Canadian Bitcoin Scams Increasing As Hackers Use Spear-Phishing Strategy
The police department in Burnaby has discovered that there is a surge in Bitcoin scams across Vancouver. The Royal Canadian Mounted Police, or RCMP, cover Burnaby which is a district within British Columbia. Law enforcers noted a constant increase in these scams across the city.
This news arises amid the recent reports of some similar criminal activities happening throughout Canada. Police say that these scammers call their victims and then impersonate a member of the RCMP. The criminals then falsely say that the police have an arrest warrant for the victim linked to illegal activities.
Scammers Use Multiple Phone Numbers
Many phone numbers are involved in these schemes. The targets receive many calls from several numbers. Then, they are told that if they alert anybody else in their family about these calls, they too will get arrested.
The scammer proceeds to ask for a payment and insists on the deposits being made through a Bitcoin ATM. RCMP police have warned that the scams have involved many suspects alleging to be working with CRA as well.
They explained that police forces in Canada have never created methods to accept Bitcoin as a payment method. He also insisted that the police will never request Bitcoin ATM deposits.
#Burnaby RCMP has seen an increase of the number of scams involving the transfer of money via Bitcoin.
Suspect calls & advises the victim they have an arrest warrant because their SIN card was used at multiple Service Canada locations. pic.twitter.com/DZ98odFO3V
— Burnaby RCMP (@BurnabyRCMP) June 23, 2020
One Victim Lost $11,000
Authorities said that:
“This scam recently cost a local resident nearly CAD 15,000 [$11,000].”
Currently, the RCMP is investigating two reported Bitcoin-related scams that happened in Strathcona County in Alberta, Canada. Recent reports also indicated that a similar scam has reportedly targeted residents of Winnipeg, Canada on June 19.
CryptoCore Hackers Use Spear-Phishing To Steal $200M From Exchanges
A hacker group managed to steal a staggering $200 million in cryptos from exchanges as reported on June 24. The group known as ‘CryptoCore’ used “spear-phishing” attacks to access these exchanges. ClearSky cyber-security firm said that this criminal group operated out of Eastern Europe and it has targeted crypto exchanges since 2018.
Most of the victims are based in the United States and Japan. The criminals managed to steal all that money within two years but experts say:
“the group is not extremely technically advanced. Instead, it is swift, persistent, and effective.”
How CyberCore Operates
The criminals access crypto wallets owned by employees and exchanges that they want to target. First, the launch of an exhaustive reconnaissance phase against the victims. Then, they find methods of using spear-phishing attacks.
These attacks come in the form of emails to executives from other accounts that seem to be owned by higher-ranking employees. They either pose as employees of the same company or another organization that works closely with the company that they want to attack.
After that network is infringed, these hackers send malware which they use to access the affected executive’s password manager accounts. In most cases, the manager accounts are the stores where all the cryptocurrency wallet keys are kept.
The criminals are patient. Should the executives remove a multi-factor authentication security measure, they act instantly and responsively. They drain everything from these wallets. Experts noted that:
“activity receded in the first half of 2020, one possible reason being the limitations induced by the COVID-19 pandemic. But it didn’t stop completely.”
In today’s world, spear-fishing has become a popular method exploited by cyber-criminal. Since a solution is yet to be found to effectively tackle it, this hacking method has become a major challenge in the crypto space and digital world in general.
A major spear-phishing scheme was launched against YouTubers since the start of the year. The criminals go for the accounts that have many subscribers and hijack them when the unsuspecting owners open ‘infected’ links.
After taking over these accounts, the criminals changed passwords and then deleted all the videos. They also managed to run since live streams that featured phony interviews with various celebrities including Binance’s Changpeng Zhao and Tesla’s Elon Musk.
The hackers hiding as celebrities requested viewers to send crypto promising to send more back. That was a major scam, but it was successful. In that context, a major Musk scam managed to steal $2 million in just two months. However, the cryptocurrency exchanges were hit much harder by cyber-criminals.