Kaspersky Labs Warns Against Cryptocurrency Social Engineering Schemes

Raevenlord · Jul 17, 2018

The cryptocurrency phenomenon and the growth of a keen audience of cryptocurrency owners was never going to go unnoticed by cyber-criminals. To achieve their nefarious goals they typically use classical phishing techniques, however these often go beyond the 'ordinary' scenarios we have become familiar with. By drawing inspiration from ICO (initial coin offering) investments and the free distribution of crypto coins, cyber criminals have been able to profit from both avid cryptocurrency owners and rookies alike.

Some of the most popular targets are ICO investors, who seek to invest their money in start-ups in the hope of gaining a profit in the future. For this group of people, cyber-criminals create fake web pages that simulate the sites of official ICO projects, or try to gain access to their contacts so they can send a phishing email with the number of an e-wallet for investors to send their cryptocurrency to. The most successful attacks use well-known ICO projects. For example, by exploiting the Switcheo ICO using a proposal for the free distribution of coins, criminals stole more than $25,000 worth of cryptocurrency after spreading the link through a fake Twitter account.

Another example is the creation of phishing sites for the OmaseGo ICO project, which enabled scammers to earn more than $1.1m worth of the cryptocurrency. Of equally great interest among criminals were rumors surrounding the Telegram ICO, which resulted in the creation of hundreds of fake sites that were collecting "investments".

Another sought-after trend involves cryptocurrency giveaway scams. The method of choice involves requesting that victims send a small amount of cryptocurrency, in exchange for a much larger payout of the same currency in the future. Criminals have even used the social media accounts of well-known individuals, such as business magnate Elon Musk and the founder of Telegram messenger Pavel Durov. By creating fake accounts or replying to tweets from legitimate users through fake accounts, criminals are able to confuse Twitter users into falling for the scam by clicking on replies from fraudulent accounts.

According to Kaspersky Lab's rather rough estimates, criminals managed to earn more than 21,000 ETH (The Ether cryptocurrency, which uses blockchain generated by the Ethereum platform) or over $10m at the current exchange rate using the above described schemes over the past year. This sum doesn't even take into account classic phishing attacks or examples involving the generation of individual addresses for each victim.

"The results of our research show that cyber-criminals are adept at keeping up to date and developing their resources to achieve the best possible results in cryptocurrency phishing. These new fraud schemes are based on simple social engineering methods, but stand out from common phishing attacks because they help criminals make millions of dollars. The success criminals have enjoyed suggests that they know how to exploit the human factor, which has always been one of the weakest links in cybersecurity, to capitalize on user behaviors."

Nadezhda Demidova, Lead web content analyst, Kaspersky Lab.

To protect their cryptocurrencies, Kaspersky Lab researchers advise users to follow a few simple rules:

Remember that there is no such thing as a free lunch and treat offers that seem too tempting to be true with skepticism.
Check official sources for information regarding the free distribution of cryptocurrencies. For example, if you see information about the distribution of coins on behalf of the recently hacked Binance blockchain ecosystem, go to the official source and clarify this information.
Check if any third-parties are linked to the wallet transaction to which you plan to transfer your savings. One way of doing this is through block chain browsers such as etherscan.io or blockchain.info, which allow users to view detailed information about any cryptocurrency transaction and identify if the particular wallet may be dangerous.
Always check the hyperlink addresses and data in the browser address bar. It should be, for example, "blockchain.info', not "blackchaen.info".
Save the address of your e-wallet in a tab and access it from there - in order to avoid making a mistake in the address bar and accidentally going to the phishing site instead.

View at TechPowerUp Main Site

Vya Domus · Jul 17, 2018

Cryptocurrencies can't be defended well against abuse and fraud and I would go as far as to say that this is by design. Everytime someone makes money out of thin air a question mark needs to pop up in your head.

R-T-B · Jul 17, 2018

Vya Domus said:
Cryptocurrencies can't be defended well against abuse and fraud and I would go as far as to say that this is by design.

Similar to cash transactions yeah. Most hard cash suffers from the same type of social engineering attacks, frankly. It's not a technical issue as much as a human education one.

Vya Domus · Jul 17, 2018

R-T-B said:
Similar to cash transactions yeah. Most hard cash suffers from the same type of social engineering attacks, frankly. It's not a technical issue as much as a human education one.

