Crypto scammers are employing fake Zoom links to trick NFT holders and steal their assets. This article explores the tactics used in this sophisticated scheme and provides insights into the growing trend of AI-assisted cybercrimes.
Points
- New Scam Tactic: Fake Zoom links targeting NFT holders.
- Social Engineering: Scammers use social engineering to lure victims.
- Malware Installation: Fake Zoom installers used to deploy malware.
- AI-Assisted Cybercrimes: Europol warns of rising AI-driven cyber threats.
- Impact on Crypto Community: Increased need for vigilance and robust security measures.
Crypto scammers are once again exploiting unsuspecting victims with a sophisticated scheme involving fake Zoom links. On July 22, non-fungible token (NFT) collector and cybersecurity engineer “NFT_Dreww” warned X users about this scam, which has already resulted in $300,000 worth of stolen cryptocurrency.
Crypto Thieves Use Fake Zoom Links
The scam targets NFT holders and crypto whales through social engineering tactics. Scammers pose as individuals interested in licensing intellectual property, invite targets to Twitter Spaces, or offer collaboration opportunities for new projects. They insist on using Zoom for meetings and send malicious links disguised as legitimate Zoom invitations.
After clicking the link, users encounter a “stuck” page with an infinite loading screen, prompting them to download and install ZoomInstallerFull.exe, which is actually malware. This redirects the user back to the real Zoom platform, creating the illusion that the installation was legitimate. By this time, the malware has already infiltrated the user’s computer, extracting data and cryptocurrency.
The malware is designed to evade detection by adding itself to the Windows Defender exclusion list, preventing antivirus systems from blocking it. During this time, the user is distracted by the loading page and the process of accepting terms and conditions.
The scammers also continuously change domain names to avoid being flagged. In fact, they are already using their fifth domain for the scam.
Europol Warns of AI-Driven Cybercrime Surge
The agency stated that AI tools make it possible for non-technical people to execute very sophisticated online crimes, lowering the entry barrier for bad actors. AI-generated deep fakes and false advertisements are increasingly used to target victims globally. Even more concerning, future developments in deepfake technology could lead to severe crimes like sexual extortion.
Catherine De Bolle, Europol’s executive director, placed some emphasis on the need for law enforcement to develop robust capabilities to fight back these threats, including improving human resources and technical skills.
The IOCTA report also raised concerns about certain aspects of the crypto ecosystem, particularly NFTs and Bitcoin exchange-traded funds (ETFs). While large-scale fraud involving NFTs has not yet been seen or identified, the adoption of Bitcoin ETFs could expose inexperienced people to scams. Companies issuing crypto ETFs will need to hold large reserves, making them very attractive targets for fraudsters.
ChatGPT Mimics Biden Post
https://x.com/ChatGPTapp/status/1814445716540141731
https://x.com/POTUS/status/1813715823053193685
Fractal ID Shares Postmortem
The breached account belonged to an operator with admin rights, which allowed the attacker to bypass internal data privacy systems. System monitoring did end up locking out the attacker within 29 minutes. The root cause of the breach was the operator’s failure to follow operational security policies and the reuse of credentials from past hacks.
On July 14, 2024, Fractal ID detected unusual activity in its back offices, which was identified as a malicious attack leading to data exfiltration for approximately 0.5% of its user base. In response to this, Fractal ID disabled all accounts in the compromised system and limited access to senior employees only.
The company prioritized improving security measures, including implementing request throttling, finer-grained authorization, tighter monitoring of failed authentication attempts, and stricter IP control. Fractal ID also contacted data protection authorities and the cybercrime police division in Berlin. They engaged with cybersecurity services to monitor for the potential distribution of stolen data.
The breach affected around 6,300 users, with data ranging from proof-of-personhood checks to complete KYC checks, including names, email addresses, phone numbers, wallet addresses, physical addresses, and images of uploaded documents. Fractal ID informed the affected users directly.
Two Involved in Forcount Ponzi Scheme Plead Guilty
https://x.com/SDNYnews/status/1815492912278356448
Judge Analisa Torres is expected to sentence Tacuri on Sept. 24. So far, no sentencing hearing is scheduled for Nunez or Hernandez. The remaining defendants, Francisley Da Silva and Ramon Perez, have not entered guilty pleas and are awaiting trial.
The Forcount guilty pleas are part of a series of criminal cases brought by US authorities against people involved with crypto firms. Former FTX CEO Sam Bankman-Fried is serving 25 years in prison after a 2023 conviction for fraud related to the misuse of customer funds at the crypto exchange. Former Binance CEO Changpeng Zhao will likely be in prison until October after a guilty plea and a four-month sentence for violating US money laundering laws.
解説
- Scammers are increasingly using sophisticated methods like fake Zoom links to target NFT and crypto holders.
- AI-driven cybercrimes are on the rise, making it easier for non-technical individuals to commit sophisticated crimes.
- Law enforcement needs to develop advanced capabilities to counter these threats.
- Users should be vigilant and adopt robust security measures to protect their digital assets.