Fraudsters Target Discord Users in Cryptocurrency ScamKaspersky: Victims Receive Unsolicited Messages Promising a Monetary Gift
Kaspersky researchers are warning that fraudsters are targeting Discord users with a scam centered on a fake cryptocurrency exchange and using the lure of free bitcoin or ethereum cryptocurrency to steal money and personal data.
The scam lures victims on Discord's cryptocurrency servers by sending a private message that looks like an ad for a genuine up-and-coming trading platform giving away cryptocurrency, and it deploys social engineering tactics to drive sign-ups, according to the Kaspersky report.
"The reasons for such alleged generosity vary from message to message, but whether the exchange is supporting traders in difficult times or trying to attract new users, the thrust is always the same: The lucky addressee has been randomly chosen to receive an impressive payout in bitcoin or ethereum," Kaspersky notes.
Discord was created for gamers, but its handy system of servers, channels and private messages is used by a wide cross-section of people, ranging from study groups to fans of cryptocurrency, Kaspersky says, making the users a perfect target for scammers.
James McQuiggan, security awareness advocate at security firm KnowBe4, says these attacks are similar to what happened last summer with Twitter, when hackers use social engineering to conduct a scam by creating a false sense of urgency and the promise of a payout (see: 'Crypto' Scammers Weren't the First to Crack Twitter).
"This scam is a typical ploy preying on people with several emotions, like greed, curiosity and urgency. Victims are enticed with the opportunity to win money if they sign up for an account and add some money to it," McQuiggan notes.
In the Discord scam, the fraudsters attempt to first placate the victim by filling the unsolicited message with fun emojis and adding in detailed instructions - and a code - for accepting a digital currency gift. The message provides a link for registering on the purported digital currency trader's cryptocurrency exchange, according to Kaspersky.
Upon clicking the link, victims are redirected to a well-designed site that looks like a cryptocurrency exchange, including details such as exchange-rate information, charts, order books and trading history, the report notes.
"Visitors will also find technical support and several language options. Someone clearly went to a lot of trouble to make the site look legit," the researchers note.
Kaspersky notes that the attention to detail extended to offering victims two-factor authentication to secure their accounts, plus anti-phishing protection.
To finish the registration, the victim is supposed to make a small cryptocurrency deposit - now or later - or go through a "know your customer" identity check that adds another layer of legitimacy, the report says.
"The procedure is just like one you might find on a legitimate exchange, requiring contact details, a photo of an identity document and a selfie taken with both a piece of ID and a sheet of paper with the address of the exchange, registration date and signature," researchers say.
The scammers apparently are attempting to create a database to sell on the darknet, researchers say. To collect financial details, the scammers start by confirming users' identities, they say. "Also supporting our conjecture is the scammers' insistence that photo IDs must not be marked in any way."
After finishing the "registration" process, the victim is told to activate the supplied prize key from the message in Discord and receive a payout. "The system accepts the code, and the promised bitcoin or Ethereum coins appear in their account. When the victim tries to move the coins from the exchange to their own wallet, however, they find only roadblocks," the researchers note.
Then the scammers demand 0.02 in bitcoin or an equivalent amount in ethereum or U.S. currency to provide access to the coins. "Any money sent to the scammers is gone for good, of course, and the prize was never real," the researchers state.
"While Discord hosts the opportunity for social events, like gaming, or even infosec conferences, cybercriminals are leveraging the lack of awareness for these environments and socially engineering the attendees into turning over a small amount of money to hopefully collect a more considerable windfall," McQuiggan says.