Researchers at Proofpoint have detected a new series of email fraud campaigns trying to lure potential victims with the promise of a considerable amount of tax-free cryptocurrency.
In this new Advance Fee Fraud scheme, scammers employ advanced social engineering tactics and send potential target functioning sets of login credentials to fake cryptocurrency exchange platforms and then tempt victims with the promise of being able to withdraw hundreds of thousands of dollars worth of cryptocurrency from an already established account on the platform.
Although similar to other conventional Advance Fee Fraud techniques, these new campaigns are highly sophisticated from a technical point of view and are fully automated. They also require substantial victim interaction as a victim would first need to login into the platform and create their own account on it to even begin trying to withdraw any cryptocurrency.
In a new write-up, Proofpoint researchers highlight the fact that the use of cryptocurrency is notable because it delivers anonymity for both the scammer and the potential target. Potential victims may fall into the trap of how the money would be acquired anonymously and tax-free since it is in Bitcoin.
Proofpoint researchers say they first discovered the campaign in May 2021 using a coins45[.]com landing page. The most recent version, which started in July, directs potential victims to securecoins[.]net.
According to the Proofpoint researchers, every single email strategy has been dispatched to anywhere from tens to hundreds of recipients across the globe. However, emails from the same campaign comprise the same credentials for all recipients and it appears that multiple people can log in with the same user ID and password if they log in from a unique IP address and browser. The moment the potential target changes the password and adds a contact number though, the account becomes exclusive and victims will not see any traces of other victims' activities.
Consumers that create an account for the phony cryptocurrency platform will see that there is 28.85 BTC in their bitcoin wallet. To get this money out of their funds, victims first require to transfer 0.0001 BTC to ensure everything works smoothly. After successfully accomplishing this, victims discover that the minimum withdrawal amount is 29.029 BTC and they must add more money in order to be able to withdraw the full amount. However, even if they do add the required funds, they won't be able to withdraw all of their Bitcoin from their account on the platform.
As is the case with other email fraud campaigns, users need to remain cautious of any emails from unknown senders promising them a financial incentive. While Proofpoint has identified and brought light to a number of these campaigns, the firm's researchers believe that the scammers accountable will continue to evolve their strategies in future campaigns.