New scam to steal cryptocurrency wallets, WhatsApp and SMS are the preferred means

3 minutes read

Several users began to share via Twitter the capture of a message that reaches them by SMS, direct messages from different apps or WhatsApp in which they are given the username and password of a supposed exchange site where they claim to have a significant amount of USDT or Teher, a stable coin launched in 2014.

The message is shared along with a text asking the user not to “share with anyone” that information. It is thus intended that the person enters the site in question, with the data provided. When doing so, you enter a page that shows a balance with a large sum of USD 754,517. In this way it seeks to catch the attention of the person.

Now, if the victim wants to transfer that balance to their cryptocurrency wallet, they will have to enter their access credentials and that is where the cyberattackers will obtain said confidential information that will allow them to keep their funds.

As you can see, this is yet another case of social engineering or phishing where, through a page that poses as a supposed exchange, they seek to obtain data, in this case, from digital wallets in order to steal funds.

This hoax was seen circulating under different exchange names. On one of the sites analyzed by the cybersecurity company Eset, it is seen that the page was created just a week ago. This is an indication that already serves as an alert.

From the company they indicate that this site seeks to obtain information from cryptocurrency wallets, as in other identified cases.

One point to keep in mind is that in all cases you see that next to the URL there is a padlock that implies that the URL has the security protocol, but that does not imply that the page is reliable. It is important to clarify this because many times users are confident when they see the padlock, but this only implies that the communication between point A and B is encrypted.

HTTPS is a secure communication protocol but does not imply that the page is reliable or real. In other words, if there are cyberattackers behind that site, then, no matter how many locks there are, they will obtain the user’s access credentials because the page is precisely not real.

What to do when you suspect that some content may be false, spam or an attempt to deceive. In the event that the information arrives via Twitter, you can report the content and request its analysis from the application, as follows: click on the down arrow icon next to the Tweet, select the option that indicates it is suspicious or spam and submit the report for verification by the system.

In the case of having already been the victim of a robbery or fraud, then you must file a complaint with the prosecutor’s office or corresponding authority in each country so that the person responsible can be found and to prevent them from continuing to commit this type of deception.

Precautionary measures to avoid falling for scams and other forms of attack, as recommended by Luis Corrons, security specialist at Avast:

one. get trained: It’s important to stay one step ahead of scammers by gaining an understanding of the latest scams.

two. Be skeptical: Before clicking any link or downloading any attachment, check for phishing warning signs. If something suspicious is identified, report it.

3.Confirm before acting: authentic companies will never contact you by email, message or phone to request personal data.

“If this happens, call the company yourself using the contact details on their legitimate website to confirm anything you were told in the email or call. Do not reply directly to suspicious emails. Always start a new communication through the company’s official service channels”, highlights the expert.

Four. Change passwords regularly and activate second factor authentication.

5. Examine accounts: review all account statements for charges that do not apply.

6. Read emails as plain text: “this is a good trick to help spot email phishing scams. Convert a message to plain text and you can detect hidden image URLs that would not be visible in HTML mode,” he concludes.