Cryptocurrency Social Engineering Schemes Helped Criminals Net Nearly $10 Million Last Year

Woburn, MA – July 9, 2018 –Kaspersky Lab researchers have exposed an increasingly common fraudulent trend: the development of cryptocurrency is not only attracting investors, but also cybercriminals seeking to boost their profits. During the first half of 2018, Kaspersky Lab products blocked more than 100,000 triggers related to cryptocurrencies on fake exchanges and other sources. With each attempt, criminals have been trying to involve more unsuspecting users in fraudulent schemes.

The cryptocurrency phenomenon and the growth of an eager audience of cryptocurrency owners have not gone unnoticed by cybercriminals. By drawing inspiration from ICO (initial coin offering) investments and the free distribution of crypto-coins, cybercriminals have been able to profit from both avid cryptocurrency owners and rookies alike using an array of phishing techniques.

Some of the most popular targets of cryptocurrency phishing schemes are ICO investors, who seek to invest their money in startups in the hope of gaining future profits. For this group of people, cybercriminals often create fake web pages that simulate the sites of official ICO projects. They may also try to gain access to investors’ contacts, so they can send a phishing email with the number of an e-wallet where the investors can send cryptocurrency.

The most successful cryptocurrency phishing attacks leverage well-known ICO projects to trick investors. For example, by exploiting the Switcheo ICO using a proposal for the free distribution of coins, criminals stole more than $25,000 worth of cryptocurrency by spreading the link through a fake Twitter account. Another example of a successful ICO scheme is the creation of phishing sites for the OmaseGo ICO project, which enabled scammers to steal more than $1.1 million worth of the cryptocurrency. Of equally great interest among criminals were rumors surrounding the Telegram ICO, which resulted in the creation of hundreds of fake sites that were collecting “investments.”

Another frequently used trend involves cryptocurrency giveaway scams. In this method, cybercriminals circulate messages requesting that victims send a small amount of cryptocurrency in exchange for a much larger payout of the same currency in the future. Criminals have even used the social media accounts of well-known individuals, such as business magnate Elon Musk and the founder of Telegram messenger Pavel Durov. By creating fake accounts or replying to tweets from legitimate users through fake accounts, criminals are able to lure Twitter users into falling for the scam.

According to Kaspersky Lab’s estimates, criminals managed to earn more than 21,000 Ether, or around $10 million at the current exchange rate, using the previously described schemes over the past year. This sum does not take into account classic phishing attacks or examples involving the generation of individual addresses for each victim.

“Cybercriminals are adept at keeping up to date and developing their resources to achieve the best possible results in cryptocurrency phishing,” said Nadezhda Demidova, lead web content analyst, Kaspersky Lab. “These new fraud schemes are based on simple social engineering methods, but stand out from common phishing attacks because they help criminals make millions of dollars. The success criminals have enjoyed suggests that they know how to exploit the human factor, which has always been one of the weakest links in cybersecurity, to capitalize on user behaviors.”

To protect their cryptocurrencies, Kaspersky Lab researchers advise the following tips for consumers:

• Remember that there is no such thing as free – be skeptical of offers that seem too good to be true.
• Check official sources for information regarding the free distribution of cryptocurrencies. For example, if you see information about the distribution of coins on behalf of the recently hacked Binance blockchain ecosystem, go to the official source and clarify this information.
• Check if any third parties are linked to the wallet transaction to which you plan to transfer your savings. One way of doing this is through blockchain browsers such as etherscan.io or blockchain.info, which allow users to view detailed information about any cryptocurrency transaction and identify if a particular wallet may be dangerous.
• Always double-check hyperlink addresses and data in the browser address bar. It should be, for example, “blockchain.info,’ not “blackchaen.info.”
• Save the address of your e-wallet in a tab and access it from there, in order to avoid making a mistake in the address bar and accidentally navigating to the phishing site instead.

To learn more about development of cryptocurrency phishing, read our blog post on Securelist.com.