Group-IB has discovered thousands of personal records of users from over 20 countries of the world exposed in a targeted multi-stage bitcoin #scam. Read more: https://t.co/dh8AmeaJOR pic.twitter.com/CfEIle0YZ2
— Group-IB (@GroupIB_GIB) June 30, 2020
“BTC investment scams have been around for quite a while and we regularly detect new instances of crypto fraud. This time however the scheme was significantly upgraded, and a tremendous amount of personal information was leaked,” Group-IB CEO Ilya Sachkov said.
Most scams try to lure individuals into handing over both their personal identification information (PII) and their funds. This time around, a significant amount of PII was already in the possession of digital currency scammers, which allowed them to conduct a complex three-part scam.
Individuals across 20 countries were affected by this scam—but the U.K. and Australia were the two countries that were hit the hardest with 147,610 and 82,263 individuals’ personal identification information being stolen respectively.
How it works
There are three parts to the digital currency scam discovered by Group-IB. First, the scammers send the victim a text message that says a local celebrity/personality has endorsed a digital token. The text message contains a link that directs the victim to what appears to be a local media outlet which contains a fake story in which their local celebrity endorses a digital currency.
Every link in the fake story will direct the reader to a digital currency investment platform that already has their personal data filled in (name, phone number, etc.). The last request on the investment platform sign up page requires users to send .03 BTC to the investment platform to activate their account.
Of course, the investment platform is not legitimate. After the user sends .03 BTC, they will not be able to use the investment platform because the platform is fake.
Do your own research
Anytime a new digital currency scam surfaces, we like to remind our audience to do their own research. A legitimate investment platform will never ask you to send them money to “activate your account.”
Group-IP has also given their audience a few tips on how to reduce the risk of falling victim to a digital currency investment scam
“Stay vigilant,” the group said. “A couple of simple rules: If you spot a long redirect chain, it’s a red flag. Always double-check the domain name, website registration date when entering personal information or payment data.”
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.