Cryptocurrency Scam Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Thu, 30 May 2024 18:15:51 +0000 en-US hourly 1 https://wordpress.org/?v=89157 200474804 Verified X/Twitter Accounts Hacked to Spread Cryptoscams https://gridinsoft.com/blogs/verified-x-accounts-hacked-cryptoscam/ https://gridinsoft.com/blogs/verified-x-accounts-hacked-cryptoscam/#respond Fri, 05 Jan 2024 20:19:57 +0000 https://gridinsoft.com/blogs/?p=18788 The trend of hacking official accounts to promote cryptocurrency fraud is gaining momentum. Over the past week, researchers have discovered an abnormal number of such incidents. X/Twitter Crypto Scams From Verified Accounts Today, we are witnessing an unpleasant trend: hackers increasingly target verified Twitter accounts. To be more specific, this refers to individuals who are… Continue reading Verified X/Twitter Accounts Hacked to Spread Cryptoscams

The post Verified X/Twitter Accounts Hacked to Spread Cryptoscams appeared first on Gridinsoft Blog.

]]>
The trend of hacking official accounts to promote cryptocurrency fraud is gaining momentum. Over the past week, researchers have discovered an abnormal number of such incidents.

X/Twitter Crypto Scams From Verified Accounts

Today, we are witnessing an unpleasant trend: hackers increasingly target verified Twitter accounts. To be more specific, this refers to individuals who are part of government or business organizations. Usually, these accounts are distinguished by ‘gold’ and ‘gray’ checkmarks, which indicates that this account belongs to a reputable company or person. Crooks hijack such accounts to promote cryptocurrency scams, phishing websites, and platforms equipped with crypto drainers.

Stolen verified accounts screenshot
Attackers stole verified accounts

Just yesterday, we wrote about the incident with the Mandiant X/Twitter account, a Google subsidiary and a prominent player in cyber threat intelligence. Thing is – they are not alone. With just a bit of difference, the same hacks-and-scams were happening to dozens of verified accounts on X. Within the 5 days of the new year alone, researchers have reported hacking three public accounts. We are talking about the nonprofit consortium “The Green Grid”, Canadian senator Amina Gerba and Brazilian politician Ubiratan Sanderson. Despite the absolute incoherence of the victims, they were united by one thing – a sudden ardent interest in cryptocurrency.

How Does Twitter Crypto Scams Work?

To start, scammers create a fake profile of a famous person. Most often, it is Elon Musk, as it is his style to promote dubious things. Next, the fake account tries convincing users to click the link. The further scenario depends on the type of fraud – either a crypto draining scam, an investment fraud, or a fake airdrop scheme. Let’s briefly check each one out.

Fake investment is an attempt by fraudsters to trick the victim into investing money. It can be a dubious cryptocurrency, artificially inflated and then dumped, thanks to which the value falls sharply. As a result, the victim loses his investment and is left with worthless coins.

Another method of fraud is crypto drainers. In short, the victim is tricked into agreeing to fraudulent transactions. The peculiarity of this method is that the victim signs a transaction that looks legitimate but allows fraudsters to withdraw money from the victim’s wallet without confirmation.

Fake airdrop scams are designed for those who want easy money. The scammers offer users the option to send any money to the specified wallet and promise to send double the amount in return. However, no one will send anything in return after the victim sends money.

Airdop scam example screenshot
Example of an airdrop scam posted from a verified account

Eligibility and Trust Undermined

Initially, a blue check mark was the sign of a verified Twitter account. It was obtained by providing a document proving the user’s identity. Later, anyone could get a checkmark for $8 a month, leading to a flood of scammers creating fake celebrity accounts and successful cryptocurrency scams. These days, the division of the ticks into gold, gray, and blue. The gold checkmark is given to the accounts of large companies—and the gray tick is to government organizations. The blue checkmark is given to individuals, regardless of their fame. Obviously, the first two options have caused a stir among cybercriminals.

The Black Business for Verified Twitter Accounts

According to a report from CloudSEK, a digital risk monitoring platform, a black market is thriving where compromised gray and gold X accounts are being sold. This illicit market is based on selling high-profile accounts marked with gold and gray checkmarks, indicating their verified status. Although these accounts should symbolize trust and authenticity, they are sold for $1,200 to $2,500. For example, one such account, inactive since 2016, has 28k subscribers and sold for 2500 dollars.

Threat actors advertising to buy Twitter Gold accounts on dark web marketplaces screenshot
Threat actors advertising to buy Twitter Gold accounts on dark web marketplaces (source: CloudSEK)

The process often involves hijacking dormant accounts with the potential for high follower counts and converting them into verified profiles using dubious means. In some cases, the hackers offer additional services by attaching scam accounts as affiliates to these verified profiles. This lends the scam accounts an aura of legitimacy and allows them to bypass more stringent verification processes, facilitating easier manipulation of unsuspecting victims.

Recommendations for Account Security

It is concerning that many well-known companies’ Twitter profiles have been hacked recently to spread crypto scams. This poses a risk of falling victim to such scams and the possibility of misinformation or more severe scams. Thus, knowing how to respond when encountering a hacked account and spreading questionable links is essential.

