Cyber criminals launched a scam campaign phishing in which they impersonate the media, by sending emails with false cryptocurrency news, with which they obtain the victim’s personal information.
This is stated by the Internet User Security Office (OSI) and the cybersecurity company Panda, who have registered cases of this campaign of phishing through the impersonation of various online newspapers.
Specifically, scammers send emails under the name of one of those newspapers, which include fake testimonials from famous and reputable people. on-line to report on “great investment opportunities in the crypto market”.
In this sense, cybercriminals take advantage of the fact that there are many users subscribed to various digital media outlets and read their newsletters regularly to facilitate deception. In this way, they use emails that appear to be legitimate and come from a known address.
As Panda explains through a statement, scammers use cryptocurrencies as a hook, since more and more people are looking to invest in this digital asset. In this case, the tactic used for the attack phishing It starts with emails from well-known newspapers with links to fake news.
These emails do not have a subject so as not to specify what the news is about and get the user to open the email. As for the mailboxes to send the news, Panda details that they are obtained from the user records of other fraud victims, who end up providing their data.
Once the email in question has been opened, if the user clicks on the attached link, they are redirected to an alleged news item on the newspaper’s website. However, the news website, which includes fictitious information about investing in digital currencies, is false. In addition, all clickable web elements take the user to the same URL, which is based on a registration form.
The form requests personal information such as first and last name, email, and phone number. Once this information is added, the malicious actor has already achieved 80 percent of his strategy, according to Panda.
Finally, The last stage of the cyber-scam is completed when, after filling in the form, the user is asked to reset their email password. With this, the scammer will steal your login credentials. Later, in their inbox, the victim will find an email with the sender of the same web page from which they filled out the form.
In this email, the victim is asked to press the ‘Activate account’ button, with which the cybercriminal will gain access to the personal ’email’ account to impersonate the victim’s identity and have full control of the emails. You can even send false messages, with any type of link or fraudulent file.
In addition, as explained by the manager of Global Consumer Operations at Panda Security, Hervé Lambert, the only drawback of this scam is not sending emails propagating this false news, but that it has access to “all the personal information that we have stored in our email electronic”. What can lead to “another series of derived crimes such as extortion or cyberblackmail”, he has warned.
In fact, according to Lambert, the idea that similar scams are not being carried out or related to cybercriminals that directly ask for bank keys or cryptocurrency wallets to “steal all the assets of the victim” cannot be dismissed.
As Panda has mentioned, one way to identify this type of threat, at least in this case, is to note that not all the buttons on the fake website work. For example, the dropdown button on the left that appears on the supposed newspaper page The country does not show information. In this sense, it can be verified that it is a simple image. These types of failures are indicative that it is a false web page.
*With information from Europa Press.