Recently, ESET cybersecurity specialists have identified another variant of the campaign, in which cybercriminals refer to a website running, inter alia, cryptocurrency exchange. Though victims have never used the genuine Blockchain site, they are giving hackers remote access to the computer under the pretext of an alleged withdrawal of funds.
The attack by cybercriminals pretending to be Blockchain occurs via the telephone. They call their victims and introduce themselves as consultants to a company associated with cryptocurrencies. They try to gain trust by using the user’s first name and inform them of the possibility of withdrawing their funds in the form of high-value bitcoins.
Even if the user replies that he has never created an account on the website of the named company, the fake consultant convinces him of the existence of such a profile and tempts him with allegedly high-value funds ready for withdrawal. Sometimes, when users drill down into the thread of a non-existent account, criminals also mention the names of popular shopping websites, suggesting that they are profiles created through them. The means of persuasion typical of this type of fraud are used: cybercriminals argue that the entire operation must be performed on the same day, because the billing period is about to expire and otherwise the funds will be lost – says Kamil Sadkowski, ESET cybersecurity specialist.
Instead of quick earnings – irretrievable loss of funds
The alleged Blockchain representative provides a victim with a quick, easy income and the prospect of an efficient withdrawal of funds. To do this, he asks to install an AnyDesk program that enables remote access to the user’s desktop. Under no circumstances should we give in to his suggestions – specialists warn.
Some users are tempted by easy earnings, a lure of big money, and are ready to install the suggested software. Once cybercriminals take control of their computers via remote access, they are able to spy on and perform financial operations on the victim’s bank accounts. Such an attack may result in a loss of savings and even incurring a financial obligation on behalf of an unaware user – adds the ESET expert.
More than one person has fallen victim to this type of attack, so you should always be careful with extremely favorable financial offers and verify their source. When a representative of any company asks you to install an application or program, you should carefully check what solution is meant. Telephone consultants sometimes encourage you to download official applications of companies or institutions. Under no circumstances, however, should they ask users to install remote access applications. If we come across such a request – we can be sure that we have just become the target of fraudsters.
We also invite you to read the previous security articles published on . We encourage you to share them with your loved ones – as a warning.