Firstly, avoiding following any links posted by such accounts is advisable. Whether they lead to a crypto drainer, fake airdrop, or investment scam page, it is best to avoid visiting them.

Secondly, you can report the hacked account to moderators. The reports menu has an option called Deceptive Identities, which will allow the system to take the necessary action.

Lastly, spread the word about the hack with your friends and subscribers. The more people are aware of this type of scam, the lower the chances they fall victim to it now or in the future.

The post Verified X/Twitter Accounts Hacked to Spread Cryptoscams appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/verified-x-accounts-hacked-cryptoscam/feed/ 0 18788
Mandiant Account in X Hacked to Spread Cryptocurrency Scams https://gridinsoft.com/blogs/mandiant-hacked/ https://gridinsoft.com/blogs/mandiant-hacked/#respond Thu, 04 Jan 2024 14:12:16 +0000 https://gridinsoft.com/blogs/?p=18745 The Twitter account of Google’s Mandiant cybersecurity service has been hacked to promote a cryptocurrency scam. It happens along with the massive spread of cryptocurrency drainer scams on different social media platforms. Mandiant has lost control of its X/Twitter account Early this morning Eastern Time, cybersecurity company Mandiant’s account on the social network X (formerly… Continue reading Mandiant Account in X Hacked to Spread Cryptocurrency Scams

The post Mandiant Account in X Hacked to Spread Cryptocurrency Scams appeared first on Gridinsoft Blog.

]]>
The Twitter account of Google’s Mandiant cybersecurity service has been hacked to promote a cryptocurrency scam. It happens along with the massive spread of cryptocurrency drainer scams on different social media platforms.

Mandiant has lost control of its X/Twitter account

Early this morning Eastern Time, cybersecurity company Mandiant’s account on the social network X (formerly Twitter) was taken over by unnamed hackers. However, Mandiant later regained control of its account after a six-hour breach. The unknown attacker exploited the account to propagate a cryptocurrency scam. He renamed it “@phantomsolw” to impersonate the Phantom crypto wallet service. By the way, the Phantom Company offers digital wallets for cryptocurrency, available on both Google and Apple app stores. However, the company ignored a request to comment on the incident.

Under the intruders’ control, the compromised account initially shared links to a cryptocurrency platform associated with Phantom. The scam posts from the account advertised an airdrop scam that urged users to click on a bogus link and earn free tokens. The follow-up messages asking Mandiant to “change the password please” and “check bookmarks when you get the account back”. Later, the Mandiant account appeared to have been deleted briefly before reappearing with changed usernames but retaining Mandiant logos.

How could this happen?

Perhaps someone might have been confused about how a cybersecurity company could fall victim to such an attack. However, the Mandiant account takeover could have occurred through various methods. Some experts suggested that the support personnel at Twitter were bribed or compromised, allowing the attacker to gain access. And these are legitimate concerns because after buying the social network, Elon Musk cut a vast security staff. As a result, this led to an uncontrollable flood of spam accounts and severe problems with the site’s security.

This speculation is particularly concerning, given the recent vulnerabilities discovered on the platform. Thus, Chaofan Shou, a Ph.D. student at the University of California – Berkeley, highlighted two significant vulnerabilities the platform’s security team had ignored. According to Shou, these vulnerabilities were easily identifiable by security professionals. They could be exploited to take over any account on the platform.

Again, those are nothing more than speculations and particularly loose hypotheses. While it is possible that X’s security issues are somehow related to this hack, nothing confirms that. The Okta hack, which happened in October 2023, confirms that even security vendors may sometimes fall victim to negligence and poor account security.

Mandiant’s response

Mandiant’s spokesperson acknowledged the incident and assured that they were working to resolve the issue. However, this breach at Mandiant, a firm renowned for its threat intelligence capabilities, acquired by Google in 2022 for $5.3 billion, illustrates the increasingly sophisticated nature of cyber threats. Or is this just another signal that Twitter is no longer a safe platform? In any case, with Mandiant now integrated into Google Cloud, the incident also shows the interconnected risks in the digital ecosystem. So, even leading security firms are not immune to cyber-attacks.

What should I do with such a scam?

The number of well-known companies that got their Twitter profile hacked to spread crypto scam over the last few weeks is concerning. This creates not only the crypto scam risk, but the possibility of misinformation or more serious scams. It is important to know how to act once you see the hacked account that spreads questionable links.

First and foremost, avoid following the links posted from such accounts. Either they lead to a crypto drainer, fake airdrop or investment scam page, it is not advisable to even visit them.

Second, report the account hack to X moderators. There is a specific option in the reports menu, called Deceptive Identities – that will let the system know that something is going wrong.

Spread the info about the hack with your friends and subscribers. The more people know about such a scam, the less is the chance of them getting frauded now and in the future.

