Researchers at Bitdefender warn that cybercriminals continue to impersonate Elon Musk in Bitcoin scams. One campaign that started on May 15 involved sending thousands of emails telling users to register for a $5,000 Bitcoin giveaway organized by Tesla.
“79.72% of scam emails appear to be sent from IP addresses in Germany, targeting users in Europe and North America. 11% of the fraudulent emails have reached users in the UK, 79.26% in Sweden, and 9.22% in the US,” the researchers write. “Cybercriminals mix and match subject lines, pdf names, and messages to dodge spam filters. For example, in one version of the crypto scam, the subject line reads, ‘ELON MUSK 5,000 B T C GIVEAWAY!’ while others are target specific, containing the victims’ username in front of the main title.”
Interestingly, another variation of the campaign used a QR code pointing to a Bitcoin address to fool recipients.
“The second version of this crypto fraud campaign showcases the spammers’ creative side, including a Bitcoin Address QR Code to be scanned by participants,” the researchers explain. “While some internet users might not have heard about the acquisition of $1.5 billion worth of Bitcoin by Tesla earlier this year, cryptocurrency investors have. This scam campaign has reached over 30,000 users across the globe. 16.73% of the spam emails originate from IP addresses located in Brazil, 14.15% in Russia, 6.32% in Indonesia, 4.91% in Turkey, 4.56% in Ukraine, 4.44% in Spain, 3.68% in the US, 3.63% in Italy, 2.16% in India, 2.11% in Romania, and 1.93% in the Netherlands.”
The researchers conclude that these scams can be thwarted if users develop the habit of avoiding offers that seem too good to be true.
“Cryptocurrency scams have proven a highly effective social engineering scheme that reel in millions of dollars from victims each year,” Bitdefender says. “These phishing campaigns sing the same tune that is meant to hypnotize the audience, inducing a false promise of getting rich quick.”
New-school security awareness training can help your employees avoid falling for these scams by teaching them how to recognize common social engineering tactics.
Bitdefender has the story.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
