27th December, 2017

Bitcoin scam with love

More the things change, more they rest the same: 2017 presented us an old style scam attack, but this time target to your cryptocurrencies wallet. Let's discover together what could happen.

Before starting this article I would like to specify that I don’t know if the girl in the photo is single or what is her phone number.

In the latest 15 years many of us received by email the classical scam concerning the king of Nigeria, the Ukrainian girl or the fact that we won some of the lottery where we didn’t remember neither that we participated.

We developed a vaccine against these messages, but as technology grows, also scams do.

With the growth of the technology, we feel more secure compared to a couple of years ago, but our assets, especially for those that are moving in the domain of cryptocurrencies, are exposed to high risks.

While the famous king of Nigeria would need to persuade you to access to your online bank account, to enter his bank information, to enter the amount in the form and to validate the transaction, with the “new generation investment”, done with cryptocurrencies, the job of your attacker is much easier.

The transactions in the blockchain, the technology on which Bitcoin and other cryptocurrencies are based, are governed by two different keys, called “private” and “public” key (more information here: https://en.wikipedia.org/wiki/Public-key_cryptography).

While the public key is known by everybody, the private should be known by the legitimate owner of the asset, that in our case will be a cryptocurrency wallet: if an attacker might enter in posses of your private keys, he could empty in a few seconds your wallets.

Let’s arrive to my story: a few weeks ago I organized with Swiss-CyberSecurity.ch, a community that I founded with some colleagues, an event about Bitcoin and cryptocurrencies.

I published this event through my twitter (@maucsec) using the usual #hashtags as #bitcoin #investment #event. All these hashtags grab the attention of some people that are looking for cryptocurrencies investors and between them there were three different girls who contacted me via twitter (one of them was the girl in the photo).

Close to her sexy photos there were several tinylinks that were inviting the person to check them to discover more about her.

As we discussed in other article or during our events, the tinylinks are links done to minimize the length of the URL to something really short, but unreadable: the person see the link but doesn’t know where will be brought until the browser won’t resolve the “hidden destination”.

On the other side of the tinylink you might not find Olga or Galina, but you might find a hacker waiting to access to your computer, take control of your assets and empty your pockets.

Considering that going to cryptocurrency is not an advice given by the doctor, and considering that you are entering into an unregulated market, you might find more than one difficulty to try to get your money back even if you might go to the closer police station saying what happened to you.

This article was written just to remind you that the danger is always waiting for you behind the corner:

  • be careful when accessing unknown links
  • in the case of a tinylink please use some of the online tools to verify the redirection
  • don’t store passwords or secret on your Desktop and/or in a Word or Excel file
  • use Two-Factor Authentication when accessing to online resources
  • store the most valuable keys in offline devices that couldn’t be hacked

For any further information, not concerning the girl from twitter, do not hesitate to contact me.

Leave a comment

Swiss Identity & Access Management experts

Ask for a Demo