Russia-based cybersecurity firm Kaspersky recently released a report highlighting 2017’s cryptocurrency “social engineering schemes,” which saw criminals net millions in cryptocurrency value.
According to estimates given by Kaspersky’s research team, the cybercriminals managed to gain over 21,000 Ethereum, or approximately $10 million at the time of press, from the “social engineering” schemes seen in 2017.
So what did these schemes entail?
The cybersecurity firm noted that ICO and cryptocurrency giveaway scams were common, with cybercriminals “drawing inspiration” from legitimate business operations. The report noted:
Some of the most popular targets are ICO investors, who seek to invest their money in start-ups in the hope of gaining a profit in the future.
For ICO-related scams, the criminals would create fraudulent websites and emails/messages that emulate well-known projects. This method resembles the classic internet ‘phishing’ scam, which involves scammers trying to obtain funds or sensitive information by disguising as a trusted party.
Kaspersky gave the example of a Switcheo ICO scam, allowing for criminals to steal over $25,000 by promoting a misleading cryptocurrency address on Twitter, rerouting the funds from the official ICO wallet to the criminal’s wallet.
Another prominent scam involved the OmiseGo project, which is one of the most popular projects on the Ethereum network. In a similar method to the Switcheo scam, criminals created “hundreds of fake websites,” enticing users to send their hard-earned cryptocurrencies to the ‘legitimate’ address. The Russian firm noted that OmiseGo scams drew in over $1.1 million worth of cryptocurrency, by far one of the most damaging cases of “social engineering.”
Elon “Not Giving Away ETH” Musk
Another popular method enlisted by scammers was with ‘cryptocurrency giveaways,’ with bad actors creating social media accounts that pretend to be celebrities, entrepreneurs or even cryptocurrency personalities. The most notable cases of these scams include Twitter ‘giving away Ethereum’ scams, with scammers requesting for users to send Ethereum to an address, in exchange for a substantially larger payout.
Obviously, nothing ever comes of these requests, as the unfortunate few who send their funds to the addresses never get anything in return. The cybersecurity firm acknowledged cases where criminals would even mimic the Twitter accounts of Elon Musk and the founder of Telegram, Pavel Durov.
Musk, one of the world’s most prominent businessmen, acknowledged the “scambots” made in his likeness, jokingly issuing a Tweet calling these accounts out.
Nadezhda Demidova, the lead web content analyst at Kaspersky gave a statement regarding the scams, saying:
These new fraud schemes are based on simple social engineering methods, but stand out from common phishing attacks because they help criminals make millions of dollars. The success criminals have enjoyed suggests that they know how to exploit the human factor, which has always been one of the weakest links in cybersecurity, to capitalize on user behaviors.”
However, Kaspersky noted that its wide array of products have been working well to stave off scams, and have blocked over 100,000 attempts to scam its users using “fake exchanges and other sources” in the first half of 2018. Kaspersky closed the report by reaffirming that users should be wary while dealing with questionable cryptocurrency exchanges, offers, and wallets.