The post Mandiant Account in X Hacked to Spread Cryptocurrency Scams appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/mandiant-hacked/feed/ 0 18745
What Should You Do When You Get Scammed? https://gridinsoft.com/blogs/what-should-you-do-if-scammed/ https://gridinsoft.com/blogs/what-should-you-do-if-scammed/#comments Wed, 27 Dec 2023 12:00:52 +0000 https://gridinsoft.com/blogs/?p=18484 As online scams become not only more widespread, but also more sophisticated, it appears to be rather easy to become a victim of one. But what should you do in such a case? Is it possible to get your money back? Let me show you every step you should do. You Got Scammed – Where… Continue reading What Should You Do When You Get Scammed?

The post What Should You Do When You Get Scammed? appeared first on Gridinsoft Blog.

]]>
As online scams become not only more widespread, but also more sophisticated, it appears to be rather easy to become a victim of one. But what should you do in such a case? Is it possible to get your money back? Let me show you every step you should do.

You Got Scammed – Where It All Ends?

Before explaining the steps you should take after being scammed, I’d like to specify the starting point. And obviously, this point coincides with the point where the exact scam ends. But what does it look like?

Vast majority of the scams have one thing in common – money loss. Either the scam site asks you to top up the account on the “novice crypto exchange”, or takes a pay for the goods ordered from “an ultimate shopping discounter”, it will always be your money that is missing. Depending on the type, there could be other things to worry about, but they are rather rare.

Scam store example
The example of a scam store. This one is a carbon copy of a dozen scams I’ve seen over the last few weeks.

Personal data leak is the second most common occurrence, while not that obvious to victims. While creating an account on the scam site, or even filling up the delivery info, you share facts about yourself, this or another way. Email, phone number, nickname, (possibly) typical password and delivery address cost quite a penny on the black market. Some of the sophisticated scams may also ask you for ID or even SSN, and guess what? They will end up on the Darknet, too. Unfortunately, that’s not much you can do with that once it has happened.

With this figured out, let’s switch to the actual advice on what to do when you have become a victim of a scam.

Ive Been Scammed, What Should I Do?

Despite the issues being of a small number and straightforward, the list of actions you can – and should take to revert things is rather extensive. We begin with a thing that excites all victims the most – the way to return money.

There are three elements that determine the chances for success of the entire process. Those are your patience, speed of reaction and the used payment method. Let’s start from the latter:

Payment methods are important due to the fact that some of them do not support money returns at all. When paying with a card using a well-known payment system, you have much better chances of getting your money back. Same is true for payments via PayPal. In contrast to them, payment systems like Venmo, CashApp or Revolut do not support any returns, chargebacks and whatnots. Wire transfers, along with cryptocurrency payments, are out of the question, too – chances to get the money back are rather small.

Speed of reaction is important as even those payment methods that provide refunds may discard your request if it is too late. Sooner is always better, but it will be OK to request the money return within up to 1 week since you’ve paid.

Patience is king when all the requests are done and all that’s left is to wait. Money returns may take some time to finalize, so do not lose faith and kindly provide the bank representatives with all the necessary information.

1.Start With Complaint to the Store

Sure, when we are talking about online scams, complaints to the store are mostly snake oil. Nonetheless, to be clear from the procedure perspective, this step is essential, and will give you additional proof to request the money return. Usually, even scam sites have some kind of a complaint form or contacts to send messages to. It is usually unresponsive, but it will make you a good evidence for further complaints.

Meanwhile, start collecting all the info related to the unfortunate payment. Any messages from social media related to the scam, on-site chat box, email notifications, invoices – each piece of information is valuable. This correspondence will further be demanded by the bank or a payment system that managed the transaction.

When the scam site is already offline (which happens rather often), feel free to proceed with the next step. Though, you will still need the documentary evidence I’ve mentioned above.

Scam site is down
Banner on a scam site after its shutdown

2.File a Complaint to the Payment System

As I’ve said above, you should be pretty fast with sending the money return request to the payment system. Depending on the method, the authority you should file the complaint to is different.

For bank cards, the obvious place to call is the card issuer bank. Most commonly, they have a separate department that specializes in solving problems with various kinds of fraud. To prove the case, they may ask you to provide the details – all the info to collect in the previous stage.

PayPal stands out among payment systems, as it is one of a few ones that provide refund operations. By contacting the system’s support and describing the case, you will be able to get your money back. In some cases, additional info may be requested, too.

Bank transfer/wire transfer, together with cryptocurrency payments, are the worst-case scenarios when it comes to money return. In this case, aside from the bank or crypto exchange you were using for the payment, you should also contact the police. And the money return in this case will be possible only when law enforcement will detain the frauds and access their funds.

2.1 Avoid Any “Money Recovery Services”

This part of advice is not about money returns, but about avoiding getting into yet another scam. Yes, you read it correctly – most users or “companies” that offer their services in recovering money after scams are, in fact, similar frauds. The way their scam works is plain as day, but with a bit of social engineering, an unsuspecting victim of one scam may trust this one as well.

Note
Do not believe their tales about being representatives of a bank or a payment system: those institutions never provide their services away from their infrastructure, e.g. websites or branches.

Services that offer help with getting your money back after the scam may appear in social media, or even sometimes directly on your email. Strangers offer to recover all the money you’ve lost for a small reward (usually around 10-20% of the sum). However, shortly after taking your money, such “recovery experts” will stop answering, delete the conversation, or even ban you from texting them.

Though, not all of these scams are so blatant. In some cases, people who offer such services may really advise you on the steps on getting the money back. Thing is, anything they say or do effectively repeats the steps you can read above. Then the question arises – why would you pay someone for providing simple instructions that are available for free?

Contacting them is not only about financial risks: after gaining trust, they can ask you for sensitive details. It is rather easy to find a fraud that will gladly take your money, and then blackmail you with the info you’ve shared. And collecting sensitive info under such a legend is rather easy to automatize, meaning that frauds can gather massive amounts of personal information.

In rare cases, online scam masters may sell the database of scammed folks to such “money recovery experts”. You can predict what happens next: worried people will stick to the offer, and will most likely be ripped off once again.

2.2 Investigating Crypto Scams

As I’ve already mentioned, cryptocurrency transfers are among the hardest ones to revert. In fact, it is even recommended to contact separate authorities for that purpose. They specialize in investigating crypto fraud and tracing the lost money. There are both global and local investigators – I’ve gathered the ones to contact at the first place.

Authority Jurisdiction
Crystal Blockchain Global
CNC Intelligence USA
Crypto Helpline India
Cybertrace Australia
National Crime Agency UK

What Should You Do When You Get Scammed?

The post What Should You Do When You Get Scammed? appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/what-should-you-do-if-scammed/feed/ 1 18484
What are Crypto Draining Attacks? Signs & Mitigation https://gridinsoft.com/blogs/crypto-draining-attacks/ https://gridinsoft.com/blogs/crypto-draining-attacks/#respond Wed, 27 Dec 2023 10:27:24 +0000 https://gridinsoft.com/blogs/?p=18495 Among a wide variety of possible scams that involve cryptocurrencies, crypto draining attacks stand in their volume and amount of losses. As the name suggests, such an attack drains the entirety of contents of an involved cryptocurrency wallet. But let’s have a more detailed look at how this fraud works, and how you can avoid… Continue reading What are Crypto Draining Attacks? Signs & Mitigation

The post What are Crypto Draining Attacks? Signs & Mitigation appeared first on Gridinsoft Blog.

]]>
Among a wide variety of possible scams that involve cryptocurrencies, crypto draining attacks stand in their volume and amount of losses. As the name suggests, such an attack drains the entirety of contents of an involved cryptocurrency wallet. But let’s have a more detailed look at how this fraud works, and how you can avoid getting in such a trap.

How Do Crypto Drainers Work?

Crypto drainers operate through deceptive tactics. First, victims are lured to counterfeit websites through fake airdrop campaigns mimicking legitimate platforms. These phishing schemes start innocuously, with social media or email promotions offering free tokens.

But it’s a classic scam scheme, and behind the enticing offers lie well-crafted, fraudulent websites indistinguishable from the real deal. Next, the service asks the user to bind their wallet. When a user connects their wallet, this grants thieves unfettered access to their funds.

In the final step, users are encouraged to link their digital wallets. This is often done under the pretense of identity verification or token claims. However, a risk is involved as users may unknowingly interact with malicious smart contracts that are camouflaged as part of the token claim process. Such contracts may contain hidden functions compromising the wallet’s security or initiating unauthorized transactions.

Angel Drainer Group Leads Crypto Draining

Angel Drainer Group is a hacking group based in Eastern Europe. It first came to the attention of law enforcement in 2017. Then, the gang was linked to stealing $50 million worth of Bitcoin from a South Korean cryptocurrency exchange. Since then, the group has been responsible for other thefts, including the theft of $100 million worth of Ethereum from a Japanese exchange in 2018 and the theft of $200 million worth of Bitcoin from a US exchange in 2019.

Angel Drainer Group typically targets cryptocurrency exchanges, using social engineering, phishing, and malware to get access to exchange systems. Once they have access, the group will steal as much cryptocurrency as possible before moving it to other wallets. In addition to the thefts that Angel Drainer Group has been linked to, the group is also suspected of being involved in other illegal activities, including money laundering and cybercrime.

The ‘Permit’ Function

This method uses social engineering and manipulates the ‘Permit’ function in ERC-20 tokens. It means users are tricked into signing off-chain messages with their private key, unknowingly setting up an allowance for the attacker’s address. This technique is nefarious due to its subtlety, as it doesn’t necessitate on-chain transactions for each approval.

Once access is gained, assets are stealthily transferred from the victim’s wallet. Attackers use cryptocurrency mixers and multiple transfers to conceal the stolen assets’ trail, significantly complicating recovery. Comprehending these mechanics is vital for users and platforms in the crypto realm to develop effective security measures.

Safeguarding Assets

It is crucial to be cautious and use technological safeguards while dealing with cryptocurrency. First, you must be skeptical of unsolicited airdrop claims. Verify all smart contracts you have to deal with and prefer using hardware wallets when possible. Since cryptocurrency is a favorite place for internet scammers, you must be as careful as possible.

