A new report claims that Indian investors in cryptocurrency lost nearly Rs 1,000 crore (over $128 million after falling victim to fake exchanges amid the global digital currency market crash. There has been an ongoing operation involving several phishing domains and Android-based fake crypto applications, said cybersecurity company CloudSEK.
The cybersecurity company was approached by a victim who claimed to have been defrauded of Rs 50 lakh or around $64,000 by such a scam, apart from other costs like deposit amount and tax.
"We estimate that threat actors have defrauded victims of up to $128 million (about Rs 1,000 crore) via such crypto scams," stated Rahul Sasi, Founder and CEO of CloudSEK. He added that scammers have turned attention to cryptocurrency markets as they attract more investors.
How the scam takes place?
Fake domains are created by threat actors impersonating legitimate cryptocurrency trading platforms, replicating the design of the dashboard and user experience of the legitimate website.
Potential victims are approached via a fake female profile and befriended by attackers. They are influenced and persuaded to invest in cryptocurrencies. To lure, the profile “shares $100-dollar credit, as a gift to a particular crypto exchange, which in this case is a duplicate of a legitimate crypto exchange," the CloudSEK report said.
The victim’s confidence is gained by initially giving them significant profit on investment, after which they are convinced to invest their own money to get more returns. Once they do, their account is frozen. While the victim is unable to withdraw their money, the attacker vanishes.
The report also says that the attackers return to further dupe victims when they call to the platforms to report cases of being unable to access their money. The attackers reach out to the victims pretending to be investigators.
When victims take to various platforms to complain about losing access to their accounts, the same, or new, threat actors reach out to them in the guise of investigators.
"To retrieve the frozen assets, they request victims to provide confidential information such as ID cards and bank details, via email. These details are then used to perpetrate other nefarious activities," the report further warns.
.
READ | 7th Pay Commission: Major hike in basic salary of government employees likely, details here
(With inputs from IANS)
