- The CoinEgg scam uses fake domains and social media accounts to coax users into investing in fake exchanges.
- After making victims invest, scammers approached them as investigative agents who could help with the scam.
- How long the fraud has been going on is unclear at the moment.
“We discovered an on-going malicious scheme involving multiple payment gateway domains and Android-based applications, used to lure unsuspecting individuals into a mass gambling scam,” the company said in a blog post.
According to the researchers, the threat actors created multiple fake domains impersonating crypto trading platforms, with the word ‘CloudEgg’ in them. “The sites are designed to replicate the official website’s dashboard and user experience,” the company said, adding that the scam is divided in seven phases.
After creating the fake domains, in the second phase, the attackers create a female profile on social media “to approach the potential victim and establish a friendship”. This profile is used to influence the victim to invest in crypto and start trading. “The profile also shares USD 100-dollar credit, as a gift to a particular crypto exchange, which in this case is a duplicate of a legitimate crypto exchange,” the firm said.
The victims are enticed to sign up for the fake exchanges using this free credit, and start trading using the same, based on instructions from the attacker. They eventually invest their own money and “seemingly” make profits, which in turn convinces them to invest even higher amounts.
Once the victim adds their own money, the attacker freezes their account to keep them from withdrawing the funds and disappears.
You would think that the scam ends here, would you? It doesn’t.
In the seventh phase of the scheme, when the victims take to other platforms to complain about their experience, the attacker uses other fake accounts to reach out to them and pose as if they are investigators. “To retrieve the frozen assets, they request victims to provide confidential information such as ID cards and bank details via email. These details are then used to perpetrate other nefarious activities,” the researchers said.
CloudSEK, of course, isn’t the first or only firm to flag a rise in crypto scams around the world recently. In an interview with CNBC last week, Sean Ragan, a special agent with the Federal Bureau of Investigation (FBI), said that crypto scammers are targeting users through LinkedIn and pose a “significant threat” to the platform’s users.
Yesterday, research by fact-checking platform Logically, noted that influencers affiliated with American political conspiracy Qanon have been persuading their followers to invest in fraudulent crypto tokens.
Rahul Sasi, the chief executive of CloudSEK, said that in the short-term crypto-related phishing domains have to be taken down earlier; but crypto exchanges, internet service providers, and cyber crime cells have to work together in the long run to avoid such scams.
SEE ALSO: