Cryptocurrency Phishing Scams Bring Businesses Unexpected Danger

February 10, 2022

The world is talking about all things crypto. The transaction, generation, storage and safety of cryptocurrency has consumed tech and finance headlines. As of January 2022, the total global market capitalization of all cryptocurrencies totals $2.05 trillion, making it the world’s 8th largest economy by gross domestic product. If you wanted to buy every Bitcoin in existence today, you’d need to splash out an estimated $815 billion to purchase them all –and that’s just one flavor of cryptocurrency. So of course, cybercriminals are hungry for part of that pie, and one way they’re are capitalizing on all of that excitement by launching phishing scams that lure crypto fans into hot water.  

Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>

Why Should Businesses Be Concerned About Risk Generated by Cryptocurrency? 

Cryptocurrency brings some scary risks to the table for users because as a form of shadow currency it’s less regulated and more easily hidden or laundered than other types of money, making it the favored currency of cybercrime. While there are reputable companies, investors and exchanges trafficking in cryptocurrency, there are also a large number of shady characters involved in the space. That creates risk, and If employees are transacting cryptocurrency on company networks or devices, they’re bringing that risk to their employer’s door.  

Cryptomining is a Gateway Drug 

One major security risk that companies should be concerned about is cryptomining. The presence of cryptominers in a company’s network is a serious indicator of compromise. Cryptomining often serves as a gateway for cybercriminals to perpetrate more serious forms of cybercrime. If cybercriminals successfully deploy cryptominers in a network, they’ve essentially opened themselves a backdoor into a company’s environment that they can use at any time to cause trouble like stealing data or deploying ransomware. Even if it doesn’t lead to further cyberattacks, cryptomining consumes a great deal of energy and computing power, slowing down networks and driving up bills, costing companies money while making passive income for the bad guys. 

AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>

Phishing is How it Starts 

How do those cryptominers get into your environment? Through cryptojacking facilitated by that favorite tool of cybercriminals, phishing. Bad actors typically choose one of two phishing methods to exploit their victim’s network. They can enticethe victim to click on a malicious link in an email that results in infecting the computer with cryptomining software. Or they’ll infect a website or online ad with malicious code that auto-executes once loaded in the victim’s browser. Of course, there are many variations on these themes. Cybercriminals want their victims to fall for their traps and they’re not very picky about how they do it. 

In a scam going around right now, cybercriminals are dropping malicious messages that use brand impersonation to fool victims into thinking they’re from a prominent crypto investor. The bogus message may contain a PDF file that is presented as an investment deck. But that PDF actually contains malware. A variety of malware associated with this scam attempts to access the victim’s crypto wallets and gain control of the funds inside before sending them to another address. It recently resulted in a loss of $60 million in Ethereum from victims. It’s possible that other types of malware could be spread this way including ransomware – and if an employee is using their work laptop to handle email like this, that malware could become their employer’s problem too.  

In another cryptocurrency-related phishing scheme, cybercriminals used malicious emails to pass themselves off as customer service or security representatives of a major cryptocurrency exchange. Some of their brand impersonation phishing messages claimed that the user’s account had been locked. Another version pointed users to a malicious URL that captured user login information when clicked. Yet another variation contained an app that enabled bad actors to take control of the victim’s email accounts. Over 6,000 customers of the popular cryptocurrency exchange Coinbase fell for the trap, losing money to the scammers and giving away their credentials or personal data.   

Learn how incident response planning boosts cyber resilience & security. GET THE EBOOK>>

Cryptojacking is the Future of Cybercrime 

Cybercriminals are drawn to cryptomining because it’s a fairly low-risk cybercrime operation that requires little technical skill yet it can still be very profitable. Phishing is a low barrier to entry cybercrime in and of itself and phishing-as-a-service offers, premade phishing campaign kits and other tools that simplify the process are abundant on the dark web. Cryptomining is a less dangerous proposition for the bad guys too. Unlike ransomware, the nature of cryptomining makes cryptominers hard to detect and also makes it hard to trace the origin point back to the bad guys, making them less likely to get caught. That’s very bad news for businesses. In the 2021 Cyber security threat tends report, Cisco’s analysts disclosed that almost 70% of organizations experienced some kind of cryptomining threat in 2021.  

Cryptojacking has been a major growth area in cybercrime and that’s definitely going to be something that IT professionals will have to face. Experts point to a 300% increase in cryptomining malware in 2021 as a signal that this is a problem that businesses will be dealing with for some time. At the same time, employees are increasingly more likely to be involved in the cryptocurrency economy as it increases in popularity. As of January 2022, the 24-hour average trading volume of all cryptocurrencies globally came to $91.5 billion.  

These days, the line between work and personal use devices is very blurry, so it’s just about a sure thing that some of that cryptocurrency-related activity will be taking place on (and bringing phishing risk to) company networks and devices. That’s not particularly good news in an era of burgeoning danger and shrinking budgets. But protection from sophisticated phishing threats like this is both available and affordable with Graphus.  

See 10 reasons why Graphus is better than other email security solutions. SEE THE LIST>>

Cryptocurrency Phishing Doesn’t Stand a Chance Against Graphus

By making sure that employees never have the chance to make that fatal click on a phishing message, businesses reduce their exposure to cryptocurrency-related threats. Stop phishing immediately with Graphus – the most simple, automated and affordable phishing defense available today. When you choose AI-powered, automated email security, your business gains an array of strong defenses against phishing that stop today’s nastiest phishing threats cold. Graphus’ AI technology refines your protection daily to ensure that your business is protected against tomorrow’s phishing threats too.  

  • You’ll gain a powerful guardian that protects your business from some of today’s nastiest threats like spear-phishing, business email compromise, ransomware and other horrors that will fit perfectly into your IT budget.  
  • Plus, automated security is up to 40% more effective at spotting and stopping malicious messages like phishing emails than a SEG or conventional security.   
  • Get detailed, actionable threat intelligence with the Graphus Threat Intelligence add-on, featuring detailed reports on the malicious or compromised IP and email addresses, URLs, and attachment hashes used in cyberattacks that target your users.  
  • Click here to watch a video demo of Graphus now. 

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus