CyberWire Daily - Don't let the Elon Musk crypto giveaway scam swindle you. [Research Saturday]
Episode Date: April 22, 2023Shiran Guez from Akamai sits down with Dave to discuss their research on "Chatbots, Celebrities, and Victim Retargeting and Why Crypto Giveaway Scams Are Still So Successful." Researchers at Akamai ha...ve been on the lookout for crypto giveaway scams. These scams have been impersonating celebrities and brands, most notably Elon Musk and his associated companies. The research states "the scams are delivered through various social media platforms as well as direct messaging apps such as WhatsApp or Telegram." These scams have helped add to the existing damages that exceed $1 billion caused by crypto fraud. The research can be found here: Chatbots, Celebrities, and Victim Retargeting: Why Crypto Giveaway Scams Are Still So Successful Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. Hello, everyone, and welcome to the CyberWire's Research Saturday.
I'm Dave Bittner, and this is our weekly conversation with researchers and analysts
tracking down the threats and vulnerabilities,
solving some of the hard problems of protecting ourselves in a rapidly
evolving cyberspace.
Thanks for joining us.
The fact that it was still going on, that was what made us so surprised and kind of
challenged us to look at it once more.
That's Sharon Guz.
He's senior manager for information security at Akamai.
The research we're discussing today is titled
Chatbots, Celebrities and Victim Retargeting.
Why crypto giveaway scams are still so successful. It's not very common to have a crypto scam
or a scam that has been running for over five years. Well, let's go through it together here.
I mean, for folks who aren't familiar with how this scam works,
can you walk us through it?
How does it begin?
Yeah. Okay, so it's actually beginning with a simple publication
that has been running over either Twitter or over even YouTube,
if we last saw the scams that were running there.
Telegram channels, any social media
that the threat actor kind of taps into.
And it is often being triggered by some noticeable, known, I would call it a celebrity that is being talking about something that is related to crypto or even just talking about something that is putting the social public into the attention,
that is kind of the trigger where the scammers are tapping on and popping up all these social media publications around the crypto scam.
social media publications around the crypto scam.
You know, I've been around long enough that I remember when these scams focused on Bill Gates.
You know, you'd be on somewhere like Facebook or something like that, and a message would pop up,
and it would say, hey, everybody, I'm Bill Gates, and I'm giving away my fortune.
Lucky you, you're going to get some. So the scam, it's kind of following the same model there,
but is it fair to say that cryptocurrency has added fuel to the fire here?
Yeah, definitely.
I do agree with that statement.
The crypto arena has been surging since at least 2018. Cryptocurrencies like Dogecoin, Ethereum,
and even Bitcoin as the main driver have been surging in thousands of percentage since then. We have seen the rise of Dogecoin from 0.0.5 to almost a dollar,
which is thousands of percent
over very short periods of time.
So people have been jumping on
what we call the FOMO kind of movement,
which is the fear of missing out.
So this was definitely a very big driver for people to have a life-changing kind of
success over using these kind of scams.
Yeah, it's interesting to me, as you point out in the research here,
that it seems as though Elon Musk is the big lure in these,
which I guess makes sense, being known worldwide as a person
with a lot of money and also someone interested in crypto.
It was interesting to me that you all highlighted that not only do people
pretend to
be Elon Musk, but there'll be a lot of scams where they sort of follow on to things that he might be
publishing legitimately, that they'll find folks who are legitimate celebrities and they'll sort
of tack on to what they're doing to try to draw attention and leech off of their audience that way.
to try to draw attention and leech off of their audience that way.
Yeah, exactly.
We saw a lot of that kind of methodology that they are using,
especially on Twitter,
where Elon Musk would tweet something around the Dogecoin or around cryptocurrency in general.
And very soon after, you would see in the inner threads, which are
very, very noisy, you would see such messages that lure the crowd or lure the victims into
tapping into the campaign, publishing, hey, and I would give away
this and that amount of money,
just give me X and I would give you 2X or 10X
or whatever that the scam has brought up.
And now, a message from our sponsor, Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024,
these traditional security tools expand your attack surface with public-facing IPs that are
exploited by bad actors more easily than ever with AI tools. It's time to rethink your security.
Zscaler Zero Trust plus AI stops attackers by hiding your attack surface, making apps and IPs invisible,
eliminating lateral movement, connecting users only to specific apps, not the entire network,
continuously verifying every request based on identity and context, simplifying security
management with AI-powered automation, and detecting threats using AI to analyze over Thank you. The research digs into some of the scam kits that are out there,
ways that folks can get into this business.