What are Crypto Draining Attacks? Signs & Mitigation

The post What are Crypto Draining Attacks? Signs & Mitigation appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/crypto-draining-attacks/feed/ 0 18495
Luca Stealer Spreads Via a Phishing Microsoft Crypto Wallet Site https://gridinsoft.com/blogs/luca-stealer-phishing-microsoft-crypto-wallet/ https://gridinsoft.com/blogs/luca-stealer-phishing-microsoft-crypto-wallet/#respond Tue, 25 Jul 2023 09:31:13 +0000 https://gridinsoft.com/blogs/?p=16247 With the ever-increasing number of cyber threats, hackers and cybersecurity specialists are taking the initiative. This time, cybercriminals went ahead of the curve. They created a phishing website to coincide with the news that Microsoft was developing a crypto wallet exclusively for its Edge browser. Such a scheme is used to spread Luca Stealer. Microsoft… Continue reading Luca Stealer Spreads Via a Phishing Microsoft Crypto Wallet Site

The post Luca Stealer Spreads Via a Phishing Microsoft Crypto Wallet Site appeared first on Gridinsoft Blog.

]]>
With the ever-increasing number of cyber threats, hackers and cybersecurity specialists are taking the initiative. This time, cybercriminals went ahead of the curve. They created a phishing website to coincide with the news that Microsoft was developing a crypto wallet exclusively for its Edge browser. Such a scheme is used to spread Luca Stealer.

Microsoft Crypto Wallet Scam Spreads Luca Stealer

Not so long ago, news broke on the internet that Microsoft is working on creating a crypto wallet for its Edge browser. This news is sure to interest cryptocurrency users. But you know who else is interested in it? That’s right, cybercriminals. The resourceful guys immediately figured out what was happening and created a website that looked as much like Microsoft’s legitimate site as possible. Cybersecurity researchers came across this website and analyzed it. Unlike third-rate phishing sites, this one had a convincing appearance, a web address of hxxps[:]//microsoft-en[.]com/cryptowallet/, SSL certificates, and allknown logic. The website offers the user to download a beta version of the crypto wallet. However, instead of the claimed one, the user received malware.

Phishing website screenshot
Phishing website

Luca Stealer Analysis

In this case, the scammers are distributing Luca Stealer. Specialists identified it due to similarities in the malware code found and the Luca Stealer. However, Luca is open source, which users can find on platforms like GitHub or TOR. It is a relatively new stealer, written in Rust and first spotted in 2022. Its job is to collect valuable data such as crypto wallet details and other personal information. The following are the browsers, crypto wallets, and extensions this malware attacks.

Web browsers

CentBrowser Iridium Qip Surf Chrome Canary
Sleipnir 5 Vivaldi Elements Browser CocCoc Browser
Torch Opera Stable Brave Kometa
Edge CocMedia Google Chrome Mapple Studio
CozMedia ChromePlus Atom Chromium
UC Browser Opera GX WooGamble Opera
Dragon (Comodo Dragon) Chrome SxS 7star Sputnik
Epic Privacy Browser Chedot Uran Citrio
Orbitum Chrome

Browser extensions

1Password Avira Password Manaager BitApp Wallet BitClip
Bitwarden BinanceChain BrowserPass Byone
Clover Wallet Coin98 Coinbase Wallet CommonKey
Cyano Wallet Cyano Wallet Pro DAppPlay Dashlane
EOS Authenticator EQUAL Wallet Guarda Hycon Lite Client
ICONex KHC KeePassXC Keeper
Keplr LastPass Leaf Wallet Liquality Wallet
Math Wallet MEW CX MetaMask MYKI
Nabox Wallet Nash Extension NeoLine NordPass
Nifty Wallet Norton Password Manager OneKey Polymesh Wallet
RoboForm Sollet Splikity Steem Keychain
TezBox Terra Station TronLink Trezor Password Manager
Wombat Yoroi ZilPay Zoho Vault

Crypto wallets

  • AtomicWallet
  • ByteCoin
  • Electrum
  • Exodus
  • JaxxWallet

In addition to cryptocurrency, malware is interested in banking data such as IBANs. This creates additional risks for those involved in banking transactions.

Data Exfiltration

Once the data is collected, Luca Stealer begins compressing the data for easier transmission. The malware uses the Telegram messaging platform as a covert communication channel. Using a Telegram bot, it discreetly sends stolen data and some statistical information about the stolen data to the operator. It also sends messages to the chat room.

Why Luca Stealer?

Since the source code of Luca Stealer was leaked to the public, attackers can modify it, optimize it and add new functionality. After a more detailed analysis, experts discovered an unusual AntiVM method. Luca Stealer checks the system temperature before starting to execute. Since virtual machines usually generate an error when such a request is made, the malware can understand whether it is on the virtual machine or on a live system. Though, this trick is just about making the analysis longer rather than impossible. It is not hard to make the VM respond properly to the request, returning realistic and consistent temperatures.

