Bangalore 21st June 2022 : As investors shift their focus to the lucrative cryptocurrency markets, scammers and cheats turn their attention to them as well. Rahul Sasi, Founder & CEO of CloudSEK, brings attention to one such crypto-trading trap.
An ongoing operation involving several phishing domains and Android-based applications has been uncovered by CloudSEK. This large-scale campaign entices unwary individuals into a huge gambling scam. Many of these bogus websites impersonate “CoinEgg”, a legitimate UK-based cryptocurrency trading platform (https://www.coinegg.com).
How the Scam Works
The scam is divided into 7 phases:
Phase 1 Creating a fake doman: Threat actors create fake domains that impersonate legitimate crypto trading platforms. The sites are designed to replicate the official website’s dashboard and user experience.
Phase 2 Fake Social Media Profile: The attackers create a female profile on social media to approach the potential victim and establish a friendship.
Phase 3 Influencing the Victim: The profile influences the victim to invest in Cryptocurrency and start trading. The profile also shares USD 100-dollar credit, as a gift to a particular crypto exchange, which in this case is a duplicate of a legitimate crypto exchange.
Phase 4 Successful Trading: With the free credit, the victim signs up to the exchange and starts trading, based on the instruction of the threat actor. The victim initially makes a significant profit, which bolsters their trust in the platform and the threat actor.
Phase 5 Victims Invest their own Money: After the victim seemingly makes a profit, the scammer convinces them to invest a higher amount, promising better returns.
Phase 6 Freezing the Victim’s Account: Once the victim adds their own money to the fake exchange, the threat actor freezes their account, ensuring the victim can’t withdraw their investment. And the threat actor’s disappear with the victim’s money.
Phase 7 The Account Retrieval Ruse: When victims take to various platforms to complain about losing access to their accounts, the same, or new, threat actors reach out to them in the guise of investigators. To retrieve the frozen assets, they request victims to provide confidential information such as ID cards and bank details, via email. These details are then used to perpetrate other nefarious activities.
CloudSEK was approached by a victim who allegedly lost INR 50 lakhs (~ USD 64,000) to such a cryptocurrency scam, in addition to other costs such as deposit amount, tax, etc. We estimate that threat actors have defrauded victims of up to INR 10 Billion via such crypto scams.
The Way Forward
As a method of mitigation, Rahul Sasi suggests that, in the short-term, crypto related phishing domains should be identified and taken down at the earliest. However, in the long-term it is imperative for the collaboration between crypto exchanges, ISPs, and cyber crime cells to raise awareness and take action against threat groups.