The Crytocurrency Scam - A misuse of Social Engineering so sleek, it feels real
Introduction
With the increase in the adoption of crytocurrencies, a lot of scammers come out with newer methods to use technologies unknown to the masses to steal money and run various scams. Below are a few terms you need to know about before moving forward with the case study.
Wallet: A place where one can store various cryptocurrencies. Helps serve as an identity in the world of blockchain
Exchange: A place where one can buy, sell, trade and convert cryptocurrencies. A lot more features may be available depending upon the exchange.
The Beginning
The victim is approached with a link by either of the 2 methods:
- Referral System: Used mainly by an affiliate marketer, a referral link looks mainly harmless, leading to a lot of people falling a victim to the scam.
- Message Spam via Whatsapp: The victim receives the link via a spam message sent by the scammer. It is perfectly crafted to look as if it is genuine.
The link received is that of a Whatsapp Group. The message contains an offer to work as a registered advisor for the company after you’ve been trained to be one. After this the company the group is run by, will come and sign a contract with you, giving you a fixed income along side commission. The message also highlights that no monetary deposit will be required.
The message is made to seem completely normal as if a company is hiring and got your number from a database sold to them. Due to the no deposit highlight, a lot of people join the group, in hopes to earn and become rich.
The Whatsapp Group
The victim then joins the group, and finds themself among a few more members. They also see more people joining the group via an invite link, making them feel a false sense of security, as there are others in the group too who would be able to warn the others if anything goes wrong. The victim is then greeted by a person named Anthony (for the sake of this case study) on the group who then proceeds to send the message similar to the one given below:
Hello everyone, I am your old friend Anthony. Today’s course content: 1 (eight trading rules of moving average)
The victim is then greeted back by messages as such sent on the group (These are mostly other numbers the scammer(s) use(s)) :
Thank you Mr. Anthony for coming back
If I could learn from Teacher Anthony early, I would not lose $1,000 in the transaction
The group also receives messages regarding the doubts of the contents he is teaching via sending images and texts. Some of these are:
Teacher, is this technology suitable for all markets?
Why does the teacher operate small currencies and why not buy mainstream currencies?
The answers to the same are then given by Anthony and he proceeds forward with the course.
Scam Execution
The teacher Anthony then proceeds forward by saying they’re a part of a VIP group and that they can earn more and can also earn steadily only after using the exchange he told them to use to trade. For security purposes, we will name this exchange ‘TechCrypt Exchange’. He also gives them various offers after suggesting the same:
Recharge 10,000 US dollars, and Mr. Anthony personally guides the transaction. And join the VIP group. Trading signals 4 times a day.
Recharge 2000-6000 USD. I will privately provide trading signals 3 times a day. 🔮
Top up 500 US dollars to become an agent. The agent can invite other friends to enter TechCrypt for trading. For example, if you invite a friend who trades BTC to generate a handling fee of 1,000 USD, you can get a reward of 700 USD, which will be rewarded by TechCrypt to the agent. Your own trading account will also reduce the transaction fee by 70%, which will be returned to your account after 1 month. Trading signals once a day. 💎
For every 5 valid friends invited (a recharge of more than US$100 is regarded as a valid friend), they will be upgraded to a valid agent and a cooperation contract will be signed with the platform. According to the performance, monthly salary of 100-500 US dollars + subordinate member transaction fee 25% in return, Mr. Anthony sends out 1 transaction signal every day in the agent group, officially becomes an agent, and has the opportunity to join the VIP group.
On being asked as to why his students can not use more reputed exchanges such as Binance, his other account responds with:
Binance accounts do not support small currencies such as CBT. Only TechCrypt can buy it
Although an offer at first, his alternate account then starts removing people after a few calls stating that only those who transfer funds to their own TechCrypt wallet will be allowed to stay in the group. Along with this a lot of people (supposed alternate accounts of the scammer(s)) start saying they transferred the money and they are now earning and to thus not remove them. The victim, then acting on his fear of missing out transfer 700 USD worth Bitcoin(BTC) to his TechCrypt account in hopes to continue receiving tips and earn money. He then sends his confirmation on the group after which he is still removed and blocked by most of the numbers on the group. Angry, the victim checks the website of TechCrypt, only to find, there is no button now on the website, allowing him to withdraw or transfer his funds. The realization of him being scammed slowly sinks in.
The Research
Cryptocurrencies are known to keep their transactions transparent. Upon using the Wallet ID to find out more about the transactions, it was found that the money was transferred to another anonymous wallet and then various other wallets from there. This made the back tracing extremely difficult and the money is impossible to recover.
On researching about the site, the domain was registered less than 6 months back and had an extremely low trust score.
Conclusion
- Do not ever transfer funds to any exchange or wallet before checking out the reviews.
- Do also make sure it is used by various people, is in the market since long and is trusted by various known traders.
Social Engineering is improving and scams are increasing and you may never know how you lost your money or data if you’re not careful.
Even though cryptocurrencies boast to be transparent and secure, it has little capabilities to avoid and revert scams. It instead makes them easier due to anonymity and technologies unknown to the masses.
Hey liked a blog just few things
ReplyDelete1) how is social engineering involved?cause this is a classic whatsapp scam
2)you mentioned check the review of the wallet?
3)isnt one wallet used by more people more risky?
4)how did cbt token come all of a sudden?
Awesome blog way to go!!
Hey, thank you for the review, here are the answers to your questions
Delete1) A classic WhatsApp scam consists of the scammer charging you money for something and disappearing after that. In the case above, the transfer is done to a completely fake website which claims to be an exchange. Getting a user to trust and transfer such a large amount of funds does require Social Engineering
2) Yes, each and every wallet provider has a review regarding it on the internet
3) A wallet is used by one person only, a wallet provider provides wallets. An exchange, can function as a wallet provider as well
4) CBT was used as a reference as to which all coins are not available on Binance, so as to trap users by giving them the Fear of Missing out on earning on not so popular coins
Very informative, great going Aayushya. 👏
ReplyDelete