Safety recommendations

To avoid unpleasant consequences, we recommend that you follow the following tips:

  • Be careful with downloads from the Internet. Download software only from official and reliable sources. If you have any doubts about the authenticity of a website, go to a trustworthy website and make sure that the site you are interested in is genuine.
  • Update your software. Sometimes OS updates can be inconvenient. However, this is an essential part as updates contain security patches. To address known vulnerabilities, constantly update your operating system and other software, including browsers.
  • Be careful with email messages. According to statistics, email phishing is one of the most effective methods of spreading malware. Do not open suspicious attachments or links in emails from unknown senders.
  • Install reliable antivirus software. Use quality anti-malware software and update it regularly to stay protected from the latest threats.
  • Educate yourself and stay informed. Unfortunately, in this eternal arms race, cybercriminals are leading. This allows them to create new threats, picking the least predictable forms each time. In turn, cybersecurity experts create effective solutions against them. Study up-to-date threats and deception techniques to be more aware and adapt your actions.

Luca Stealer Spreads Via a Phishing Microsoft Crypto Wallet Site

The post Luca Stealer Spreads Via a Phishing Microsoft Crypto Wallet Site appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/luca-stealer-phishing-microsoft-crypto-wallet/feed/ 0 16247
Linus Tech Tips YouTube Channel Hacked https://gridinsoft.com/blogs/linus-tech-tips-hacked/ https://gridinsoft.com/blogs/linus-tech-tips-hacked/#respond Thu, 23 Mar 2023 16:51:53 +0000 https://gridinsoft.com/blogs/?p=13903 Linus Tech Tips, a YouTube 15-million tech channel, was hacked and then used to spread a cryptocurrency scam. It happened around March 23, 2023, and could have led to massive victims among channel subscribers. YouTube has already taken care of the channel by suspending it. Who is Linus Tech Tips? Linus Tech Tips is a… Continue reading Linus Tech Tips YouTube Channel Hacked

The post Linus Tech Tips YouTube Channel Hacked appeared first on Gridinsoft Blog.

]]>
Linus Tech Tips, a YouTube 15-million tech channel, was hacked and then used to spread a cryptocurrency scam. It happened around March 23, 2023, and could have led to massive victims among channel subscribers. YouTube has already taken care of the channel by suspending it.

Who is Linus Tech Tips?

Linus Tech Tips is a YouTube channel that belongs to Linus Sebastian, a 36-year-old Canadian who started his channel on YouTube back in 2008. Five years later, his channel grew into Linus Media Group (LMG), which conglomerate other projects led by Linus, including his other YouTube channel. Additionally, he used the company to host conferences, as well as spread apparel labeled with Linus-related merchandise. In total, Linus Tech Tips and all other projects hosted under LMG counted over 25 million subscribers, with 15 million of them going alone from the primary YouTube account.

Linus Tech Tips
One of the Linus’ videos

As you can see, the YouTube channel is a serious business that Linus has been running for over a decade. People used to trust him, and he used to rely on YouTube as an image-supporting element. Losing it, and especially burying the trust of the audience and advertisers via posting scam ads is disastrous.

Linus Tech Tips Was Hacked

On March 23, 2023, strange things happened to Linus’ YouTube channel. A row of dubious streams was launched, showing footage of crypto-world stars and other celebrities. They generally concentrate around Jack Dorsey (ex Twitter CEO), Elon Musk, Cathie Wood, and a couple of other people that were participating in The ₿ World 2021 event. Stream headlines were also less than regular – featuring completely irrelevant phrases regarding GPT-4, OpenAI development and Tesla company.

Linus Tech Tips channel hacked
Linus Tech Tips channel after the hack. You can see a fake stream and a changed username

The most notable thing of these streams was a QR code that was redirecting the users to a website branded with a Tesla badge. That page offered users to send their crypto to a certain wallet to receive the doubled sum back. It also assured that all things are sponsored by Elon Musk, and is done to extend the crypto popularity. But as you may already guess, it is a scam.

Scam page Tesla
Tesla Crypto Giveaway scam page

Aside from streams and crypto scam websites, the exact channel was modified as well. Instead of a regular @LinusTechTips label, it was changed to @teslaliveonline1, then to @temporaryhandle and @LinusTechTipsTemp – probably, after the channel was suspended. Moreover, all the videos posted since 2016 were either deleted or switched to private.

The Situation is Under Control

Linus Media Group representatives contacted the audience later the same day. They say that all the situation is working out, and they cooperate with the Google support team.

Everything should be locked down and we are getting to the bottom of the attack vector with the (hopeful) goal of hardening their security around YouTube accounts and preventing this sort of thing from happening to anyone in the future.

They yet don’t mention any timeframes, reasons, victims and guidelines to other YouTubers who were struck the same day. ThioJoe, Technique, and TechLinked – other tech tips channels – report about being hacked with similar consequences. In total, they bring up another 5 million of potential victims.

How Bad is The Linus Tech Tips Hack?

