The cyber-crime isn’t stopping. Every day more, the criminals have new tricks for stealing cryptocurrencies from the owners and the exchanges. And the U.S. Federal Bureau of Investigation (FBI) wants everyone to know that they’re out there, waiting for the smallest mistake of the victim. This time, they’re stealing cryptos by using the victim’s own phone number.
As indicated by a recent warning, issued by the FBI via a TLP: GREEN Private Industry Notification (PIN), some malicious actors are targeting cryptocurrency owners worldwide with different kinds of attacks. One of the most popular lately is the so-called “SIM-swapping” or SIM hijacking. As the name suggests, this one consists of stealing the victim’s phone number.
The thief achieves this goal by identifying the victim and their data. Then, they call a customer service representative from the mobile phone company involved. They pretend to be the victim and tell the representative some lies (like they lost their phones) in order to change the phone number into a new SIM card under their control.
Once this happens, they proceed to reset all the passwords at hand, including email, cloud, and even crypto-exchanges accounts. Commonly, people choose the two-factor authentication using their phone numbers, so, the process for the thief isn’t that difficult. The new passwords are sent to them via text message or through the (already hacked) email.
This way, the criminal has already full access to the victim’s accounts. So, they can quickly transfer all the cryptocurrencies they find into their own wallets, completing successfully the robbery.
Vishing: another crypto-warning by FBI
We’ve already talked about phishing. It’s a fake version of something (website, app, software, message, call…), specially designed to deceive people and get from them valuable information, like bank or cryptocurrency credentials and keys. When this fraud is done through voice calls, then it’s dubbed “vishing”.
The FBI also warned about this type of robbery, because it’s becoming more and more common. In a usual case of vishing, the victim receives first some kind of message or email, apparently from their payment platform or cryptocurrency exchange, announcing there is some kind of problem with their accounts.
The scam can be done entirely by email, but sometimes they encourage the victims to call. In other cases, the victims seek help by calling a fraudulent support number, or the fraudsters call directly to the victims, pretending to be certain companies. Subsequently, on the phone, they manage to convince the victims to give them their private keys or credentials. Sometimes, they even ask them for money, alleging regulatory or taxing issues.
As a recommendation, the FBI encouraged the crypto-users to enable multi-factor authentication (like credentials on paper) on all their cryptocurrency accounts. Likewise, they advise to keep in private the financial and personal life, deny requests of suspicious downloads and/or remote access, and always contact the used services (i.e. crypto-exchanges) only via the official channels.
Featured Image by Sora Shimazaki / Pexels
Originally published at https://blog.alfa.cash on July 12, 2021.