カテゴリーアーカイブ: Scams

7,000 BTC Lost in Hangzhou Scam

This article was originally published by 8btc and written by Vincent He.Nearly 100 victims from various parts of China have reported to the Hangzhou police bureau, claiming that they were deceived by two young me…

Report Claims That “Sextortionists” Absconded With Over $300,000 in Crypto in 2018

sextortion.jpg

Most cyberattacks in the crypto space involve hackers finding a way around the security of crypto exchange platforms and gaining access to users’ funds. Last year saw the entry of a new breed of cyber extortionists that seems to be gaining ground, so much so that they were able to steal over $300,000 in bitcoin (BTC) tokens in 2018.

According to a report by research and risk assessment firm Digital Shadows, this scam was committed through a wide array of “sextortion” blackmail strategies, which included the weaponization of emails.

The report, which was titled “A Tale of Epic Extortions: How Cybercriminals Monetize Our Online Exposure,” revealed that the scam started back in 2017. However, it only gained mainstream notoriety in the middle of 2018, after its list of victims continued to grow.

Digital Shadows was able to track over 792,000 targeted emails, where it discovered the loss of about $300,000 worth of bitcoin, which was stolen from over 3,000 bitcoin wallet addresses.

How They Operate

The goal of the cybercriminals is to convince the victim that their system had been hacked, allowing them to obtain valuable information that could expose their intimate activities.

To look convincing, the extortionists provide the victim with a known password, also known as “proof” of compromise — this is meant to offer evidence of the hack. Then they claim to have footage of the victim watching porn online, urging them to pay a ransom in bitcoin or risk exposure.

As with most email scams, the composition of the emails is often a problem. Per the report from Digital Shadows, the construction of the email could make the difference between one that gets past a spam filter and the one that doesn’t. Some sophisticated criminals go to great lengths to distribute emails at scale by using freshly minted outlook.com addresses.

“Across the emails we collected, there was a variation in the capabilities displayed by the attackers. Certain spammers showed little understanding of how to craft and distribute emails on scale, sending malformed emails that would never make it past a mail server or spam filter,” the report reads.

Based on the examination of their IP addresses, the firm noted that the scam wasn’t localized to a single region. Scammers operated across a wide array of locations, with the highest percentage of the emails being sent from a position in Vietnam (amounting to 8.5 percent of the total emails sent); 5.3 percent of the emails were sent from somewhere in Brazil and India came third with 4.7 percent of the total email count.

Targeting Married and “High Net Worth” Individuals

The cybercriminals targeted individuals with high net worth, as they believe these groups could easily pay the ransom without “dragging the process for too long.”

The scammers also targeted married individuals. The criminals often use marriage as extra leverage over the victims, providing an additional incentive to convince the victim to make the payment.

Online Crowdfunding Campaigns

The Dark Overlord (TDO), a prominent extortionist group which, after a brief break, returned in 2018 with a new modus operandi, was featured in the report.

The criminal group changed its model from extorting victims directly to selling “stolen data in batches to other users on criminal forums, and adopted an altogether more unusual tactic: online crowdfunding campaigns.” Using online crowdfunding campaigns, extortionist groups like TDO can raise the ransom the victim would have paid from members of the public desperate to unlock the troves of data in their possession.

The extortionist group reportedly started its career selling data on TheRealDeal, a forum on the dark web. When the forum folded, they went on a spree of extortions, including directly contacting their victims and threatening to expose their private information if their demands weren’t met.

TDO kept providing regular updates of their operations via their Twitter page. The group went back to the dark web in September 2018, recruiting extra accomplices and selling their acquired data on KickAss, another criminal forum. They set up The Dark Overlord Sales, a subsection of KickAss, to sell their data to other parties on the platform.

The cybercriminals victims included insurance provider Hiscox, which lost over 10GB of sensitive data related to the 9/11 bombings to the group. Their operation pattern shows the effectiveness of using crowdfunding platforms to gain more publicity online, while also generating sustainable revenue.

This article originally appeared on Bitcoin Magazine.

Target and Google Official Twitter Accounts Hacked, Used for Crypto Scams

Twitter scams

In what is becoming an emerging trend, Twitter accounts of popular brands are being hacked in an attempt to scam unsuspecting users out of their cryptocurrencies.

Target and Google are two high profile targets that have seen their accounts taken over by hackers who, in turn, have used them to scam followers by advertising fraudulent crypto giveaways.

Google’s G Suite Twitter Account is Hacked!! pic.twitter.com/JdB7huGksO

— Burton (@B_u_r_t_o_n) November 13, 2018

Target’s Twitter account, which is followed by nearly 2 million users, posted a tweet, confirming the hack which occurred on November 13, 2018. The retailer stated:

“Early this morning, our Twitter account was inappropriately accessed. The access lasted for approx. half an hour & one fake tweet was posted during that time about a bitcoin scam. We have regained control of the account, are in close contact with Twitter & are investigating now.”

Seemingly targeted by the hacking syndicate, Google’s G Suite Twitter account was breached hours after Target fell victim. The hack on Google was marked by the same tactics as the one that plagued Target — a scammy tweet ridden with typos promising free bitcoin to G Suite’s 800,000 followers.

A Google spokesperson confirmed the hack to Business Insider in a statement:

“This morning an unauthorized promoted tweet was shared from the G Suite account. We removed the tweet and are investigating with Twitter now.”

These incidents are a more sophisticated version of the Twitter scams that have become a constant nuisance for the cryptocurrency community. Typically, these scams include bad actors merely imitating popular figures in the crypto industry with near-identical profiles, though it’s rare for the real accounts themselves to be taken over to advertise the scams.

While it’s unclear how scammers are gaining access to the brands’ social media account, it’s obvious new measures are needed to combat the scams.

Criticized in the past for its failure to devise a clear defense against these incidents, Twitter is reportedly working on counter security measures to prevent similar breaches like the one witnessed by Target on its platform in the future.

Earlier this year, anti-fraud software company MetaCert released Cryptonite, a browser extension that safeguards users against fraudulent accounts.

This article originally appeared on Bitcoin Magazine.