- Samsung Galaxy S25 Ultra hands-on: 3 reasons I recommend the flagship phone (and 1 reason to skip)
- I went hands-on with Samsung's standard Galaxy S25 and didn't envy the Ultra model at all
- Best Samsung Galaxy S25 deals: $200 gift cards and free offers at T-Mobile and Verizon
- Best One UI 7 features coming to Samsung Galaxy S25 (and older models, too)
- 4 useful Samsung Galaxy S25 Ultra features that power users will drool over
Email Fraud Scheme Sends Victims to Fake Cryptocurrency Platforms
Criminals are using phishing and advanced social engineering tactics to swindle unsuspecting victims out of Bitcoin by routing them to fake cryptocurrency websites, Proofpoint researchers report. The operation sends functioning sets of login credentials to fake cryptocurrency exchange platforms.
“This scheme spreads credentials to alleged private Bitcoin investment platforms and lures victims with the promise of withdrawing hundreds of thousands of dollars worth of cryptocurrency from an already established account on the platform(s),” researchers write in a blog post on their findings.
Cashing out the full balance of the account requires the victim to first deposit some Bitcoin to the platform, which is the point of the scheme, according to Proofpoint.
Researchers say while the con is similar to traditional “advance fee fraud” schemes, it is more sophisticated from a technical standpoint, fully automated, and requires substantial victim interaction. They note the use of cryptocurrency indicates the threat actor is targeting individuals that are somewhat technically savvy as they will need to be comfortable handling Bitcoin and a digital wallet.
Each of the email campaigns has been sent to anywhere from tens to hundreds of recipients around the globe, researchers report. Emails from the same campaign contain the same credential pairs (user id and password) for all recipients.
“It appears that multiple people can log in with the same user id and password if they log in from a different IP address and browser. However, once they change the password, as detailed in the next section, and add in a phone number, the account becomes unique, and victims will not see any trace of other victims’ activities,” researchers note.
The campaigns do not target a specific vertical or geography; emails are sent to targets worldwide.
More details on how the campaign works can be found here.