Crypto Scams- As Investors Shift Their Focus To Lucrative Crypto Markets, Scammers And Cheaters Are Turning Their Attention To Them Too CloudSEK CEO. A large number of phishing domains and Android apps with the keyword CoinEgg’ were used to trick victims. CloudSEK called for the identification of crypto-related phishing websites and a crackdown on such websites by authorities.
Cyber security company CloudSEK has estimated that Indian victims have lost up to INR 1,000 Cr in various cryptocurrency scams so far.
As investors shift their focus to the lucrative cryptocurrency markets, scammers and cheaters are also turning their attention to them. We estimate that threat actors have defrauded victims of up to INR 10 billion through these types of crypto scams, said CloudSEK Chief Operating Officer CEO Rahul Sasi.
As part of its ongoing operation against fake cryptocurrency exchanges, CloudSEK said it discovered a range of phishing domains and Android apps, with the keyword CoinEgg, that were used to trick victims.
This large scale campaign lures unsuspecting people into a huge gambling scam. Many of these fake websites are posing as CoinEgg, a legitimate UK-based cryptocurrency trading platform, the cybersecurity firm said in a statement. (crypto scams)
The platform started its investigation after a victim approached it and lost INR 50 Lakh in one such scam.
The modus operandi
The company said that the fake crypto exchanges operated on a piecemeal basis to trick victims. These fake exchanges apparently registered fake domains that were posing as legitimate trading platforms. According to CloudSEK, these platforms emulated the dashboard and user experience to lure victims.
Cybercriminals also created fake social media profiles with female aliases to lure victims and entice them to invest in cryptocurrencies. Subsequently, these so-called identifiers would share a $100 credit with the victim of the duplicate crypto exchange.
The victim would initially get higher returns on the credit, after which the scammer would convince them to invest a larger amount, promising better returns. Once the victim added her own money to the wallet, the scammers would freeze the account and walk away with the money.
Victims of phishing websites were told to pay 22% of their winnings as taxes before they could claim their funds. It would also add a “deposit tax” condition to the victim, if the winnings exceed $250K. The platforms perpetrating the scam would then order a permanent account freeze if the two conditions were not met. (crypto scams)
Some victims were also later deceived under the guise of the investigation. CloudSEK discovered that the same group of scammers or a new one would approach the victims and offer to help them recover the frozen assets. These cybercriminals would then collect other sensitive information such as bank details and email id to perpetrate other crimes.
Research by the Singapore based company also found that once a fake domain was removed, the threat group continued to contact unsuspecting victims, redirecting them to alternate domains to access the fake crypto exchange. (crypto scams)
Sasi urged authorities to identify crypto-related phishing websites. Additionally, she called on government officials, crypto exchanges, and Internet Service Providers ISPs to raise awareness and take action against these cybercriminals.