I have to disagree , with crypto if you get scammed or your money is outright stolen you are undoubtedly screwed with no chance to get anything back from anyone , there is nothing in the way of safety. You can educate people all you want but you need tools to protect them and that has everything to do with technical aspects.

R-T-B · Jul 17, 2018

Vya Domus said:
I have to disagree , with crypto if you get scammed or your money is outright stolen you are undoubtedly screwed with no chance to get anything back from anyone , there is nothing in the way of safety.

I mean, both are equally reportable to the police, with about equal odds of recovery... nill.

Vya Domus said:
You can educate people all you want but you need tools to protect them and that has everything to do with technical aspects.

What tools can protect you from social engineering scams? There aren't any. There is ONLY education.

Vya Domus · Jul 17, 2018

R-T-B said:
with about equal odds of recovery... nill.

Not true , people are busted for scams all the time , you can say most get away with it and that would be fair but certainly not all as you imply. One thing is certain though , the chance to get anything back with crypto is definitely null.

enxo218 · Jul 17, 2018

if cryptocurrency were standardised security measures can be applied, perhaps an owner unique identifier could be attached to the currency this could limit fraudulent behaviour and thievery. The issue will always be the open market and free money, at this point dealing with the symptoms of the disease will not cure it

moproblems99 · Jul 17, 2018

A fool and his (or her) money....

dorsetknob · Jul 17, 2018

moproblems99 said:
A fool and his (or her) money....

A Fool has no Money ( they have been parted from it)

R-T-B · Jul 17, 2018

Vya Domus said:
Not true , people are busted for scams all the time , you can say most get away with it and that would be fair but certainly not all as you imply. One thing is certain though , the chance to get anything back with crypto is definitely null.

Nope, not null. Some people (mostly big players) did get payouts from Mt. Gox, afterall. And Mt. Gox was certainly busted. Similar stories in crypto scams exist, infrequently like cash but they are there.

I stand by my statement. You have a chance of recovery in both. It is simply piss poor, and for the exact same reasons.

2big2fail · Jul 17, 2018

R-T-B said:
What tools can protect you from social engineering scams? There aren't any. There is ONLY education.

That is explicitly not true. Whenever you engage in transactions with fiat currency, the parties to the transaction are subject to the commerce regulations of the country's currency. Therefore, both civil and criminal recourse exist for the aggrieved party in addition to any enforcement derived from a judgement on behalf of the aggrieved party.

R-T-B · Jul 17, 2018

2big2fail said:
That is explicitly not true. Whenever you engage in transactions with fiat currency, the parties to the transaction are subject to the commerce regulations of the country's currency. Therefore, both civil and criminal recourse exist for the aggrieved party in addition to any enforcement derived from a judgement on behalf of the aggrieved party.

Stealing crypto is still criminal. It's usually covered under digital commerce laws. Crypto thefts have been investigated and are reported regularly. Heck, it's happened enough that some has even been historically recovered.

Regardless, you are ignoring the point. The point is that only education acts as a preventative measure. Recourse has nothing to do with it. Prevention implies it never happened to begin with. Only education can get you there, for both cash and crypto.

toilet pepper · Jul 17, 2018

Vya Domus said:
I have to disagree , with crypto if you get scammed or your money is outright stolen you are undoubtedly screwed with no chance to get anything back from anyone , there is nothing in the way of safety. You can educate people all you want but you need tools to protect them and that has everything to do with technical aspects.

I remember a Nigerian prince requesting that you send him money via western union or moneygram.

Rakly3 · Aug 2, 2018

That's a lot better than fiat fraud. About 1000 safer (I pulled that number out of my ass)
Barely a blip in comparison.

System Name	The Ryzening
Processor	AMD Ryzen 9 5900X
Motherboard	MSI X570 MAG TOMAHAWK
Cooling	Lian Li Galahad 360mm AIO
Memory	32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s)	Gigabyte RTX 3070 Ti
Storage	Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s)	Acer Nitro VG270UP (1440p 144 Hz IPS)
Case	Lian Li O11DX Dynamic White
Audio Device(s)	iFi Audio Zen DAC
Power Supply	Seasonic Focus+ 750 W
Mouse	Cooler Master Masterkeys Lite L
Keyboard	Cooler Master Masterkeys Lite L
Software	Windows 10 x64

