Cyber criminals are looking for ways to capitalise the popularity of the blockchain, while cryptocurrency holders search for new investment opportunities and ways to increase their savings, according to Kaspersky Lab’s Spam and phishing in Q3 2017 report.

For several months, spammers have been showing increased ingenuity, with their activities proving that they are monitoring the latest trends and global developments in cryptocurrencies.

Based on blockchain technology, cryptocurrencies have become an attractive target for cybercriminals, who have been successfully and inoffensively targeting their victims through web mining.

Kaspersky Lab researchers detected an increase in spam activities related to cryptocurrency in the past three months. According to the report, criminals have been using several successful tricks to fool users and steal their money.

Casino set-up schemes

The report found fraud schemes, based on cryptocurrency trading, have been prevalent over the last quarter. In one such scenario users receive an email invitation to install special software for trading in the cryptocurrency market, but when they click on the link, they are redirected to different websites promoting investments options, including binary options trading.

By doing this, cyber criminals hope that users will be enticed to invest more and more money, and transfer currency to a trading account which they own. However, for the victim, there is no guarantee that it will lead to something, or they will get their money back. This type of fraud scheme is similar to a casino set-up and aims to provoke users to bid until they have nothing left, leaving the cybercriminal with everything.

More primitive tactics used to exploit victims include the distribution of emails offering to transfer money to a specific crypto wallet, where the user receives their money back with interest. But of course, that never happens. Users initially transfer money to an unknown wallet and the cybercriminal cashes in.

Exploiting a lack of understanding

The report also found another fraud scheme was in the form of offering to help users learn more about cryptocurrencies and how they could benefit from them. This underhand tactic aimed to exploit a lack of understanding about blockchain technology and how cryptocurrencies work.

The average amount of spam has increased to 58.02%, which is 1.05% points higher than Q2, along with the growth of blockchain scams.

Peak spam activity was in September, at 59.56%. In addition, during the third quarter of the year researchers detected an increase in phishing attacks by 13 million – the Kaspersky Lab Anti-Phishing system was triggered 59,569,508 times on the computers of Kaspersky Lab users. At the same time, criminals have been focusing more on using messenger applications on mobile devices to carry out popular, online scams, according to Kaspersky.

The proportion of spam in email traffic, Q2 2017 vs Q3 2017

Other important trends and statistics in Q3, highlighted by Kaspersky Lab researchers, include the following:

• China became the most popular source of spam, overtaking the Vietnam and U.S. Others in the top 10 include India, Germany, Brazil, France, Poland, Islamic Republic of Iran.
• The country most targeted by malicious mailshots was Germany. The top target of the previous period, China, came second, followed by Russia, Japan and Italy.
• The largest percentage of users affected by phishing was in Brazil (19.95%), the same as the previous quarter. Overall, 9.49% unique users of Kaspersky Lab products worldwide were attacked by phishing.
• The main targets of phishing attacks remained the same since the beginning of the year. They are primarily in the financial sector and include banks, payments services and online stores.

Observing WannaCry spam

Darya Gudkova, Spam Analyst Expert at Kaspersky Lab, said: “While in the second quarter of the year we observed the WannaCry spam and phishing attacks, in the past three months we have witnessed criminals actively exploiting the popularity and interest around cryptocurrency.

“This once again shows that the most reliable way to target victims is by utilising current trends and cashing in on an emerging market which users are still getting to grips with and keen to explore.

“There is no doubt that attacks in this form will continue, so it is extremely important for users to pay careful attention, be vigilant and keep up to date when it comes to global phenomenon.”