Bots are being used by scammers to drain cryptocurrency accounts

Bots are being used by scammers to drain cryptocurrency accounts

Dr. Anders Apgar was out to dinner with his family last month when his phone began to ring. He tried to ignore it because it appeared to be a robocall. The calls, though, continued unabated. The phone of his wife began to ring as well. “When she takes it up, a banner appears with the message, ‘Your account is in peril,'” he explained. He picked up his phone after receiving the warning, which he claimed was a text message. That was the start of the couple’s misery. Many crypto account holders around the country are experiencing nightmares as hackers target the industry’s boom, according to cybersecurity experts. The Apgars, who are both obstetricians in Maryland, started investing in cryptocurrency a few years ago. Their account had risen to almost $106,000 by December, with the majority of it kept in bitcoin. Their account is with Coinbase, the country’s largest cryptocurrency platform, just like millions of other investors’. “Hello, welcome to Coinbase security prevention line,” a female voice said when Apgar took up the phone. Due to an unsuccessful log-in attempt on your account, we have detected illegal activity. This was requested from an IP address in Canada. If this is not you, please press 1 to complete the steps necessary to regain your account.” The call was only 19 seconds long. Alarmed, Apgar pressed 1. He stated he can’t recall whether he entered his two-factor authentication code manually or if it appeared on his screen automatically. But, as a result of what transpired at that precise moment, his account was locked in less than two minutes. Apgar said he suspects the scammers stole the majority, if not all, of the crypto, but he can’t be sure because he hasn’t recovered access. “It was just a sense of dread and emptiness, like, ‘Oh my my, I can’t get this back,'” he added. The Apgars were the victims of a particularly cunning sort of scam that exploited two-factor authentication, or 2FA. People use 2FA, or two-factor authentication, to protect a variety of accounts at crypto exchanges, banks, and other places where they do digital transactions. However, this new sort of fraud targets the 2FA code, and it takes advantage of people’s fear of their accounts being stolen. They expose themselves to robbers by performing actions they believe will safeguard them.


Apgar
Dr. Anders Apgar

A one-time password, or OTP, bot is the fraud instrument. According to a report published by Q6 Cyber, a Florida-based cybersecurity firm and CNBC contributor, OTP bots are causing significant losses for banks and other institutions. Because bot attacks are still relatively new, it’s difficult to assess the extent of the damage. “The bot calls are expertly designed, instilling a sense of urgency and trust over the phone.” The calls focus on fear to get victims to act in order to ‘prevent’ fraud in their accounts, according to the research. Because victims are accustomed to entering a code for authentication to verify account details, the fraud succeeds. The robocalls may appear authentic at first glance, especially if the victim is stressed or preoccupied at the time the call is received. “It’s human nature,” said Jessica Kelley, the report’s author and a Q6 Cyber analyst. “You don’t assume, ‘Well, I wasn’t trying to sign in to my account,’ when you get a call saying someone is trying to sign in to your account.” Last summer, the bots began to appear for sale on the Telegram messaging platform. Kelley found at least six Telegram channels selling the bots, each with over 10,000 users. While there is no official estimate of the amount of cryptocurrency stolen, Kelley claims that fraudsters regularly gloat on Telegram about how successfully the bots worked, garnering each user thousands or hundreds of thousands of dollars in cryptocurrency. The bots cost anywhere from $100 per month to $4,000 for a lifetime subscription. “Before these OTP bots, a cybercriminal would have to call himself,” Kelley explained. “They’d have to phone the victim and try to persuade them to reveal their personal information, bank account PIN, or two-factor authentication passcode.” And today, thanks to these bots, the entire system is automated, allowing for considerably greater scalability.” “Once the victim enters their 2FA code or any other information they requested the victim put in their phone, that information is delivered to the bot,” Kelley explained. “The bot subsequently sends it to the cybercriminal, who then has access to the victim’s account,” the bot says. Criminals might “possibly take everything,” she claimed because they could “make these transactions one after the other until the sum is basically depleted.” “Coinbase would never make unsolicited calls to its users,” a Coinbase spokeswoman told CNBC. “We encourage everyone to be cautious when providing information over the phone.” If you get a call from someone pretending to be from a financial institution (whether it’s Coinbase or your bank), don’t give out any account information or security codes. Instead, hang up and call them at the organization’s official phone number posted on their website.” Another Coinbase customer, David Silver, was aware that he would not be contacted by the firm. He just received a robocall informing him that his account had been compromised. “And it was an electronic voice telling me it was Coinbase Fraud Department right away,” he claimed. “And I turned to the lawyer sitting next to me and said, ‘Start videoing.’ I understood what this was and what it was going to be right away.”

Silver
Atty. David Silver

Silver requested that an email be delivered to him confirming that the call was from Coinbase. No, was the answer. “And their answer was no because there are only a few ways to mask email coming directly from a domain,” he explained. “And nowadays, domain carriers like GoDaddy and Google — it’s really difficult to spoof email coming from domains,” he added. “They also refused to send me the email.” When I begged them to provide me the email and they replied no, that was my final ray of hope that they were genuine.” Silver was requested to show his computer screen after roughly seven minutes. He hung up the phone. “It’s not surprising that I received the call. “However, I’m curious as to how they got my personal mobile phone number and where they got the information to link me to Coinbase,” he stated. Apgar admitted that he wishes he had never picked up the phone. To make matters worse, he claims he has been unable to regain access to his account. When CNBC inquired about the Apgars regaining access to their account, a Coinbase spokeswoman stated the incident had been referred to the company’s security staff. Apgar said he had just responded to an email from Coinbase asking for assistance in regaining access to the account on Monday. According to CNBC last year, Coinbase’s customer service has been a major issue. Customers around the country said that hackers were depleting their accounts, but when they contacted Coinbase for assistance, they received no response. Following the incident, Coinbase established a phone support line to assist consumers, but even it has run into issues. When asked what he could have done differently, Apgar replied the answer is simple: he could have avoided picking up the phone.

Source