3 min read

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Alina BÎZGĂ

May 24, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Digital currencies are galvanizing social engineering scams and hacks across the online world. Bitdefender’s latest analysis of crypto-based spam once again reveals the creative side of digital pick pockets as they try to trick internet users.

Scam emails announcing you’ve been transferred a hefty sum in bitcoin on a shady crypto investment platform have been popping up in users’ inboxes across the globe. The email subject and body are poorly redacted but pique the readers’ interest by mentioning a large crypto deposit ranging from 19 to 35 bitcoin that can be accessed via a sketchy domain [coinment.net] registered on May 5.

Distribution-wise, the scam emails have reached users in the US, Canada, UK, South Africa and Australia.

Subject lines include:

· Payment Done

· Coinment Investent

· details please

· Your BTC Has Been Transfar ($ 19.4 BTC)

The body of the scam emails contain a numerical ID and password recipients need to use to log in to the so-called crypto investment platform.

As mentioned, the domain name is very recent, and despite the detection of HTTPS protocol, the webpage delivery is at best superficial.

Now, let’s take a closer look at this fake website. As you can see in the screenshots below, the sketchy façade of the website is apparently linked to the blockchain industry. It’s poorly designed and requires various user interactions to get into the sign-in menu.

Once users reach the Sign-in page, they are prompted to fill in the ID and password from the initial email. And here’s where it gets a bit more interesting, with a popup message appearing on the screen citing a Critical Update:

“Your account balance is currently 802.7 BTC (€22,889,448.04). For your security, you are now required to protect your account by choosing a more secure password and enabling OTP.
You can no longer skip this requirement as the maximum number of skips has been reached.”

Sound too good to be true? That’s because it is. Although the apparent concern for account security may provide peace of mind to users, don’t be fooled. After changing the password to their multi-million dollar crypto account, users need to fill in their phone number to receive a secure PIN code to access the account.

We weren’t lucky enough to get our hands on 22 million in euros – since no OTP was received - and we don’t recommend you try either.

The promise of free money is compelling. However, free cash or cryptocurrency always comes with a price including your privacy, data and money. Offers such as this are always fake, and users risk losing much more than they bargained for.

This type of swindle closely resembles an advance-fee scam, which usually requires users to provide financial data or pay large sums to receive the ‘prize’.

Are you stuck in a digital limbo not knowing what platforms to trust. Particularly interested in securing your identity from digital thieves? Look at our Ultimate Security pack to benefit from advance malware protection, anti-phishing, and anti-fraud filters, ongoing identity monitoring, a fast VPN, and a cross-platform Password Manager for the most comprehensive security and privacy pack to guard your data and ensure your financial wellbeing.

Find out more here

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Flaw allowed man to access private information of other Brinks Home Security customers Flaw allowed man to access private information of other Brinks Home Security customers
Graham CLULEY

November 30, 2022

2 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
Alina BÎZGĂ

November 29, 2022

2 min read
Hackers Steal Crime Files in Attack on Belgian Police Station, Then Demand Ransom Hackers Steal Crime Files in Attack on Belgian Police Station, Then Demand Ransom
Filip TRUȚĂ

November 28, 2022

2 min read