🚨New scam to steal cryptocurrency wallets, WhatsApp and SMS are the preferred means🚨

Messages arrive with username and password to enter a supposed exchange and receive a significant amount of money, but it is all a scam.

Several users began to share via Twitter a screenshot of a message they received by SMS, direct messages from various apps or WhatsApp in which they are given the username and password of a supposed exchange site where it states that there is a significant amount of USDT or Tether, a stable coin launched in 2014.

The message is shared along with text asking the user to “not share with anyone” that information. This is intended to have the person enter the site in question with the provided data. By doing so, they enter a page that shows a balance with a significant amount of USD 754,517. This way they seek to catch the person's attention.

Messages arrive in which the user is invited to enter a supposed exchange to obtain funds in cryptocurrencies.

Now, if the victim wants to transfer that balance to their cryptocurrency wallet, they will have to enter their access credentials, and that is where the cyber attackers will obtain that confidential information that will allow them to take their funds.

As seen, this is another case of social engineering or phishing where, through a page posing as a supposed exchange, they seek to obtain data, in this case, from digital wallets to carry out a fund theft.

This scam has been circulating with different names of exchanges. In one of the sites analyzed by the cybersecurity company Eset, it is seen that the page was created just a week ago. This is an indication that already serves as a warning.

The company indicates that this site seeks to obtain information from cryptocurrency wallets, just like in other identified cases.

Upon analyzing one of the sites posing as an exchange, it is seen that it was created just a week ago.

One point to keep in mind is that in all cases, it is seen that next to the URL is the lock indicating that the URL has a security protocol, but that does not imply that the page is reliable. It is important to clarify this because many times users feel confident when they see the lock, but this only means that communication between point A and B is encrypted.

The messages include access credentials to enter a supposed exchange site.

HTTPS is a secure communication protocol but does not imply that the page is trustworthy or real. So, if there are cyber attackers behind that site, then, no matter how many locks there are, they will obtain the user's access credentials because the page is not real.

What to do when you suspect that some content may be false, spam, or an attempt to deceive. If the information arrives via Twitter, you can report the content and request its analysis from the application as follows: press the down arrow icon next to the Tweet, select the option indicating it is suspicious or spam, and send the report for the system to verify.

In the event that you have already been a victim of theft or scam, then you must file a complaint with the prosecutor's office or the corresponding authority in each country so that the responsible party can be found and to prevent them from continuing to commit such deceptions.

Precautionary measures to avoid falling for scams and other forms of attack, as recommended by Luis Corrons, security specialist at Avast:

1. Educate yourself: it is important to stay one step ahead of scammers by deepening knowledge of the most recent scams.

2. Be skeptical: before clicking on any link or downloading any attachment, check for phishing warning signs. If something suspicious is identified, report it.

3. Confirm before acting: authentic companies will never contact you by email, message, or phone to request personal data.

“If it happens, call the company yourself using the contact information that appears on their legitimate website to confirm anything that has been said to you in the email or call. Do not respond directly to suspicious emails. Always start a new communication through the official customer service channels of the company,” highlights the expert.

4. Change passwords regularly and enable two-factor authentication.

5. Review accounts: check all account summaries to see if there are any charges that do not correspond.

6. Read emails as plain text: “this is a good trick that helps detect email phishing scams. Convert a message to plain text and you will be able to detect hidden image URLs that would not be visible in HTML mode,” he concludes.