Crypto fraudsters have a new mode of committing crimes against investors. Namely with bots being sold on Telegram to leak investors' two-factor authentication (2FA) and have their accounts deleted.
Fraudsters take advantage of investors' fears by claiming their accounts were hacked. In taking actions that were thought to be protective, it turned out that the victims were exposing themselves to thieves.
The fraud tool used is the One Time Password (OTP) bot. Cybersecurity firm Q6 Cyber's report describes the tool causing huge losses to financial institutions and others
The company also called the losses due to fraud difficult to measure. This is because bot attacks are relatively new.
"The bot calls are made in a highly skilled manner, creating a sense of urgency and trust over the phone. The calls rely on fear, convincing victims to act to 'avoid' fraud in their accounts," the report said, quoted by CNBC International, Wednesday (16/2). /2022).
Some fraudulent activities are successful, because victims are used to providing authentication codes to verify account information.
One of Anders Apgar's victims reported being exposed to the hoax. He got a phone that looked like a robocall and soon his wife's cell phone rang too.
He explained there was an account notification in danger after the phone was picked up. There is a female voice saying there is unauthorized activity in the account and soon a 2FA code appears on the screen. Finally the account was locked in less than two minutes.
The scam worked because the robocall could sound like a formal call. Especially when the victim is being distracted by other things while getting the call.
The scam worked because the robocall could sound like a formal call. Especially when the victim is being distracted by other things while getting the call.
"It's human nature. If you receive a call telling you if someone is trying to get into your account, you don't think 'Yeah I didn't try'," explains Q6 Cyber analyst Jessica Kelley who wrote the report.
The bots started appearing for sale on the messaging platform Telegram last summer. Kelley identified about six channels with more than 10,000 subscribers selling the service.
He explained that scammers often brag on Telegram about bots working well and netting thousands or hundreds of thousands of dollars of crypto work. The cost of the bot ranges from US$100 (Rp 1.4 million) per month to US$ 4000 (Rp 57.1 million) for a lifetime subscription.
The scam worked because the robocall could sound like a formal call. Especially when the victim is being distracted by other things while getting the call.
"It's human nature. If you receive a call telling you if someone is trying to get into your account, you don't think 'Yeah I didn't try'," explains Q6 Cyber analyst Jessica Kelley who wrote the report.
The bots started appearing for sale on the messaging platform Telegram last summer. Kelley identified about six channels with more than 10,000 subscribers selling the service.
He explained that scammers often brag on Telegram about bots working well and netting thousands or hundreds of thousands of dollars of crypto work. The cost of the bot ranges from US$100 (Rp 1.4 million) per month to US$ 4000 (Rp 57.1 million) for a lifetime subscription.