Kaspersky: New Twitter Campaign Steals Cryptocurrency |
Kaspersky researchers discovered a spam campaign, spread via direct messages on Twitter, aimed at stealing cryptocurrency from users who were asked to help withdraw hundreds of thousands of dollars from crypto accounts.
To help this strange user, the victim has to create a VIP account on the scam website and co-pay the creation fee, which results in losing their digital currency.
With around 400 million monthly active users, Twitter is one of the most popular social networks in the world, connecting people who have never met before. As such, direct messages from strangers may not be new to Twitter users.
Through the message, a stranger who was in dire need of help and claimed that he could not access his account on the cryptocurrency trading site asked him to help him withdraw a certain amount of cryptocurrency from his wallet.
In the message, he provided his username and password, the amount of digital currency in the wallet, usually in the hundreds of thousands of dollars, and asked the target user to enter a specific website.
Kaspersky experts believe that strangers can promise victims small amounts of money in exchange for assistance with withdrawals, but this is still just a trap targeting as many users as possible.
The victim landed on a website posing as an investment platform, entered the username and password received from the foreigner and went to the foreigner's account, where they found the exact amount. But the appearance of the page in the eyes of potential victims, with its poor design and appearance, should arouse suspicions about itself, especially since the contact list contains only email addresses and not the names and photos of the creator's victims.
In order to withdraw, the victim has to provide their wallet address and blockchain number, and then they are suddenly asked to enter a password they don't have. The platform provides the victim with a direct transfer to the system. In this case, no additional password is required, and instead, victims are asked to create a VIP account which costs a small amount of money. Once the victim has registered with the system and entered their wallet details to create a VIP account, the money is stolen from their account without receiving anything in return.
Andrei Kovtun, a security expert at Kaspersky, said the fraudulent scheme was “discovered for the first time,” noting that the attackers pretended to be ordinary people on Twitter and asked strangers to help them get money from cryptocurrency wallets if they intended to steal the funds. target user account.
He added, “Unfortunately, this scam is not the only way to steal users. Cryptocurrency remains an attractive topic for cybercriminals as more and more users open and transfer their cryptocurrency wallets. The currency is converted into digital currency in their traditional wallets. Even worse, the technology The blockchain leaves no trace for attackers.
In anticipation of more sophisticated cryptocurrency fraud methods, Kovtun urges users to be careful and understand how to protect their accounts, wallets, and cryptocurrencies.
To avoid becoming a victim of spam campaigns, Kaspersky advises to beware of messages that convey urgency, as spammers often try to use them to exert pressure; The subject line can include "urgent" or "to take immediate action" and the like.
The company recommends that you be careful with spam emails, preferably not to click or open them, but to delete them if they are suspicious. Responding to spam is a dangerous practice because it warns scammers that the email address is valid and valid and prompts them to send more spam. You should avoid clicking links or opening attachments in these emails to avoid downloading malware or becoming a victim of a phishing attack.
And if the user receives a message or a letter from his friends, he should remember that there is a possibility that their accounts may be hacked, even if the message seems friendly, so links and attachments should always be treated with caution. It is also a good idea to install a reliable security solution and follow its recommendations, as it will automatically solve most problems and alert the user when needed.