System Name	Good enough
Processor	AMD Ryzen R9 7900 - Alphacool Eisblock XPX Aurora Edge
Motherboard	ASRock B650 Pro RS
Cooling	2x 360mm NexXxoS ST30 X-Flow, 1x 360mm NexXxoS ST30, 1x 240mm NexXxoS ST30
Memory	32GB - FURY Beast RGB 5600 Mhz
Video Card(s)	Sapphire RX 7900 XT - Alphacool Eisblock Aurora
Storage	1x Kingston KC3000 1TB 1x Kingston A2000 1TB, 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s)	LG UltraGear 32GN650-B + 4K Samsung TV
Case	Phanteks NV7
Power Supply	GPS-750C

System Name	Pioneer
Processor	Ryzen R9 7950X
Motherboard	GIGABYTE Aorus Elite X670 AX
Cooling	Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory	64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64

System Name	Good enough
Processor	AMD Ryzen R9 7900 - Alphacool Eisblock XPX Aurora Edge
Motherboard	ASRock B650 Pro RS
Cooling	2x 360mm NexXxoS ST30 X-Flow, 1x 360mm NexXxoS ST30, 1x 240mm NexXxoS ST30
Memory	32GB - FURY Beast RGB 5600 Mhz
Video Card(s)	Sapphire RX 7900 XT - Alphacool Eisblock Aurora
Storage	1x Kingston KC3000 1TB 1x Kingston A2000 1TB, 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s)	LG UltraGear 32GN650-B + 4K Samsung TV
Case	Phanteks NV7
Power Supply	GPS-750C

System Name	Pioneer
Processor	Ryzen R9 7950X
Motherboard	GIGABYTE Aorus Elite X670 AX
Cooling	Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory	64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64

Kaspersky Labs Warns Against Cryptocurrency Social Engineering Schemes

Raevenlord

News Editor

Vya Domus

R-T-B

Vya Domus

R-T-B

Vya Domus

enxo218

moproblems99

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"

R-T-B

2big2fail

R-T-B

toilet pepper

Rakly3

New Member

Processor	Intel core i5 4590s
Motherboard	Asus Z97 Pro Gamer
Cooling	Evercool EC115A 915SP Cpu cooler,Coolermaster [200mm (front and top)+140mm rear]
Memory	Corsair 16GB(4x4) ddr3 CMZ16GX3M4X1600C9(Ver8.16)(XMP)
Video Card(s)	MSI GTX 970 GAMING 4G
Storage	Western Digital WDC WD2001FAS 2TB Black, Toshiba DT01ACA100 1TB
Display(s)	LG Flatron L177WSB
Case	Coolermaster CM Storm Enforcer
Audio Device(s)	Creative A550 Speakers 5.1 channel
Power Supply	SuperFlower Leadex 2 Gold 650W SF-650F14EG
Mouse	PLNK M-740 Optical Mouse
Keyboard	ibuypower GKB100 Gaming Keyboard
Software	Windows 7 Sp1 64 bit

System Name	Wut?
Processor	3900X
Motherboard	ASRock Taichi X570
Cooling	Water
Memory	32GB GSkill CL16 3600mhz
Video Card(s)	Vega 56
Storage	2 x AData XPG 8200 Pro 1TB
Display(s)	3440 x 1440
Case	Thermaltake Tower 900
Power Supply	Seasonic Prime Ultra Platinum

System Name	Trashbox Pro
Processor	Intel Core i7 4770K
Motherboard	Gigabyte Z87X-UD7-TH
Memory	G.Skill 2400MHz 32GB
Video Card(s)	MSI Gaming R9 280x 6GB (2x)
Storage	Samsung Evo 840 1TB
Case	Fractal Design Arc Midi
Power Supply	Corsair AX 850

Processor	AMD Ryzen R7 5800x
Motherboard	B550i Aorus Pro AX
Cooling	Custom Cooling
Memory	32Gb Patriot Viper 3600 RGB
Video Card(s)	MSI RTX 3080 Ventus Trio OC
Storage	Samsung 960 EVO
Display(s)	Specterpro 34uw100
Case	SSUPD Meshlicious
Power Supply	Cooler Master V750 Gold SFX
Mouse	Glorious Model D Wireless
Keyboard	Ducky One 2
VR HMD	Quest 2
Software	Windows 11 64bit