It has been reported that cyber criminals are sending out millions of phishing emails a day, using extortion and other schemes to steal Bitcoin and other cryptocurrencies from victims. The phishing attacks use a variety of techniques to trick people into transferring sums of Bitcoin, including phony requests for charity donations and Business Email Compromise BEC scams.
See: https://redskyalliance.org/xindustry/what-the-heck-is-bec
According to a report by cybersecurity researchers at Proofpoint, the company blocks an average of one million extortion emails every day, with some days peaking at nearly two million. Researchers say most of these phishing emails and BEC attacks are asking the victim to make payments in cryptocurrency. Cybercriminal threats to cryptocurrency are not new, but when the general public experiences growing adoption of cryptocurrency, people may be more likely to engage with social engineering lures using such themes.[1]
One basic attack reported, is to attempt to steal user names and passwords. During 2022 cyber threat investigators have observed regular attempts to compromise user's cryptocurrency wallets using credential harvesting. This method often relies on the delivery of a URL within an email body or formatted object which redirects to a credential harvesting landing page.
Another common method cyber criminals use in attempts to steal cryptocurrency in phishing attacks is extortion. The victim receives an email from a 'hacker' who claims to have gained control of their computer and their online accounts with malware, as well having access to audio and video recordings of the user, alongside their browsing history. The email attempts to blackmail the victim, claiming the 'hacker' has embarrassing information and video recordings about them, which they will send to all of their email contacts unless they pay $500 in Bitcoin.
It is highly unlikely that there is any malware on the victim's machine: the attacker has just sent out spam emails to as many users as possible. But the shock and fear of seeing that someone claims to have control of their PC is enough to trick some victims into making the payment.
Other phishing attacks around cryptocurrency payments are not so direct, instead attempting to exploit the victim's empathy rather than their fear. For example, messages that claim to generate funds for worthy causes, but which only serve to benefit the criminals sending out the emails.
Requests for cryptocurrency payments are also appearing in Business Email Compromise scams, fraud attempts where cyber criminals pose as a trusted colleague or business partner, asking for a large sum of money to be transferred in order to complete and important and time-sensitive deal. Always check on suspicious payment requests in person or via telephone. The attacks may appear to be simple, but BEC is one of the most lucrative forms of cybercrime and cryptocurrency scammers are getting in on the action.
In the example detailed by a researcher, an email sent by an attacker potentially using a legitimate account that belongs to a trusted contact claims that an urgent payment is required to seal a business acquisition deal. The matter is also described as secretive, so the victim is urged not to tell anyone about it. This, of course, is to make sure the victim does not discover it is a scam.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.zdnet.com/article/these-fake-voicemail-phishing-emails-want-to-steal-your-passwords/
Comments