Money for nothing? Cryptocurrency “giveaways” net thousands for scammers

0

Early in 2018, Proofpoint researchers observed a rise in so-called “cryptocurrency giveaway scams.” The scams often target users of Ethereum and Bitcoin and typically request that victims send a small amount of the currency in exchange for a much larger payout in the same cryptocurrency. While threat actors frequently distribute coin mining malware or engage in credential phishing for cryptocurrency wallets and exchanges, the giveaway scams represent a new tactic for cryptocurrency theft reminiscent of the “419” scams common 10 to 15 years ago. The success of this scam shows that threat actors continue to look for new ways to exploit the human factor — and people are inclined to fall for scams that can net them hot commodities like cryptocurrencies.

Cryptocurrency giveaway scam activity appears to have peaked in April of this year, but given rebounding cryptocurrency values and ongoing interest in these currencies, we will continue to monitor related schemes. To date, we have identified a number of patterns that may be of use to those tracking this and similar activities as many actors appear to be engaging in these schemes.

The scam usually begins with a tweet or email enticing the victim to send cryptocurrency to a wallet with the promise that more will be sent back. We frequently observed these tweets originating with fake accounts designed to generate clicks and retweets. Figure 1 shows Twitter conversation threads laying the social engineering groundwork for nearly identical scams run by two threat actors…Click here to read full article.

Share.