Since the beginning of the online Crypto tradings, there have been many cases of Indian investors being the victims of fraudulent and fake Crypto exchanges and their digital assets. Until recently, this has become more frequent and common. One of the reasons for this can be the emergence of so many new online Crypto trading platforms and applications.
According to a latest report released by the cyber security company CloudSEK, it has been revealed that Indian Crypto investors have been duped and scammed of Rs.1000 crore because of all these fraudulent crypto exchange hoax including phishing crypto scam, “pig butchering” crypto scam, pump and dump crypto scam, rug pull crypto scam, and designing malicious crypto exchange softwares.
Many of these cases are due to the fake mobile applications regarding crypto exchanges which charge zero or no brokerage charges and promise many other benefits and privileges. This may seem quite enticing and lucrative at first, but it is nothing but a bait to dupe investors.
A similar case was discovered by CloudSEK where phishing domains combined with online based crypto trading applications carried out rackets to hoax innocent people into investing a good fortune of their income. The report also mentioned, “This large-scale campaign entices unwary individuals into a huge gambling scam. Many of these bogus websites impersonate “CoinEgg”, a legitimate UK-based cryptocurrency trading platform.” The company was later approached by many victims who had lost their money allegedly on the platform due to crypto trading.
CloudSEK carried out research and found certain rather interesting revelations. They discovered that these scams were being carried out by thread actors, or in layman terms as we say people or a team of people trying to cause harm by performing malicious and threatening activities.
They started off by cloning and masquerading the official CoinEgg’s platform’s user interface and started to pose as them. With this fake platform, they promoted them through the ads on Facebook and other social media platforms. They promoted ads that assured the users that they would get a $100 voucher upon signing up and investing a certain amount in a certain cryptocurrency. Upon investing, their amount and accounts get frozen and they are barred from collecting their money. It not only ends here.
There have also been cases where users have been asked to provide their bank details and other relevant information via email when they opened a new trading account on some platform or when they mailed the customer service for their discrepancy of funds.
According to researcher’s observations, certain trading applications also require unwanted permissions which are not relevant to their need. Also, these threat actors have more than one domain across the web so that taking one down doesn’t affect their operation.
According to CloudSEK, the best way to get rid of these scamsters is to identify them and suspend them before they can switch domains. The company said, “Report the phishing campaign to the Cyber Crime Cell and provide them with the necessary details to curb the continuous attempts of threat actors. Run aggressive awareness campaigns to educate users/ customers about ongoing scams. This will lead to fewer people falling for these scams.”