Fraudsters are becoming sophisticated by the day, with their latest tool being one-time password (OTP) bots used to wipe out cryptocurrency accounts, as reported by CNBC.
The bots are being sold on Telegram, and they are designed in such a way that investors are tricked into disclosing their two-factor authentication, prompting the loss of funds from crypto accounts.
Anders Apgar, an American Coinbase customer, fell victim to these bots last month, and his account with $106,000 mainly in Bitcoin was drained.
As Apgar was out for dinner with his family, a nagging robocall became hard to ignore after his wife’s phone also started ringing. A notification that stated “Your account’s in jeopardy” emerged upon picking it up.
This prompted Apgar to pick up his phone, and that’s when all hell broke loose. A female voice stated:
“Hello, welcome to Coinbase security prevention line. We have detected unauthorized activity due to a failed log-in attempt on your account. If this (is) not you, please press 1, to complete precautions for recovering your account.”
Alarmed about what had transpired, Apgar pressed one, and his account had been locked in less than two minutes. However, he couldn’t recall whether he entered the two-factor authentication code manually or it popped out automatically.
Feeling devastated about the 19-seconds call that led to his crypto loss, Apgar said:
“It was just dread and an emptiness of just, ‘Oh my gosh, I can’t get this back.’”
Fraudsters exploit the 2FA code
This type of fraud takes advantage of the two-factor authentication (2FA) code by inflicting fear that people’s accounts are under attack. Once the suggested action is taken, investors expose themselves to fraudsters.
The report stated:
“The bot calls are crafted in a very skillful manner, creating a sense of urgency and trust over the phone. The calls rely on fear, convincing the victims to act to ‘avoid’ fraud in their account.”
Jessica Kelley, a Q6 cyber analyst, delved deeper into the issue and noted that she had identified more than six Telegram channels with at least 10,000 subscribers selling the bots.
She added:
“Before these OTP bots, a cybercriminal would have to make that call himself. And now, with these bots, that whole system is just automated and the scalability is that much larger.”
Previously, the US Department of Justice recently announced that it had recovered 90,000 Bitcoins worth $3.6 billion at the time of seizure from a Manhattan-based couple suspected to be part of the masterminds behind the 2016 Bitfinex exchange hack, which saw 119,754 BTC swindled.
Image source: Shutterstock