A new spam campaign is spreading across Twitter and is stealing cryptocurrency of affected users.
Kaspersky researchers uncovered the scam, which asks users for help to withdraw hundreds of thousands of dollars from the crypto account of a stranger on Twitter. However, to help the stranger, victims are encouraged to create and pay for a VIP account on the scam domain, leading to them losing their coins.
In a direct message, the stranger will say they are having trouble accessing their account on a cryptocurrency exchange and wants help withdrawing a certain amount of cryptocurrency from his wallet.
The message also specifies the domain, as well as their username and password. There is also a monetary reward offered for helping.
When going to the domain shared by the stranger, the victim ends up on a site claiming to be an investment platform. When the user enters the username and password they were given, they are taken into the stranger’s account, where there really is the specified amount.
Kaspersky added that the appearance of the website is an indicator of a scam, as it has a “poorly laid out page with a weak design, where the contact list consists only of mail, not the names and photos of the creators of the platform.”
To withdraw the funds, the victim needs to provide their own wallet address, blockchain and an additional password, which the victim does not have. The victim is offered a way to transfer funds directly within the system, forgoing the need of the additional password. To do this, they need to create an account with VIP status, which costs a small sum of money.
As soon as the victim registers in the system and enters their crypto wallet data to pay for VIP status, the funds are stolen from their account.
Kaspersky security expert Andrey Kovtun said, “Cryptocurrency remains an extremely hot topic for attackers, as more and more users open cryptocurrency wallets and convert their currencies into coins. Blockchain also allows attackers to steal funds from victims without leaving a trace, which doesn’t make things any better.
“We expect more and more other sophisticated examples of crypto scams to appear soon, so all users who use crypto should be aware of how to keep their accounts, wallets and coins secure.”
Kaspersky offered advice to avoid these scams. The first tip was to be wary of a message that creates a sense of urgency as spammers try to apply pressure on a victim. The next piece of guidance was to not click on a link or open messages, additionally, never reply to a message as it alerts them to a working email address.
Finally, it stated that even if a message comes from a friend, stay cautious as their account could have been hacked.
In other cryptocurrency news, Federal bank regulatory agencies issued a joint statement to highlight key risks for banking organisations associated with crypto-assets and the crypto-asset sector.
Copyright © 2023 FinTech Global
Copyright © 2018 RegTech Analyst