can send a phishing email with the number of an e-wallet for investors to send their cryptocurrency to. The most successful attacks use well-known ICO projects. For example, by exploiting the Switcheo ICO using a proposal for the free distribution of coins, criminals stole more than $25,000 worth of cryptocurrency after spreading the link through a fake Twitter account.
Another example is the creation of phishing sites for the OmaseGo ICO project, which enabled scammers to earn more than $1.1m worth of the cryptocurrency. Of equally great interest among criminals were rumors surrounding the Telegram ICO, which resulted in the creation of hundreds of fake sites that were collecting "investments".
Another sought-after trend involves cryptocurrency giveaway scams. The method of choice involves requesting that victims send a small amount of cryptocurrency, in exchange for a much larger payout of the same currency in the future. Criminals have even used the social media accounts of well-known individuals, such as business magnate Elon Musk and the founder of Telegram messenger Pavel Durov. By creating fake accounts or replying to tweets from legitimate users through fake accounts, criminals are able to confuse Twitter users into falling for the scam by clicking on replies from fraudulent accounts.
According to Kaspersky Lab’s rather rough estimates, criminals managed to earn more than 21,000 ETH (The Ether cryptocurrency, which uses blockchain generated by the Ethereum platform) or over $10m at the current exchange rate using the above described schemes over the past year. This sum doesn’t even take into account classic phishing attacks or examples involving the generation of individual addresses for each victim.
“The results of our research show that cyber-criminals are adept at keeping up to date and developing their resources to achieve the best possible results in cryptocurrency phishing. These new fraud schemes are based on simple social engineering methods, but stand out from common phishing attacks because they help criminals make millions of dollars. The success criminals have enjoyed suggests that they know how to exploit the human factor, which has always been one of the weakest links in cybersecurity, to capitalize on user behaviors,” – said Nadezhda Demidova, Lead web content analyst, Kaspersky Lab.
To protect their cryptocurrencies, Kaspersky Lab researchers advise users to follow a few simple rules:
- Remember that there is no such thing as a free lunch and treat offers that seem too tempting to be true with skepticism.
- Check official sources for information regarding the free distribution of cryptocurrencies. For example, if you see information about the distribution of coins on behalf of the recently hacked Binance blockchain ecosystem, go to the official source and clarify this information.
- Check if any third-parties are linked to the wallet transaction to which you plan to transfer your savings. One way of doing this is through block chain browsers such as etherscan.io or blockchain.info, which allow users to view detailed information about any cryptocurrency transaction and identify if the particular wallet may be dangerous.
- Always check the hyperlink addresses and data in the browser address bar. It should be, for example, “blockchain.info’, not “blackchaen.info”.
- Save the address of your e-wallet in a tab and access it from there – in order to avoid making a mistake in the address bar and accidentally going to the phishing site instead.
To learn more about development of crypto currency phishing, read our blogpost on Securelist.com.