A researcher explores a cryptocurrency scam disguised as a remote job opportunity, interacting with scammers and documenting the process. This provides insights into the methods employed by scammers to exploit victims in the digital realm. (Affected: cryptocurrency industry, online job seekers)
Keypoints :
- A researcher was approached on Telegram with a job offer paying 0-0 per day.
- The scam involved multiple fake accounts, including “Arabella” and “Maria,” to entice the victim.
- Task completion included mindless clicking for profitability, leading to red flags about the legitimacy.
- Victims were required to deposit cryptocurrency to continue working, indicating a money scam.
- Scammers utilized varying levels of AI for communication, blending automated and human interactions.
- The job description included a seemingly real but fraudulent company offering app submission tasks.
- Indicators of the scam included a negative account balance and the need to deposit Bitcoin to reset tasks.
- Scammers had lookalike domains and manipulated conversations, diverting attention from monetary loss.
- Throughout the interaction, the researcher attempted to scam the scammer without success.
- The blog is part of ongoing research into crypto scams, revealing the extensive losses in 2024.
MITRE Techniques :
- Persistence (T1078) – The scammers maintain presence through multiple accounts on Telegram for ongoing communication.
- Credential Dumping (T1003) – The victim was trained to create accounts using provided credentials and sensitive information.
- Exploitation of Remote Services (T1210) – Scammers used remote work models exploiting users to perform tasks under fraudulent employment.
Indicator of Compromise :
- The article discusses the presence of fraudulent domains used in the scam, such as marblemediaseo[.]cc.
- Identified cryptocurrency wallet addresses that scammers provided for deposits as potential IOCs.
- Fake profiles on Telegram utilizing stock images were flagged as suspicious IOCs.
- Evidence of communication logs and patterns that reveal the operational methods employed by the scammers.
- The presence of negative account balances as indicative of the scam’s manipulation strategy.
Full Story: https://blogs.infoblox.com/threat-intelligence/telegram-tango-dancing-with-a-scammer/