Published on February 6th, 2021 📆 | 7039 Views ⚑0
Fraudsters Target Discord Users in Cryptocurrency Scam
Fraud Management & Cybercrime
Kaspersky: Victims Receive Unsolicited Messages Promising a Monetary Gift
Prajeet Nair (@prajeetspeaks) •
February 6, 2021
A scam message promising free ethereum virtual currency (Source: Kaspersky)
Kaspersky researchers are warning that fraudsters are targeting Discord users with a scam centered on a fake cryptocurrency exchange and using the lure of free bitcoin or ethereum cryptocurrency to steal money and personal data.See Also: Rapid Digitization and Risk: A Roundtable Preview
The latest cryptocurrency scam lures victims on Discord’s cryptocurrency servers by sending a private message that looks like an ad for a genuine up-and-coming trading platform giving away cryptocurrency and deploys social engineering tactics to drive sign-ups, according to the report.
“The reasons for such alleged generosity vary from message to message, but whether the exchange is supporting traders in difficult times or trying to attract new users, the thrust is always the same: The lucky addressee has been randomly chosen to receive an impressive payout in bitcoin or ethereum,” Kaspersky notes.
Discord was created for gamers, but its handy system of servers, channels and private messages is used by a wide cross-section of people ranging from study groups to fans of cryptocurrency, Kaspersky says, making them a perfect target for scammers.
James McQuiggan, security awareness advocate at security firm KnowBe4, says these attacks are similar to what happened last summer with Twitter. The attackers use social engineering to conduct a scam by creating a false sense of urgency and the promise of a payout (see: ‘Crypto’ Scammers Weren’t the First to Crack Twitter).
“This scam is a typical ploy preying on people with several emotions, like greed, curiosity and urgency. Victims are enticed with the opportunity to win money if they sign up for an account and add some money to it,” McQuiggan notes.
The fraudsters attempt to first placate the victim by filling the unsolicited message with fun emojis and adding in detailed instructions – and a code – for accepting the digital currency gift. The message provides a link for registering on the purported digital currency trader’s cryptocurrency exchange, according to Kaspersky.
Upon clicking the link, victims are redirected to a well-designed site that looks like a cryptocurrency exchange, including details such as exchange-rate information, charts, order books and trading history, the report notes.
“Visitors will also find technical support and several language options. Someone clearly went to a lot of trouble to make the site look legit,” the researchers note.
Kaspersky notes that the attention to detail extended to offering victims two-factor authentication to secure their accounts, plus anti-phishing protection.
To finish the registration, the victim is supposed to make a small cryptocurrency deposit – now or later – or go through a Know Your Customer (KYC) identity check that adds another layer of legitimacy, the report says.
“The procedure is just like one you might find on a legitimate exchange, requiring contact details, a photo of an identity document, and a selfie taken with both a piece of ID and a sheet of paper with the address of the exchange, registration date, and signature,” researchers say.
Researchers say the scammer is looking to create a database to sell. To collect the data, including financial details, it says it uses these personal data sets to confirm users’ identities, as this information is more valuable on darknet sites.
“Also supporting our conjecture is the scammers’ insistence that photo IDs must not be marked in any way,” researchers say.
After finishing the registration process, the victim is told to activate the supplied prize key from the message in Discord and receive his or her payout,
“The system accepts the code, and the promised bitcoin or Ethereum coins appear in their account. When the victim tries to move the coins from the exchange to their own wallet, however, they find only roadblocks,” researchers note.
Then the scammer claims they need a top-up, demanding 0.02 in bitcoin or an equivalent amount in ethereum or U.S. currency. “Any money sent to the scammers is gone for good, of course, and the prize was never real,” researchers state.
McQuiggan says this example demonstrates why people need to use their security awareness training not just at work, but within their personal lives as well.
“While Discord hosts the opportunity for social events, like gaming, or even infosec conferences, cybercriminals are leveraging the lack of awareness for these environments and socially engineering the attendees into turning over a small amount of money to hopefully collect a more considerable windfall,” says McQuiggan.
originally appeared on Source link