Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Bitcoin Scams. Show all posts

Emerging Wave of Digital Criminals Targets U.S. Financial Systems

 

A recent study by the University of Surrey, in partnership with Nigeria’s Economic and Financial Crimes Commission (EFCC), reveals that cryptocurrency fraud in Nigeria is overwhelmingly carried out by young men, with males accounting for all convicted offenders and nearly two-thirds of them under 30. Over half (55%) of these cases target victims in the United States, illustrating a troubling cross-border crime trend.

The analysis highlights a growing wave of young, tech-savvy criminals leveraging digital currencies to execute sophisticated fraud schemes, making enforcement a major challenge. 

Dr. Suleman Lazarus, co-author and cybercrime specialist at the University of Surrey, pointed out the urgent need for global collaboration to address the issue, noting, “Our findings expose a surge in cryptocurrency fraud, led by a generation of male offenders using online platforms and digital currencies to conduct high-stakes crimes with global reach.”

The study involved a comprehensive review of case files, which revealed that platforms such as Facebook (27%), Gmail (22%), and Instagram (14%) are frequently used to contact and deceive victims. Notably, Bitcoin is the cryptocurrency of choice for nearly half (46%) of these schemes, complicating efforts to trace and recover stolen funds due to its inherent anonymity.

Financial gains from these scams vary widely, from as little as $1,000 to as high as $475,000 in cash, with some fraudsters accumulating up to 1,200 Bitcoin—worth an estimated $81.96 million. Contrary to the assumption that technical sophistication requires advanced education, only about 25% of the convicted fraudsters held a degree.

Dr. Lazarus emphasizes that the popularity of digital currencies calls for heightened awareness among law enforcement, policymakers, and the public to combat this evolving financial threat.

QNAP NAS servers attacked by Checkmate ransomware

 

A new ransomware strain known as Checkmate has recently come to the attention of Taiwanese vendor QNAP, and early research suggests that it is targeting NAS machines with SMB services that are accessible via the internet. SMB is a communication protocol that allows nodes on a network of devices to exchange access to files. 

Objectives: 

The ransomware adds the .checkmate extension to the filenames of encryption keys and leaves an extortion letter with the name !CHECKMATE DECRYPTION README on the compromised devices. 

According to a report by BleepingComputer, some forum users claimed to have contracted the Checkmate ransomware in June. For a decryptor and a decryption key, the hackers want payment from the victims in bitcoins worth $15,000 each. 

The malicious actors behind this campaign, according to QNAP, will use accounts compromised by dictionary assaults to remotely log in to devices that are vulnerable to remote access. After getting access, they begin encrypting files in shared folders, although according to victim claims, all the data is encrypted.

Resist ransomware threats 

The company advised users to utilize VPN software to decrease the attack surface and prevent threat actors from attempting to log in using hacked credentials. It also advised customers to avoid exposing their NAS machines to Internet access. 

Additionally, QNAP users were instructed to evaluate all of their NAS accounts right away, double-check that they're using strong passwords, back up their files, and often create backup snapshots in case their data needs to be restored.

Taking away SMB 1 
  • Visit QTS, QuTS hero, or QuTScloud and log in. 
  • Go to Win/Mac/NFS/WebDAV > Microsoft Networking under Control Panel > Network & File.
  • Then select Advanced Options. 
  • The window for Advanced Options appears. 
  • Select SMB 2 or higher next to the Lowest SMB version. 

QTS, QuTS hero, or QuTScloud updates 
  • Register as an administrator on QTS, QuTS Hero, or QuTScloud.
  • Go to System > Firmware Update in the Control Panel. 
  • Click Check for Update under Live Update. 

The most recent update is downloaded and installed by QTS, QuTS hero, or QuTScloud. Additionally, QNAP stated last month that it is "thoroughly researching" a recent round of attacks that began in early June and are aimed at spreading the DeadBolt ransomware.

In the past two years, a wave of ransomware assaults has targeted QNAP NAS users, leading the vendor to publish several alerts and urgent updates, and even encourage for end-of-life hardware.

Hackers Steal $17,000 in 'Double Your Cash' Fraud on Bitcoin.org

 

Bitcoin.org, the authentic website of the Bitcoin project was hacked by criminals who advertised a double your money scam and unfortunately, many people fell into the trap.  

On September 23, visitors to bitcoin.org were welcomed with a popup instructing them to send cryptocurrency to a Bitcoin wallet using a QR code and earn twice the amount in exchange. 

The message stated, "The Bitcoin Foundation is giving back to the community! We want to support our users who have helped us along the years," encouraging users to send Bitcoins to the attacker's displayed wallet address. 

"Send Bitcoin to this address, and we will send double the amount in return!" 

To add credibility to the claim, the false notice informed visitors that the deal was confined to the first 10,000 users. Users were unable to go beyond the bogus popup message, leaving the rest of the website unreachable for the timeframe of the fraud. 

Soon after the hack, Bitcoin.org's site operator(s), known as Cøbra, issued a public notice about the incident. The Bitcoin address used in the fraud received 0.40BTC, which was worth $17,000. The hacker transferred nearly all of the money from the primary wallet to two additional holding wallets. 

Although Bitcoin is assumed to have been established by an anonymous persona, “Satoshi Nakamoto,” the author of the research paper that gave birth to the cryptocurrency, a newer identity “Cøbra” has recently been observed running the Bitcoin.org website, social media, and community channels. 

Following Cøbra's notification, Bitcoin.org's name registrar Namecheap immediately blocked the domain until the problem was resolved. 

Unfortunately, as evidenced by the attacker's wallet balance, some cryptocurrency fanatics may have fallen for the fraud. The transaction history reveals several payments to the attacker's wallet from various Bitcoin addresses. 

According to Bitcoin.org's anonymous operator CobraBitcoin, the fraudsters may have obtained unauthorised access by exploiting a vulnerability in the website's domain name system (DNS). Hackers typically browse websites in search of underlying flaws that may be exploited to launch attacks. 

The website has been restored to its pre-hack state after being taken down to investigate the underlying cause of the security incident.

Ongoing Bitcoin Scams Show Power of Social Engineering Triggers

Over the last seven months, the number of Bitcoin scams has increased dramatically. The scams began around October 2020 and are still going on today. “Since October 2020, reports have skyrocketed, with approximately 7,000 people reporting losses of more than $80 million on these scams,” the FTC reported on May 17, 2021. 

It explains two different types of scams: The first is to entice victims to phoney websites that appear to be legitimate and offer investment opportunities and the second is essentially a celebrity scam, in which the alleged celebrity claims to triple every bitcoin investment instantly. Elon Musk's name is often used as a celebrity in the latter scam. He is used to lend legitimacy to the scam because of his business acumen and involvement in cryptocurrencies. 

The BBC reported on May 13, 2021, that a schoolteacher had lost £9,000 (nearly $12,750) after being duped into visiting a fake website. The study didn't say how she was tricked, but the website was a parody of the BBC. According to a fake news article, “Tesla buys $1.5 billion in bitcoin, plans to give $750 million of it away”, only the second half of the headline is incorrect. Tesla did, in fact, purchase $1.5 billion in bitcoin in February 2021, citing the need for “more versatility to further diversify and optimize returns on our cash.” 

Grammatical pedants may have seen a red flag in the fake BBC website's use of the word "giveaway" (generally a noun) instead of "give away" (the correct form for an action). Scams are known for grammatical and typographical mistakes, but the fake website is otherwise very convincing. The teacher invested £9,000 with the expectation of receiving £18,000 in return but got nothing. 

A month before, the BBC reported on a Twitter-based scam that resulted in a much larger loss. The real Elon Musk tweeted “Dojo 4 Doge” on February 22, 2021. Using the handle with the name Elon Musk on Twitter, a scammer offered a once-in-a-lifetime chance to send up to 20 bitcoin and earn double. The victim fell for it and submitted 10 bitcoins, which he promptly lost – about £497,000 (nearly $700,000).

Bitdefender, a security company, recently reported on two email campaigns with similar themes. In two separate campaigns, tens of thousands of fraudulent Tesla-related emails were sent. Both campaigns have the same pitch: send Elon Musk some bitcoin and he'll give you back twice as much. The first campaign makes use of a PDF attachment, apart from the PDF's post, which reads, "Our marketing department here at Tesla HQ came up with an idea: to hold a special giveaway event for all crypto fans out there," there is nothing malicious about it. The PDF contains instructions on how to send bitcoin and earn twice the sum in return. “ELON MUSK 5,000 B T C GIVEAWAY!” is a popular subject line for emails. 

Other emails, on the other hand, are personalized, including the user's username. Nearly 80% of the emails in this campaign seem to have been sent from IP addresses in Germany. According to the researchers, “11% of the fraudulent emails hit users in the United Kingdom, 79.26% in Sweden, and 9.22% in the United States.” 

The second campaign consists of a simple email containing details about the fraudulent giveaway and a Bitcoin Address QR Code that can be scanned by participants. The email reads, "If you want to participate in the giveaway, it's very simple! All you have to do is send any amount of Bitcoin (BTC) to our official donation address for this case (between 0.1 BTC and 50 BTC), and once we receive your transaction, we will immediately send back (2x) to the address from which you sent the BTC.” 

On the other hand, Bitdefender states that “at the moment, one of the perps' crypto wallets reveals 31 transactions totaling 1965.21 dollars.” All of these bitcoin scams show that it's almost impossible to keep users from falling for good social engineering – whether it's a scam or a phishing assault. In this scenario, the campaigns hit all the right notes: believability, celebrity endorsement, urgency, and most importantly, greed.