Cyber ​​security researchers have discovered a new scam that uses advanced social engineering strategies to steal Bitcoin from users.

Who are the victims of the Bitcoin scam

According to the Proofpoint researchers, the scam is of type Advance Fee Fraud, otherwise defined “Nigerian scam”, a real trap that follows a pre-established script and induces the unfortunate to fall into deception.

These are mainly advanced investors, therefore used to exchanging Bitcoin or other cryptocurrencies, and who know how wallets work.

The selected victims receive an email that promises the possibility of withdrawing cryptocurrencies worth hundreds of thousands of dollars, redeeming 28.85 Bitcoins, for a value that today is around 1,373,895 dollars.

How the scam works

Thousands of identical emails are sent to potential victims. The message contains the login credentials to phantom private Bitcoin investment platforms that can be used for the first entry.

Subsequently the user must change their password and enter their phone number for security reasons. The scammers make an automatic call by sending the password (OTP) to enable additional account security: the alleged multi-factor authentication reassures the victim who tries to enter the account to redeem the 28.85 BTC promised in the received email.

At this point the problems begin:

victim is required to transfer 0.0001 BTC ($ 4.75) to the account

then the victim is informed that to redeem the Bitcoins it is necessary to make a minimum withdrawal of 29,029 BTC, then make an additional deposit of 0,179 BTC (equal to 8520 dollars)

in August, the scammers added an additional “fee” by asking users to pay an annual fee of 0.0005 BTC upfront.

Previous scams

According to the Proofpoint researchers the first of these email scams occurred in May 2021, based on the coins45 landing page[.]com. In July 2021 a new one has started that is based on the securecoins page[.]net.

The reason why the scam has taken hold in several states is due to the use of cryptocurrency, which guarantees anonymity to both cybercriminals and the potential victim, attracted by the possibility of obtaining money anonymously and tax-free.

“Proofpoint has looked at some of the cryptocurrency wallets associated with this business, and at least one has total transactions in the hundreds of thousands of dollars,” explains Proofpoint’s Vice President.

Bitcoin: how to defend against scams

When you receive an email, always check that the address belongs to the legitimate company (and that it is an authorized company).

Check that the email, logo and trademark are exactly the same

Verify that the email address is legitimately linked to the company

And above all, never click on a link contained in a message that directs you to a site.

(Claudia Cervi)