Free Bitcoins? Why not?

Published: 2017-08-24
Last Updated: 2017-08-24 17:11:57 UTC
by Bojan Zdrnja (Version: 1)
0 comment(s)

Since the invention of the Internet (or e-mail) we have been seeing various scams that try to entice the user to transfer his hard-earned money to a scammer’s account.

There are many, many forms of the old fashioned advance-fee (419) scam where the victim is usually asked to transfer money to attacker’s account for whatever purpose we can think of: it can be a dead Prince’s legacy or money that a stranger in distress needs. 

Of course, with all crypto currencies flying around, the bad guys saw an opportunity as well, with the major advantage being difficult traceability of crypto currency transactions.

Couple of days ago, one of our readers, Jason Killam sent in an example of a scam (although, a bit poorly written) but where the attacker was asking for few USD in Bitcoins – the e-mail is shown below:

Hello, my name is Arseny Golorich, I live in the country Belarus, Minsk, we are a rather poor country. On July 26, the BTC-E Crypto-Currency Exchange closed, and I can not get my money back. It was closed by the FBI and illegally appropriated all of our funds. There were my last 2 Bitcoins on which I earned and traded on the stock exchange. Now I am without means for existence, I am starving, I ask to help, who can. On the Internet, I found the emails of the wealthy people of America and decided to write to you, for you a few $ are worthless, but they will help me a lot to start earning again on the exchange. Thank you so much for reading!

My Bitcoin Wallet - 1MY1Fso8SW9XTPCca7oLEBUWFJRZWNK9Qs

For the help you can use absolutely safe resources:
https://localbitcoins.com/
https://www.coinbase.com/

As we can see, this is just a poor attempt where the attacker is practically begging for Bitcoins. He was, though, nice enough to provide the victim with links on purchasing Bitcoins.

We can search for his wallet at https://blockchain.info/address/1MY1Fso8SW9XTPCca7oLEBUWFJRZWNK9Qs and it appears that at least this attempt was completely unsuccessful as there were no transaction of any Bitcoins to this account.

However, who knows how successful (or not), this particular attacker is – for him, the nice thing about Bitcoins is that he can create a new wallet for every victim, so it becomes much more difficult not only to trace the transactions but also to see what his total gain is, especially if he decides further down the line to use notorious mixing services.

Bitcoin mixing services are anonymous services that allow anyone to send Bitcoins to them. For a small fee, such services collect multiple transactions and then mix them and divide into smaller/different outgoing transactions to new wallets. This makes tracing very difficult (and, depending on the mixing service maybe impossible) and as such is the perfect way of laundering Bitcoins.

A chicken and egg problem is, though, that the attacker must really trust the mixing service that it will do what it claims to be doing – because once the Bitcoins have been sent, the attacker could also be a victim of the mixing service operator, in case he/she decides to simply keep Bitcoins.

In any case, one thing I am sure is that various scammers will happily embrace crypto currencies, in case they have not done so already.

Have you experienced similar scams or attacks that were new or you found them interesting? Let us know!

--
Bojan
@bojanz
INFIGO IS

Keywords: 419 scam bitcoin
0 comment(s)
ISC Stormcast For Thursday, August 24th 2017 https://isc.sans.edu/podcastdetail.html?id=5640

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives