Counterfeit cryptocurrency exchanges have deceived Indian investors by more than $ 128 million (almost 1 billion rupees) as the global cryptocurrency market accumulates, a new report said on Tuesday.
Cybersecurity company CloudSEK said it has discovered an ongoing operation that includes several phishing domains and fake Android-based cryptographic applications.
“This large-scale campaign attracts unwary individuals to a huge gambling scam. Many of these fake websites are supplanting ‘CoinEgg’, a legitimate UK-based cryptocurrency trading platform,” according to the report.
CloudSEK was approached by a victim who allegedly lost Rs 50 lakh ($ 64,000) for such a cryptocurrency scam, in addition to other costs such as the amount of the deposit, taxes, etc.
“We estimate that the perpetrators of the threats defrauded the victims of up to $ 128 million (about 1 billion rupees) through such cryptographic fraud,” said Rahul Sasi, founder and CEO of CloudSEK.
While investors are shifting their focus to cryptocurrency markets, scammers and cheaters are also focusing on them, ”Sasi added.
Threat actors first create counterfeit domains that supplant legitimate cryptocurrency trading platforms.
The sites are designed to reproduce the control panel and user experience of the official website.
The attackers then create a female profile on social media to approach the potential victim and establish a friendship.
The profile influences the victim to invest in cryptocurrency and start trading.
“The profile also shares $ 100 credit, as a gift for a particular cryptocurrency exchange, which in this case is a duplicate of a legitimate cryptocurrency exchange,” the report mentioned.
The victim initially gets a significant benefit, which boosts their confidence in the platform and the threat actor.
After the victim apparently makes a profit, the scammer convinces them to invest a larger amount, promising better returns.
Once the victim adds his own money to the fake exchange, the threat actor freezes his account, ensuring that the victim cannot withdraw his investment, and disappears with the victim’s money.
When victims access multiple platforms to complain about losing access to their accounts, the same or new threat actors get in touch with them disguised as investigators.
“To recover the frozen goods, victims are being asked to provide confidential information, such as ID and bank details, via email. This data is then used to perpetrate other nefarious activities,” the report warns.
In the long term, collaboration between cryptographic exchanges, Internet service providers (ISPs) and cybercrime cells is imperative to raise awareness and take action against threatened groups, “Sasi said.
na / dpb
(Only the title and image of this report may have been reworked by Business Standard staff; the rest of the content is automatically generated from a syndicated feed.)