Beware the crypto scammers: Fraudsters fleece British couple of £15,000 in NINE minutes through phishing scam
- Couple were duped into handing over their account details by scammers
- Fraudster pretended to be from crypto exchange Coinbase
- Researchers found it had been laundered through a network of wallets
- Crypto investors being warned that phishing scams are targetting them
A British couple lost £15,000 in cryptocurrency savings within minutes after scammers targeted them through a phishing scam – and others with large sums in bitcoin or rival digital currencies are being warned to be on their guard.
Loreta and Mindaugus from Horsham, Sussex, who asked for their surname not to be used, were duped by a fake bonus offer from a scammer pretending to work for Coinbase, shortly before the leading crypto platform went public in New York earlier this year.
The hackers told Mindaugus he was eligible for a £60 bonus if he bought initial Coinbase stock via the site. Within nine minutes of being duped into sharing his account details, the couple had lost £15,000.
A British couple have lost their savings after being duped by sophisticated scammers
Coinbase is the largest cryptocurrency exchange in the world, valued at $46billion with over 56million users worldwide and its direct listing on the US stock market in April drew huge attention.
‘At first, we thought it might be some kind of mistake or a glitch,’ Loreta said. ‘But since their knowledge base had no option that covered any bugs or glitches, we decided to inform Coinbase that my husband’s account has been compromised. But all we got back was a password reset request.’
Following this initial withdrawal, the scammers tried their luck again on the couple by sharing a password reset for the Binance platform, before the scammers called again claiming to be a Coinbase agent.
Crypto trading platform Binance has since been banned from conducting regulated activity in the UK by the Financial Conduct Authority, but before then and now it is still used by many UK investors.
Loreta said: ‘Next thing I hear, he’s telling us to prove our identity either by transferring £5,000 from our Binance account to Coinbase or by giving them our Binance authentication code so that they can transfer the missing £15,000 to my husband’s Binance account.’
The couple soon realised they had been duped and declined the transaction before reporting it to the police.
‘We’re still waiting for an answer. And since ‘only’ £15,000 was stolen, we’re not very hopeful that the police will do anything about it,’ said Loreta.
Since then the case has been closed due to a ‘lack of evidence’. It is understood Coinbase has since responded to the couple.
Crypto scammers go largely undetected
As more and more people get involved in trading stocks and crypto scammers are becoming increasingly complicated.
Researchers at CyberNews found Loreta and Mindaugus’ cryptocurrency had been laundered through an elaborate network of crypto wallets, which makes the funds essentially untraceable.
‘Due to the anonymous nature of the crypto market, very few scams that target ordinary people tend to come to the fore,’ Edvardas Mikalauskas, senior researcher at CyberNews said.
‘Indeed, while phishing attacks become increasingly sophisticated, it’s getting harder to identify fake messages that look like they’ve come from a person or brand you trust.’
This is partly because cryptocurrencies are still relatively new and investors tend to have less knowledge. A recent survey by the FCA revealed that while ownership of digital currencies such as bitcoin has increased, understanding has declined slightly.
Just 71 per cent of those who had heard of crypto correctly defined it from a list of statements
Jake Moore, cyber security specialist at ESIT said: ‘The air of mystery surrounding cryptocurrencies is ever endearing to many potential unbeknown victims and this can often attract a bigger audience in the scams.
‘Although fake crypto phishing scam emails tend to follow the same ingredients as more general phishing emails, cryptocurrencies are still relatively new to many people and there tends to be less information on them or places to verify their authenticity.’
A spokesperson for Coinbase said: ‘Coinbase does not make unsolicited phone calls to its customers, nor will we ever ask a customer for remote access to their computer, password, or two-factor security codes. We urge any consumer who wishes to validate the authenticity of a communication to forward the message to firstname.lastname@example.org immediately.
‘We take issues of account fraud extremely seriously. We invest heavily in providing resources to consumers to help them better identify and avoid potential fraud and frequently publish warnings and educational content on fraud trends. We are aware of the impact that fraud can have and we never want our platform to be a conduit for this.’
How to avoid falling victim to crypto phishing attempts
CyberNews researchers asks customers to follow these precautions:
- Always preview the URLs before clicking on any links or buttons. If you spot anything out of the ordinary, such as a typo or a different domain name, immediately delete the message or mark it as spam.
- Beware of any messages sent to your inbox, even those coming from your contacts. Phishers will usually use a social engineering technique to lure you into clicking malicious links or downloading infected files.
- Embedded links are a major red flag in general. A crypto exchange or a financial institution will never ask you to click an email link to access your account. If you’re not certain, make sure to check by calling the company directly.
- Use multi-factor authentication (MFA) where possible. Most importantly, make sure to never share your MFA authentication code with anyone.
- Use unique and complex passwords for all of your online accounts. Password managers can help you easily generate strong passwords and will notify you if you reuse an old password.