Cybercriminals are taking advantage of the rising price and popularity of Bitcoin to try to steal the currency and distribute malware.
This month social media Bitcoin scams have reached a new high, with over 125 million malicious links across Twitter, Facebook, and Instagram designed to attack victims and extort Bitcoin.
These Bitcoin scams target social media because it’s full of people who might be interested in buying and selling Bitcoin, but don’t know much about it — making them prime targets to be taken advantage of by scammers.
In a report detailing the spike in this cybercriminal activity, researchers at ZeroFOX have identified four main categories for these scams, each using different methods to steal Bitcoin and carry out other cyber crimes.
1. Malware is hidden in fake Bitcoin wallets
The nature of social media means that users click on what they perceive to be interesting links — and the chance of an easy way of getting Bitcoin might be enough to catch some users. Cyber criminals know this and are luring Twitter users into following links which distribute malware.
Not only could users find that their details are potentially compromised by cyber thieves, or their device roped into botnet, but also the cyber criminals will generate revenue from successfully luring victims into clicking these links.
The lesson here is that if an offer on social media sounds too good to be true, it usually is — especially if it’s coming from an anonymous or default account.
2. Bitcoin phishing
Cyber criminals are posing as legitimate Bitcoin services, impersonating brands in order to gain trust from victims. Behind these veneers of credibility are phishing websites which entice users to enter their Bitcoin keys. But once the key is entered, the hacker is able to freely spend from the victim’s wallet.
3. Bitcoin ‘flipping’
Many people buy Bitcoin in the hope that it’ll go up in value and they can make a profit by selling it at a later date. Impatient investors often turn to Bitcoin flipping schemes in attempt to make a quicker profit.
Typically, these schemes offer to rapidly increase a user’s investment — for a fee. Cybercriminals are taking advantage of this by distributing links on social media, which claim they’ll flip Bitcoins, but the real intention is stealing from those naive enough to make payments via links they’ve found on social media.
4. Pyramid schemes
The final Bitcoin scam experiencing a spike in popularity is the classic pyramid scheme.
Cybercriminals encourage people to sign up to a scheme with a low initial investment — then reap rewards when they sign up new members to the scheme. It doesn’t take long for hundreds of people to have handed over a payment, at which point the original scammer walks away — taking a wedge of ill-gotten Bitcoin gains with them and leaving victims out of pocket.
The total number of social media URLs sharing links to these four types of scams came to 126,276,549, say cybersecurity researchers at ZeroFOX, with 3,618 unique scams identified. The high number of scams suggests that botnets are being deployed in order to spread links.
Scammers, be they peddling Bitcoin or otherwise, love social media for all the same reasons modern brand marketers do. They can reach any target demographic across the globe by choosing the right hashtag, said Phil Tully, senior data scientist at ZeroFOX.
“The ease of use has never been simpler, the cost has never been lower, and the power and scale have never been greater. For a cyber criminal, it’s the new superhighway for illicit activity; billions of victims, lacking security controls and uninhibited access,” he added.