KEEP UP TO DATE WITH ALL THE IMPORTANT COVID-19 INFORMATIONCOVID-19 RESOURCE PORTAL

FANews
FANews
RELATED CATEGORIES
SUB CATEGORIES General |  Currency Hub | 

Kaspersky detects over 1,500 fraudulent global resources targeting potential crypto investors and highlights the threat of malicious crypto miners in Africa

01 September 2021 Kaspersky

Since the beginning of 2021, Kaspersky has detected more than 1,500 fraudulent global resources aimed at potential crypto investors or users who are interested in cryptocurrency mining. During this period, the company also prevented more than 70,000 user attempts globally, to visit such sites¹.

The most common schemes used by cybercriminals included:
• Creating fake cryptocurrency exchange websites: in this case, the user is allegedly given a coupon for replenishing an account on a crypto exchange. However, to use it they must carry out a verification payment of usually no more than 0.005 Bitcoin (about 200 US dollars), which becomes the cybercriminals’ profit.
• Sending messages about fake sales of video cards and other equipment for mining: to purchase equipment, the user needs to make an advance payment. After providing it, the author of the ads stops communicating.
• Creating phishing pages with various content to steal private keys, which allow cybercriminals to gain access to all digital assets associated with a crypto wallet.

Globally, cryptocurrency mining malware wreaked havoc in 2018, infecting more than five million people in the first three quarters of that year. And Kaspersky’s research shows that in some African countries, the threat of malicious crypto miners, remains prevalent. Currently in South Africa, the share of all users targeted by malicious crypto miners in H1 2021 was 0.60%. In Kenya, the share of all users targeted was 0.85% and in Nigeria, 0.71%.

“Although these percentages may be interpreted as low and may not seem significant to users, crypto-miner malware has been identified as one of the top 3 malware families rife in South Africa, Kenya and Nigeria at present, which we believe emphasises that as cryptocurrency continues to gain momentum, more users will likely be targeted,” says Bethwel Opil, Enterprise Sales Manager at Kaspersky in Africa.

In certain African countries, the share of all users targeted by malicious crypto miners is much higher: Ethiopia shows a share of 3.68% and Rwanda a share of 3.22%.

When looking at the fraudulent global resources detected by Kaspersky, typically, cybercriminals locate sites in popular domain zones: .com, .net, .org, .info, as well as in zones where domain acquisition is cheap: .site, .xyz, .online, .top, .club, .live. A distinctive feature of phishing and other types of cryptocurrency fraud is the high level of detail on phishing websites. For example, on fake crypto exchanges, real data, such as bitcoin rates, is often loaded from existing exchanges. Attackers understand that people who are investing or are interested in this area are often more tech-savvy than the average user. Therefore, the cybercrooks make their techniques more complex in order to get data and money from these people.

An example of an ICO phishing page

“Lately, many have become interested in cryptocurrencies, and attackers would not pass up the opportunity to use this to their advantage. At the same time, both those who want to invest or mine cryptocurrency and simply the holders of such funds can find themselves on the fraudsters’ radar. For example, one of the schemes we recently discovered went as follows: users received a message about the sale of an exclusive Coronavirus vaccine earlier than official schedules and only for those who have Bitcoins. This type of fraud was especially prevalent when the vaccines just became available. The user went to the site where the contact indicated, to which it was necessary to write to pre-order the vaccine. The target then needed to make an advance payment in Bitcoins, with the money going to the cybercriminals' account and the person receiving nothing in return," said Alexey Marchenko, head of the Content Filtering Methods Development department at Kaspersky.

A fake offer to get vaccine in exchange for cryptocurrency

To avoid becoming a victim of cybercriminals and the threat of malicious crypto miners, Kaspersky recommends that users:
• Do not follow dubious links from letters, messages in messenger apps and social networks.
• Be critical of extremely generous online offers.
• Download applications from official stores only.
• Use a security solution that protects against phishing, scams, and prevents the installation of malicious applications.
• Take extra precautions before purchasing a product in an online store if the company is unknown. It is better to study on special WHOIS-sites information first about how long the domain has existed and who its owner is: if it is completely fresh and registered to a private person, you should not purchase from them.

Visit Kaspersky Daily to learn more about recent crypto-related scams such as a fake ICO, new tricks scammers use to make users believe their offers are real or luring Discord users to a fake cryptocurrency exchange.

Reference:
¹Data based on anonymised statistics of detections by Kaspersky solutions from January to July 2021

 

Quick Polls

QUESTION

Do you believe this is the toughest period for financial advice in many years?

ANSWER

Yes, it’s hard to navigate the challenges and difficult to adapt. I’m struggling.
No, I have managed to navigate the challenges and have adapted. I’m good.
50/50. I just feel like whether we like it or not, we have to ready ourselves for change… be resilient and scale for the future. It’s not about survival of the fittest anymore but survival of the quickest. We just have to move on with life.
fanews magazine
FAnews October 2021 Get the latest issue of FAnews

This month's headlines

IFA nuggets: Prospecting for clients
FSCA weighs in as universal life policy premiums rocket
No short cuts for the short term broker
Investment lessons worth sharing
Tightening of policy wordings… likely in the future?
Subscribe now