Cryptocurrency scams fronted by Elon Musk, Cathie Wood and other worldwide-known personalities is not something new. They’ve been around for at least 3 years – and possibly even longer, if we count the cases before they obtained their “pattern”. This pattern typically rolls around the offer to send a certain sum of cryptocurrency to the designated wallet. In return, the website promises to send you twice as much as you’ve sent. The multiplier may change from one case to the next, but the overall essence is the same.

The situation around Linus Tech Tips is worsened with the astonishing amount of audience. 15 million people are exposed – yet for sure not all of them fell victims. Nonetheless, the possible amount of people that could potentially be tricked into that is enormous. It is most likely comparable to similar crypto scam page advertisements spread through celebrities’ accounts on Twitter in 2021. But if we sum up users of all the channels that were hacked around this date – things go really troublesome.

How Could That Happen?

Most common tricks that target YouTube content creators (and creators from other platforms) are cookie hijacking and fake freeware ads in Google Search. We will leave aside delivering spyware or stealers via unlicensed software, as all the hacked YouTubers are least likely to use cracks.

Session hijacking is a trick that aims at grabbing the victim’s session tokens. That operation is done through a malicious link that generally arrives to the victim in an email. The latter is disguised as some routine security mailing, and supposes following the link to solve the issue. It often looks like a legit one, and hovering over it does not uncover third-party sites. However, clicking it redirects you through a chain of pages, where your session token is getting hijacked. That token gives the hackers full control over your account. That trick was around for a long time, but is used quite rarely as it requires a number of circumstances to coincide.

Malicious links in free software queries in Google Search is, on the other hand, a rather new topic. Not so long ago a wave of malicious sites started to pop up as soon as you google LibreOffice, Python, Blender, or similar programs. Following such a link will show you a page that roughly resembles the genuine downloading page of these programs. This, however, is not a big issue for users who never dealt with the original page. Moreover, people used to trust Google Ads, wherever they see them, thus will probably click without any hesitation. File downloaded from such a source generally contains Vidar or RedLine stealer.

The post Linus Tech Tips YouTube Channel Hacked appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/linus-tech-tips-hacked/feed/ 0 13903
Dangerous WhatsApp Scams You Should Avoid https://gridinsoft.com/blogs/whatsapp-scams/ https://gridinsoft.com/blogs/whatsapp-scams/#respond Fri, 09 Dec 2022 17:33:16 +0000 https://gridinsoft.com/blogs/?p=12527 WhatsApp scams are constantly evolving, and some are difficult to identify. However, certain methods can identify the most common red flags. Read on for information on WhatsApp scams and how to avoid them. What is WhatsApp Scam? Although WhatsApp’s encryption is end-to-end, it doesn’t completely protect users from being hacked. Furthermore, users are at risk… Continue reading Dangerous WhatsApp Scams You Should Avoid

The post Dangerous WhatsApp Scams You Should Avoid appeared first on Gridinsoft Blog.

]]>
WhatsApp scams are constantly evolving, and some are difficult to identify. However, certain methods can identify the most common red flags. Read on for information on WhatsApp scams and how to avoid them.

What is WhatsApp Scam?

Although WhatsApp’s encryption is end-to-end, it doesn’t completely protect users from being hacked. Furthermore, users are at risk of other scams besides hackers breaching their encryption. For example, cybercriminals can utilize WhatsApp to send messages that deceive people into publicizing financial or personal information, such as a password or Social Security number. They can also trick you into clicking a malicious link by impersonating a friend and creating a message that looks like a notification from a legitimate company. Rascals could also emulate you and take out credit cards or borrow money.

How to spot Whatsapp scams

Because fraudsters are getting more clever, it’s easier to notice new scams if you are aware of specific signs. In addition, learning which clues to look for can reduce the chances of getting scammed. For example, most scams involving WhatsApp messages involve texts that read something like this:

  • Ask you to take immediate action. Fraudulent texts are often alarming; they state that your accounts are suspended or the government will prosecute you.
  • Grammar and stylistic mistakes. Text messages from legitimate companies (like banks) will not have spelling errors. If you receive a text that has mistakes and prompts you to take action on a personal account or follow a link, it’s likely fraudulent.
  • No one knows them. Do a quick Google search to confirm that the number the message was sent from is the same person they claim to be. You may discover that the number is separate from the organization or agency that the text claims.
  • You’ve been randomly selected to receive a prize. Some WhatsApp spam messages claim you’ve won in a draw you didn’t participate in. They request that you divulge personal information to claim your prize or to click a link for additional information.
  • Avoid unfamiliar links. Spammers can utilize links to compromise your device or lead you to a fraudulent website that steals information. Be cautious of links you don’t recognize or that take you to websites you don’t frequent. Some links may appear similar, but if you closely examine them, you might notice that some letters or numbers are missing or extra.
  • They are typically sent from a long phone number, which is unusual. Receiving an unsolicited offer from a number 11 digits long is likely Whatsapp fraud. Marketing texts are typically sent from six-digit phone numbers, also known as six-digit codes or SMS short codes.

Types of Scams on WhatsApp

Many scammers on WhatsApp have similar intentions and objectives. Scammers want to obtain your personal information for fraudulent purposes, install malware on your device that could hold it hostage, or attempt to extort money from you by pretending to be someone they’re not.

