Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Bitdefender Antivirus Internet Security

Digital currencies are galvanizing social engineering scams and hacks across the online world. Bitdefender’s latest analysis of crypto-based spam once again reveals the creative side of digital pick pockets as they try to trick internet users.

Scam emails announcing you’ve been transferred a hefty sum in bitcoin on a shady crypto investment platform have been popping up in users’ inboxes across the globe. The email subject and body are poorly redacted but pique the readers’ interest by mentioning a large crypto deposit ranging from 19 to 35 bitcoin that can be accessed via a sketchy domain [coinment.net] registered on May 5.

Distribution-wise, the scam emails have reached users in the US, Canada, UK, South Africa and Australia.

Subject lines include:

  • Payment Done
  • Coinment Investent
  • details please
  • Your BTC Has Been Transfare ($ 19.4 BTC)

The body of the scam emails contain a numerical ID and password recipients need to use to log in to the so-called crypto investment platform.

As mentioned, the domain name is very recent, and despite the detection of HTTPS protocol, the webpage delivery is at best superficial.

Now, let’s take a closer look at this fake website. As you can see in the screenshots below, the sketchy façade of the website is apparently linked to the blockchain industry. It’s poorly designed and requires various user interactions to get into the sign-in menu.

Once users reach the Sign-in page, they are prompted to fill in the ID and password from the initial email. And here’s where it gets a bit more interesting, with a popup message appearing on the screen citing a Critical Update:

“Your account balance is currently 802.7 BTC (€22,889,448.04). For your security, you are now required to protect your account by choosing a more secure password and enabling OTP.

You can no longer skip this requirement as the maximum number of skips has been reached.”

Sound too good to be true? That’s because it is. Although the apparent concern for account security may provide peace of mind to users, don’t be fooled. After changing the password to their multi-million dollar crypto account, users need to fill in their phone number to receive a secure PIN code to access the account.

We weren’t lucky enough to get our hands on 22 million in euros – since no OTP was received – and we don’t recommend you try either.

The promise of free money is compelling. However, free cash or cryptocurrency always comes with a price including your privacy, data and money. Offers such as this are always fake, and users risk losing much more than they bargained for.

This type of swindle closely resembles an advance-fee scam, which usually requires users to provide financial data or pay large sums to receive the ‘prize’.

Are you stuck in a digital limbo not knowing what platforms to trust. Particularly interested in securing your identity from digital thieves? Look at our Ultimate Security pack to benefit from advance malware protection, anti-phishing, and anti-fraud filters, ongoing identity monitoring, a fast VPN, and a cross-platform Password Manager for the most comprehensive security and privacy pack to guard your data and ensure your financial wellbeing.

Find out more here