Can you take us through that component of this?
How does that work?
So, yeah, the kits themselves that we have investigated have been surprisingly very basic, you know, languages for web developers.
They use widgets.
This is kind of what gives them more authenticity or more look and feel that victims would fall for
using widgets that are related to support,
like the smart support live chat,
where they are actually responding to support questions.
If you would ask them,
hey, how do I gain access to that giveaway?
Or how do I gain money by simply sending you X and you would send me 10X or something like that?
Then they would respond.
They would sometimes maybe not immediately, but they would respond and they would try to convince you that this is a legitimate giveaway, that Elon Musk is behind it or any other celebrity that is on that fishing kit.
They would definitely be giving you the look and feel that this is a legitimate giveaway.
Let's go through some of the technical elements here that you all have shared in the research here.
What are some of the interesting things going on under the hood, behind the scenes?
So the most interesting, I think, is the way that they are presenting it.
It is looking very professional kit.
It is looking very smooth and slick kit or website.
It has all the attributes to present it as a legitimate site.
It has widgets that are showing the current status of the crypto market.
The widget is connected to an actual crypto exchange.
So it would show live parameters from the actual crypto exchange.
So if you would go to another market or check the validity of what they are presenting, it seems very valid.
It seems very legitimate.
They would show you kind of there is a JavaScript behind the scene that is refreshing always the transactions.
So it will seems like there are a lot of transactions that are happening.
it will seem like there are a lot of transactions that are happening.
So you would be kind of in a fear of, like we mentioned the FOMO,
the fear of missing out.
You would fear of miss out on the giveaway because the transactions are always kind of reducing
the amount of the giveaway, the final giveaway sum.
So this is kind of around the look and feel.
Some of the kits that we have seen have been also tracking the victim source,
meaning whoever tried to access the site, that information was collected and sent to a telegram of the attacker, a
telegram group of the attacker.
It was not on all the kits that we've seen, but it was also presented there.
And from what we have seen, the group, the telegram group that it was sent to, the message was sent basically in Kyrillic language, in Russian language.
That kind of also gives us some hint about potentially who could be maybe the attacker. Well, let's talk about ways to prevent this. What are your recommendations for folks to best protect themselves?
That's a great question. So first
I would say first and
almost the bottom line, there are no free gifts. No one
is going to give you money back for any sum of money that you would give.
There is no such kind of magic of getting back the money.
I would say that if you are totally convinced that this is legitimate, I would definitely go and validate the source.
Basically, try to talk with the person.
that definitely you should not expect to see money back if you're sending any money to the attacker.
Not related to this campaign.
Any time that you are sending money to anyone,
it should be as a consequence of you're getting a service you are paying for a product
and you should always verify who i who you are paying to that there is no way around it you
should do your due diligence your research about the person that you are paying the money. But for that scam specifically, I would say don't. There is no
free gift for that. Yeah. I think it's worth mentioning that I suspect for our audience,
they probably consider themselves fairly sophisticated and wouldn't imagine falling for
this sort of thing. But that's not necessarily true of our friends and family. And so I think
it's important for those of us who have that level of sophistication to be sure to get out there and
spread the word about this sort of thing. Because as you mentioned, this has been around for a while.
It's evolved some, which is what you all are tracking here, but it stays around because it works.
Exactly.
The scam is very easy, right?
They are simply releasing kits everywhere.
They are sending a net and luring the fishes into the net.
That's a very easy
scam from their side and very lucrative.
We see that initially when that
phishing campaign started, they asked for a specific
amount and they said that they are going to return you a specific amount.
But over time they said, wait, I going to return your specific amount but over time they said wait
i don't need a specific amount send any amount and i will send you double and basically and and you
can see that that people are are people that that are not aware are trying they are they are trying
they are sending like small amounts.
There are people that are falling with large amounts,
and this is very unfortunate.
But overall, you would see that there are a lot of transactions
that are happening to these scammers because people are unaware.
That's the most concerning part.
Our thanks to Shiran Guz from Akamai for joining us.
The research is titled
Chatbots, Celebrities and Victim Retargeting.
Why crypto giveaway scams are
still so successful. We'll have a link in the show notes.
And now a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
Thank you. Technologies. This episode was produced by Liz Ervin and senior producer Jennifer Iben. Our mixer is Elliot Peltzman. Our executive editor is Peter Kilby,
and I'm Dave Bittner. Thanks for listening.