While governments around the world wrangle over the legal status of cryptocurrencies and laws to regulate them, scammers are busy exploiting the digital gold rush. A new report from global cyber-security firm, Kaspersky Labs says that a relatively new fraudulent trend, cryptocurrency social engineering schemes, helped criminals net nearly $10m this year.
Kaspersky says the increasing popularity of cryptocurrencies is attracting record numbers of sammers and in the first half of 2018, its products blocked more than a hundred thousand triggers related to cryptocurrencies on fake exchanges and other sources.
Besides hacking exchanges, exploiting smart-contract vulnerabilities, and deploying malicious miners, cybercriminals are also resorting to more traditional social-engineering methods that can reap millions of dollars. Their targets are not just the owners of cryptocurrency wallets, but basically anyone with an interest in the subject.
Some of the most popular targets for criminals are ICO investors, cyber-criminals create fake web pages that simulate the sites of official ICO projects, or try to gain access to their contacts so they can send a phishing email with the number of an e-wallet for investors to send their cryptocurrency to.
Another sought-after trend involves cryptocurrency giveaway scams. Victims send a small amount of cryptocurrency, in exchange for a much larger payout of the same currency in the future. Criminals use social media accounts of well-known individuals, such as Elon Musk, by creating fake accounts or replying to tweets from legitimate users through fake accounts, criminals are able to confuse Twitter users into falling for the scam.
Nadezhda Demidova, Lead web content analyst, Kaspersky Lab says:
These new fraud schemes are based on simple social engineering methods, but stand out from common phishing attacks because they help criminals make millions of dollars. The success criminals have enjoyed suggests that they know how to exploit the human factor, which has always been one of the weakest links in cybersecurity, to capitalize on user behaviors.