CloudSEK unearthed an ongoing operation involving many phishing domains and Android-based bogus cryptocurrency apps. As the global cryptocurrency market collapses, fake cryptocurrency exchanges have tricked Indian investors out of roughly Rs 1,000 crore.
Be wary of cryptocurrency fraudsters, who are always seeking for new methods to defraud Indian investors and take their digital riches. This includes phishing scams, harmful cryptocurrency exchange design, and pump and dump tactics.
A fresh revelation claims that fake cryptocurrency exchanges have cheated Indian investors out of more than $128 million (almost Rs 1,000 crore) as the global crypto market collapses.
CloudSEK, a cyber-security firm, announced the discovery of an ongoing operation comprising various phishing sites and Android-based fraudulent crypto apps.
According to the research, “This enormous operation dupes unwary people into a gigantic gambling scam. Several of these phony websites replicate “CoinEgg,” a licensed cryptocurrency trading platform based in Britain.”
CloudSEK was approached by a victim who claimed to have lost Rs 50 lakh ($64,000) in a cryptocurrency fraud, in addition to additional fees such as deposit, tax, and so on.
Founder and CEO of CloudSEK, Rahul Sasi, stated that his company believes that threat actors have defrauded victims out of about Rs 1,000 crore (approx. $128 million) through similar cryptocurrency schemes,”
As investors move their attention to cryptocurrency markets, fraudsters and cheaters follow behind,’ Sasi added.
Threat actors begin by creating bogus websites that imitate actual cryptocurrency trading platforms. The webpages are intended to mimic the dashboard and user experience of the official website. The attackers then build a female social media profile in order to approach the possible victim and form a connection. The victim is influenced by the profile to invest in cryptocurrencies and begin trading.
According to the study, “the profile also shares a $100 credit as a gift to a specific cryptocurrency exchange, which in this case is a replica of a real cryptocurrency exchange.”
The victim makes a substantial profit at first, which increases their faith in the platform and the threat actor. After the victim seems to earn a profit, the fraudster persuades them to invest more money, promising larger profits.
When the victim deposits their own funds into the bogus exchange, the threat actor blocks their account, preventing them from withdrawing their funds, and then vanishes with the victim’s funds. When victims complain about losing access to their accounts on numerous platforms, the same or new threat actors contact them under the pretext of investigators.
The study alleges that “In order to obtain the frozen assets, they email victims and request private information such as ID cards and bank account information. These details are then used to conduct other harmful activities.”
Long-term coordination between crypto exchanges, Internet service providers (ISPs), and cybercrime units is required to increase awareness and take action against threat groups, according to Sasi.