The attackers ingratiated themselves and convinced their victims to voluntarily invest money on fake crypto platforms.
Last October, Sean Gallagher, a senior threat researcher at cybersecurity firm Sophos, received an unexpected text message from a young Malaysian woman who identified herself as Harley. She said she previously ran a wine business in Vancouver, but due to the COVID-19 pandemic, the business had to wind down, and as a result, Harley learned how to make money through another trade - cryptocurrency.
Harley told Sean that she was ready to share all her secrets with him, to which he gladly agreed, because there is nothing more interesting and fun than watching the actions of a cybercriminal who is trying to “deceive” a cyberspecialist. A conversation with Harley led Sean Gallagher to another Cambodian attacker (team moderator) who he says made over $3 million in crypto in six months.
In these fraudulent schemes, cybercriminals use social engineering tactics and a method that is commonly referred to as "butchering pigs." Attackers allegedly "accidentally" find their victims, rub themselves into trust for several weeks or months, and then offer to "make money quickly", for which the victims must disclose their confidential information or transfer money to the scammer's crypto wallet. Such “scammers” most often find their victims through dating apps, social networking sites, etc.
The texts of the scammers look like random messages, but are actually meant to be sent to a large number of potential victims and selectively interact with those who respond. Attackers typically convince their victims to switch to another messaging platform (in Gallagher's case, it was Telegram) and then trick them into depositing money into fake decentralized financial applications.
The scam Sophos uncovered is just one of hundreds that use similar lures and nearly identical websites and apps, Gallagher said. For example, while Sophos was preparing its report, the team was contacted by a person from the United States whose story almost exactly mirrored Gallagher's experience, with a few exceptions - the girl claimed that she was Vietnamese and used to work in cosmetics from New York.
In general, this type of bait is particularly popular with Chinese organized crime operations operating in Southeast Asian countries, including Cambodia, Myanmar, and Laos.
Fraudulent teams usually have a young man as front men - Harley, from the example above, who acted as a bait, as well as a whole group that creates fake media content to provide a set of false evidence that the victim will believe and "invest" in the wallet scammers.
The long duration and complexity of the communications that support these scam networks make them compelling even for skeptical victims, Gallagher said. But scams are rarely flawless: sometimes the success story is controversial, the scammers don't speak English well, and they're too outspoken about their motives to get their victim to invest in cryptocurrencies.
In Gallagher's case, Harley's girlfriend instructed him to buy at least $2,000 worth of cryptocurrencies with a specific crypto wallet, and even sent him a link leading to a fake crypto platform. Later, Sophos specialists discovered other similar applications in the public domain, all of which were created by Chinese-speaking programmers.
Gallagher believes that scammers have every chance of “catching in their trap” much more victims if they work out their scheme even more and make it more convincing than it is now. He also added that education about the extent of these fraudulent tactics remains the best defense against them.