Story image

Cybercriminals reap benefits of cryptocurrency hype

17 Jul 18

 Cybercriminals are reaping the benefits of the cryptocurrency hype, bringing in millions of dollars through fake exchanges and fake ICO offers.

New research from Kaspersky Lab found that cybercriminals netted almost US$10 million worth of the Ether cryptocurrency in 2017, and this year’s scams are proving to be just as prevalent.

During the first half of 2018, Kaspersky Lab products apparently blocked more than 100,000 triggers related to cryptocurrencies on fake exchanges and other sources such as initial coin offerings (ICOs).

“The results of our research show that cyber-criminals are adept at keeping up to date and developing their resources to achieve the best possible results in cryptocurrency phishing,” comments Kaspersky Lab lead web content analyst Nadezhda Demidova.  

“These new fraud schemes are based on simple social engineering methods, but stand out from common phishing attacks because they help criminals make millions of dollars.”

ICO investors are some of the most popular targets. These investors seek to invest their money in startups with the aim of gaining a future profit.

However criminals are taking full advantage of ICO scams. They create fake websites that mimic official ICO projects. Generally well-known ICO projects work well, Kaspersky Lab says.

 Criminals can also use phishing emails to trick investors into putting their cryptocurrency right into the criminal’s e-wallet.

“For example, by exploiting the Switcheo ICO using a proposal for the free distribution of coins, criminals stole more than $25,000 worth of cryptocurrency after spreading the link through a fake Twitter account.”

“Another example is the creation of phishing sites for the OmaseGo ICO project, which enabled scammers to earn more than $1.1m worth of the cryptocurrency. Of equally great interest among criminals were rumours surrounding the Telegram ICO, which resulted in the creation of hundreds of fake sites that were collecting ‘investments’.”

Cybercriminals also use cryptocurrency giveaway scams. These scams ask people to send a small amount of cryptocurrency in exchange for a larger payout in future.

Criminals also create fake accounts that mimic high profile people such as Elon Musk.

“By creating fake accounts or replying to tweets from legitimate users through fake accounts, criminals are able to confuse Twitter users into falling for the scam by clicking on replies from fraudulent accounts.”

To protect their cryptocurrencies, Kaspersky Lab researchers advise users to follow a few simple rules:

·         Remember that there is no such thing as a free lunch and treat offers that seem too tempting to be true with skepticism.

·         Check official sources for information regarding the free distribution of cryptocurrencies. For example, if you see information about the distribution of coins on behalf of the recently hacked Binance blockchain ecosystem, go to the official source and clarify this information.

·         Check if any third-parties are linked to the wallet transaction to which you plan to transfer your savings. One way of doing this is through blockchain browsers such as etherscan.io or blockchain.info, which allow users to view detailed information about any cryptocurrency transaction and identify if the particular wallet may be dangerous.

·         Always check the hyperlink addresses and data in the browser address bar. It should be, for example, “blockchain.info’, not “blackchaen.info”.

·         Save the address of your e-wallet in a tab and access it from there – in order to avoid making a mistake in the address bar and accidentally going to the phishing site instead.

“The success criminals have enjoyed suggests that they know how to exploit the human factor, which has always been one of the weakest links in cybersecurity, to capitalise on user behaviours,” Demidova concludes.

CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Game review: Just Cause 4 on PC
Rico Rodriguez returns to wreak over-the-top havoc for a fourth time. This time the island nation of Solís is our hero’s sandbox, ripe for destruction.
Hands-on review: Logitech G502 HERO gaming mouse
My favourite feature of the G502s is the ‘Sniper’ button, which is found on the left hand side of the device. When held, this lowers the DPI and allows you to achieve maximum accuracy whilst honing in on a kill on your favourite FPS title.
Interview: ZeniMax Online's game director talks Elder Scrolls Online
FutureFive’s Darren Price sat down with Matt Firor, ESO’s designer and now president and game director at ZeniMax Online.
IDC: Tablets stay dead, notebooks keep head above water
An IDC report predicts a soft personal PC market, slipping into further decline with the exception of notebooks, gaming PCs, and business PC upgrades.
A hands-on guide to Christmas shopping by Santa’s IT elf
Ho, ho, ho! So you’re back again for more inspiration for that hard-to-buy-for person in your life?
Govt commits $15.5m to digital identity research
“With more and more aspects of our lives taking place online it’s critical the government takes a lead to ensure New Zealanders have control of how and who uses their identity information,” says Minister Woods.