Crypto Fraud Bots
Fraudsters are selling bots on Telegram that are designed to trick investors into divulging their two-factor authentication, leading to accounts being wiped out.
This new type of fraud goes right at that 2FA code, and it uses people’s fear of their accounts being hacked against them. The fraud tool is called a one-time password, or OTP, bot.
The scam works in part because victims are used to providing a code for authentication to verify account information. At first, listen, the robocalls can sound legitimate — especially if the victim is harried or distracted by other things when the call comes in.
“Once the victim inputs that 2FA code or any other information that they requested the victim put in their phone, that information gets sent to the bot,” said Jessica Kelley, a Q6 Cyber analyst. The bot “then automatically sends it to the cybercriminal, who then has access to the victim’s account.”
She said criminals could “potentially steal everything because, with these transactions, they can do them one after the other until the amount is basically drained.”
In a statement to CNBC, a Coinbase spokesperson said, “Coinbase will never make unsolicited calls to its customers, and we encourage everyone to be cautious when providing information over the phone. If you receive a call from someone claiming to be from a financial institution (whether Coinbase or your bank), do not disclose any of your account details or security codes. Instead, hang up and call them back at an official phone number listed on the organization’s website.”
I am not a financial advisor and my comments should never be taken as financial advice. Investments come with risk, so always do your research and analysis beforehand.