Ongoing Bitcoin Scams Show Power of Social Engineering Triggers

Over the last seven months, the number of Bitcoin scams has increased dramatically. The scams began around October 2020 and are still going on today. “Since October 2020, reports have skyrocketed, with approximately 7,000 people reporting losses of more than $80 million on these scams,” the FTC reported on May 17, 2021. 

It explains two different types of scams: The first is to entice victims to phoney websites that appear to be legitimate and offer investment opportunities and the second is essentially a celebrity scam, in which the alleged celebrity claims to triple every bitcoin investment instantly. Elon Musk's name is often used as a celebrity in the latter scam. He is used to lend legitimacy to the scam because of his business acumen and involvement in cryptocurrencies. 

The BBC reported on May 13, 2021, that a schoolteacher had lost £9,000 (nearly $12,750) after being duped into visiting a fake website. The study didn't say how she was tricked, but the website was a parody of the BBC. According to a fake news article, “Tesla buys $1.5 billion in bitcoin, plans to give $750 million of it away”, only the second half of the headline is incorrect. Tesla did, in fact, purchase $1.5 billion in bitcoin in February 2021, citing the need for “more versatility to further diversify and optimize returns on our cash.” 

Grammatical pedants may have seen a red flag in the fake BBC website's use of the word "giveaway" (generally a noun) instead of "give away" (the correct form for an action). Scams are known for grammatical and typographical mistakes, but the fake website is otherwise very convincing. The teacher invested £9,000 with the expectation of receiving £18,000 in return but got nothing. 

A month before, the BBC reported on a Twitter-based scam that resulted in a much larger loss. The real Elon Musk tweeted “Dojo 4 Doge” on February 22, 2021. Using the handle with the name Elon Musk on Twitter, a scammer offered a once-in-a-lifetime chance to send up to 20 bitcoin and earn double. The victim fell for it and submitted 10 bitcoins, which he promptly lost – about £497,000 (nearly $700,000).

Bitdefender, a security company, recently reported on two email campaigns with similar themes. In two separate campaigns, tens of thousands of fraudulent Tesla-related emails were sent. Both campaigns have the same pitch: send Elon Musk some bitcoin and he'll give you back twice as much. The first campaign makes use of a PDF attachment, apart from the PDF's post, which reads, "Our marketing department here at Tesla HQ came up with an idea: to hold a special giveaway event for all crypto fans out there," there is nothing malicious about it. The PDF contains instructions on how to send bitcoin and earn twice the sum in return. “ELON MUSK 5,000 B T C GIVEAWAY!” is a popular subject line for emails. 

Other emails, on the other hand, are personalized, including the user's username. Nearly 80% of the emails in this campaign seem to have been sent from IP addresses in Germany. According to the researchers, “11% of the fraudulent emails hit users in the United Kingdom, 79.26% in Sweden, and 9.22% in the United States.” 

The second campaign consists of a simple email containing details about the fraudulent giveaway and a Bitcoin Address QR Code that can be scanned by participants. The email reads, "If you want to participate in the giveaway, it's very simple! All you have to do is send any amount of Bitcoin (BTC) to our official donation address for this case (between 0.1 BTC and 50 BTC), and once we receive your transaction, we will immediately send back (2x) to the address from which you sent the BTC.” 

On the other hand, Bitdefender states that “at the moment, one of the perps' crypto wallets reveals 31 transactions totaling 1965.21 dollars.” All of these bitcoin scams show that it's almost impossible to keep users from falling for good social engineering – whether it's a scam or a phishing assault. In this scenario, the campaigns hit all the right notes: believability, celebrity endorsement, urgency, and most importantly, greed.


from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/3ukCQX6

Comments