1. Romance Scammer WhatsApp (WhatsApp Scams Dating)

Romance scams are particularly prevalent in online dating platforms like Tinder or eHarmony. However, once paired with someone through these dating services, the schemer might convince you to move the conversation to WhatsApp. The criminal attempts to connect with you emotionally, sometimes professing their undying love and how they would leave their current situation to be with you. Then, they request money with the justification of needing financial assistance, therefore it is very important to avoid Whatsapp scams dating.

Romance Scammer WhatsApp (WhatsApp Scams Dating)
Example of WhatsApp scam

2. Whatsapp account access phishing

Scammers utilize the WhatsApp feature, which allows them to use the same account on multiple devices. A six-digit code unique to that device is required to activate another machine. Scammers utilize various methods to get this code from the victim. The primary method of WhatsApp phishing is to befriend you, gain your trust, and then ask you for the code, claiming that it was sent to you by mistake.

3. WhatsApp pretexting scam

This is a sub-specimen of the former one. This Whatsapp attack begins when the victim receives two messages simultaneously. One of the messages is an apology from an alleged acquaintance or relative who mistakenly sent a verification number to the victim’s account instead of their own. They’ll continue to request the 6-digit number the victim just received. Only individuals will receive a verification code via WhatsApp if they’re creating a new account or attempting to access their account on a different device. In this Whatsapp attack scenario, the scammer tries to access a victim’s account and needs the verification code to complete the deception. If you receive a 6-digit verification code that is entirely unexpected, you may be the intended recipient of a scam.

WhatsApp pretexting scam

4. WhatsApp Business account scams

WhatsApp Business accounts can only be messaged by end-to-end encrypted means. These accounts are only accessible by businesses that use the WhatsApp Business app or handle and store customers’ messages themselves. When messaging a business through WhatsApp, users’ messages will be delivered securely to the intended recipient. When a hacker takes control of your WhatsApp account, they can view your messages and contact list. Hackers reportedly access accounts via automated phone services that forward calls to a different number; they can also bypass online security by forwarding voice OTP verification codes to a different phone number.

5. Tinder WhatsApp scam

The Tinder account verification scam involves a match presenting you with a fake bot that asks you to verify your account through a specific link. The bot provides the link to make it seem like a legitimate request from Tinder, which it isn’t. The link takes you to a site outside Tinder that requests private information, like your full name, WhatsApp scam email address, birth date, and credit card number. These sites don’t contain Tinder codes; instead, they ask for suspicious data. To access these services, users need to provide their personal information. This includes their credit card number and subscription information to adult websites. Some users report that subscriptions to these websites can cost up to $120/month, which is extremely difficult to cancel. Have you ever run into a Tinder scam WhatsApp?

7. WhatsApp job scams

To increase the appeal, the scam WhatsApp message includes information about the daily salary. You have been selected for the interview; your wage will be 800/day. Some notes will have a different number. However, the method of operation remains the same. Sometimes, the link takes you to a fraudulent website that collects your information. Frequently, it’s a legitimate individual on the other end, though they will request personal information or demand a fee via UPI. In this instance, adding ‘wa. me’ before a phone number on your web browser will direct you to a WhatsApp chat. As a result, scammers on the other end will likely request additional information, which you should avoid at all costs. Have you ever run into scam WhatsApp messages?

8. WhatsApp crypto scams

Cryptocurrency scams are prevalent and involve con artists who pretend to be financial experts that offer too good to be real opportunities. They may also counsel you to transfer your existing funds from a legitimate crypto exchange to a fraudulent one they control.

WhatsApp Crypto Scams

How to Avoid Harm on WhatsApp Hacker Attacks

  • Use two-factor authentication (2FA). Two-factor authentication benefits any online account, not just your WhatsApp account. This setup ensures a secondary layer of security when logging into apps. Before accessing WhatsApp, a one-time code is sent to your email, phone, or an authentication app.
  • Make a call for confirmation. If the individual who sent you the message said that the number had been disconnected or their phone was broken, contact the number they provided. If you can’t communicate with them via phone, attempt to contact them directly on social media to verify before sending any money.
  • Do not respond to messages requesting money. This advice is common for all WhatsApp hacker attacks, not just WhatsApp scams. Trust your instincts and analyze the text and language. Is the individual requesting money speaking differently than they usually would? If the request for money is legitimate, they would likely communicate through other means, not just WhatsApp.
  • Report the incident and scam to WhatsApp. Be aware of the importance of reporting any unusual activity and WhatsApp fraud. They can attempt to eradicate these fraudulent accounts and prevent other users from being victimized by similar scams on WhatsApp. To write down a number on WhatsApp:
    1. Launch the chat with the user you want to report.
    2. Click the contact name.
    3. Click Report Contact.
    4. After that, click Report And Block.

Dangerous WhatsApp Scams You Should Avoid

The post Dangerous WhatsApp Scams You Should Avoid appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/whatsapp-scams/feed/ 0 12527