How are cyber criminals targeting cryptocurrency users?

How are cyber criminals targeting cryptocurrency users

Phishing attacks can be used to trick people into making payments in cryptocurrency.

Cybersecurity researchers believe that digital tokens and digital coins will become more popular, increasing the likelihood of fraud.

According to Proofpoint , cyber criminals send millions of phishing email per day using various techniques to steal Bitcoin and other cryptocurrency from victims.

Phishing attacks can be used to scam people into making payments in cryptocurrency.

According to the report Proofpoint blocks on average one million extortion email per day, with some days reaching nearly two million.

The report stated that Proofpoint researchers observed multiple objectives by cyber criminal threat agents relating to digital tokens, finance such as traditional fraud using business email compromise (BEC), to target individuals and activity targeting Decentralized Finance (DeFi) organisations that facilitate cryptocurrency storage.

“Both these threat types contributed to a reported 14 billion in cryptocurrency loss in 2021.”

Proofpoint detected regular attempts to compromise cryptocurrency wallets by credential harvesting.

This method relies on the delivery of a URL in an email body that redirects to a credential harvesting landingpage.

These landing pages are now asking for values to be used in the transfer and conversion of cryptocurrencies.

Many landing pages for credential harvesting are built with phish tools that can be used to make multiple landing pages or used in many hacking attempts.

Also Read: Bitcoin slumps below $23,000, lowest in 18 months

Phish kits enable cyber criminals to create a phishing page that is effective regardless of their level of skill.

They are pre-packaged files that include all the code, graphics and configuration files needed to deploy a credential capture website page. These files are easy to use and reusable, according to the report.

‘Email deception’

Phishing is a common form of financial crime (“BEC”) that targets business email compromise. The Proofpoint

Proofpoint observed that 2022 was the year of cryptocurrency transfers made via BEC attempts.

These requests can be made by targeting employees, impersonating as a deceitful means, and sometimes leveraging advanced fees fraud, extortion or payroll redirection.

Hackers send working login credentials to fictitious cryptocurrency wallets. They promise large amounts of Bitcoin if they deposit money first.

According to the report, losses due to crypto-related crimes increased by 79 percent in 2021. According to the US Federal Trade Commission (FTC , more than 46,000 victims reported losing over $1 million in digital currencies to scams.

Tether (10%) and Bitcoin (70%), were the top three cryptocurrencies that people claimed they used to scammers. Ether (9%) was also a popular choice. The likelihood of people aged 20-49 losing cryptocurrency to scammers was three times higher than that of those in older age groups.

“Threat actors are far ahead of general adoption, with an existing infrastructure and ecosystems that allow for the theft and use of cryptocurrency. The report stated that people are more likely to trust and engage with threat actors who try to steal cryptocurrency as they have a better understanding of how DeFi works or are interested in becoming a part “the next big thing”.

“Users should be alert to common social engineering and exploit mechanisms used by threat agents aiming at stealing cryptocurrencies.”


Please enter your comment!
Please enter your name here