PARIS, October 27 (Benin News / EP) –
A group of researchers analyzed a new attack, called Buchering of pigswhich involves encouraging victims to invest in cryptocurrencies after gaining their trust by using the same strategy as in the tricks of love.
Website Romantic deception or romance spoofing is a social engineering attack that tricks another person into believing that an “online” romantic relationship exists between you. To do this, the attacker creates a fake profile by stealing photos other real people, and once they know the victim thinks they’ve fallen in love, they convince them to make bank transfers.
The main difference between “Romance Scam” and “Pig Buchering” – which translates to “pig butchering” – is that, in the latter case, the scammers abuse the trust of the victims. to encourage them to invest in cryptocurrencies.
Of Chinese origin, this “online” crime has managed to position itself as one of the EU’s main attacks. social engineering in non-English speaking countries. So much so that the Federal Bureau of Investigation (FBI) e United States issued a warning last April, signaling it was growing in popularity.
In fact, according to data collected by the Global Anti Scamming Organization (GASO), victims lose about $122,000 (around 121,000 euros) on average thanks to these scams. Moreover, two thirds of those affected are women between the ages of 25 and 44.
Cyber security company Proofpoint has conducted an investigation to find out how these cybercriminals operate and how far they can go with these online scams.
First, the threat start with a conversation with a strange person on social media who contacts victims claiming to have changed their phone number, among other excuses.
Once they receive a response from that contact, are very enthusiastic and start sending pictures of where they are or what they’re eating to add some realness to a seemingly harmless conversation.
Over time, attackers pretend to have a godfatherusually a friend or relative who introduced them to pleasures such as travel and other projects. After this more intimate contact, they suggest continuing the conversation on messaging platforms such as Telegram or WhatsApp for more privacy.
After they got the phone of their victims, they can send suggestive selfies and encourage victims to participate in this media file sharing. Scammers may also refer to a friendly relationship to maintain contact.
After this second step, they mention their mentor again as a solution to all their financial problems, and they convince their victims to talk to him and find a way to make money easily and quickly.
This is where the other malicious actor comes in, although it may be the same person who initiated the fraud. This user sends the victim technical documents related to investing in cryptocurrencies and offers to help him create a Coinbase or Crypto account.
This type of mentoring is usually done in a chat group, usually WhatsApp, Discord or Telegram, which also includes other people who have allegedly benefited from investing in cryptocurrencies. Also, the “mentor” shares crypto tips to give more credibility to the hoax..
As Proofpoint researchers discovered, after victims reveal their phone number, they start receiving indiscriminate invitations to private groups related to cryptocurrency trading.
This would indicate that cybercriminals share victim lists randomly, regardless of how those victims are distributed among their groups.
Finally, they are all redirected to website or a fraudulent mobile app. The scammers then encourage them to buy a small amount of cryptocurrency, usually from Coinbase.com or Crypto.com.
They are then invited to submit a screenshot of the investment and encouraged to spend an amount less than 1,000 for a certain period of time. They are then notified that whoever completes these transactions will receive a corresponding reward of 10-20% of the money spent.
Over time, attackers require larger volume transfers, theoretically inflating their digital wallets, when in reality they are simply losing money in these moves.
If at some point the victims refuse to continue investing due to a lack of funds, the fraudsters even encourage them to take out loans, refinance their homes or sell the stocks they own.
Scammers also don’t seem to have the right to withdraw all their remaining money, as threat actors do. explain to them that they can only withdraw a small amount of money. citing issues such as taxes or international law.
Finally, they are threatened with share their photos or previously sent videos or report them for tax evasion in case they do not intend to continue the financial transactions. After all the money is withdrawn, the fake site and its domain are eventually shut down, to create another site for new victims.