A previously undetected cryptocurrency scam has leveraged a constellation of over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021.
“This massive campaign has likely resulted in thousands of people being scammed worldwide,” Trend Micro researchers said in a report published last week, linking it to a Russian-speaking threat actor named “Impulse Team.”
“The scam works via an advanced fee fraud that involves tricking victims into believing that they’ve won a certain amount of cryptocurrency. However, to get their rewards, the victims would need to pay a small amount to open an account on their website.”
The compromise chain starts with a direct message propagated via Twitter to lure potential targets into visiting the decoy site. The account responsible for sending the messages has since been closed.
The message urges recipients to sign up for an account on the website and apply a promo code specified in the message to win a cryptocurrency reward amounting to 0.78632 bitcoin (about $20,300).
But once an account is set up on the fake platform, users are requested to activate the account by making a minimal deposit worth 0.01 bitcoin (about $258) to confirm their identity and complete the withdrawal.
images from Hacker News