Cybercriminals have launched campaigns of “phishing” scams impersonating well-known figures and media outlets by sending emails containing fake cryptocurrency news and obtaining personal information from victims.

This is stated by the Internet User Security Office (OSI) and cybersecurity firm Panda, who registered instances of this “phishing” campaign through spoofs of various online newspapers such as El País, ABC, and El Mundo.

Specifically, scammers send emails in the name of one of these newspapers. This includes false testimonials from celebrities and people with an “online” reputation to inform them about “great investment opportunities in the crypto market.”

Cybercriminals use the fact that many users subscribe to various digital media outlets and read newsletters regularly to facilitate deception. This way it uses emails that look legitimate and are sent from known addresses.

As Panda explained in a statement, scammers are using cryptocurrencies as hooks. This is because more and more people are looking to invest in this digital asset. In this case, the tactic used in the “phishing” attack begins with sending an email containing a link to fake news from a well-known newspaper.

These emails have no subject. This is to hide the content of the news and prevent users from opening the email. As for the mailbox for sending the news, Panda details that it got it from her records of other scam victim users who will be providing the data.

After the email in question is opened, the user clicks on the attached link and is redirected to a questionable news item on a newspaper website. However, news websites that contain fictitious information about investing in digital currencies are false. Additionally, all clickable web elements direct the user to the same URL based on the registration form.

This form requests personal information such as first and last name, email address and phone number. According to Panda, with this information added, the malicious actor has already achieved his 80% of the strategy.

Finally, the final stage of cyber fraud is completed when the user is asked to reset their email password after filling out the form. So the scammers will steal your login credentials, after which the victim’s inbox will receive an email from the same sender of her webpage who entered the form.

In this email, victims are asked to press the “Activate Account” button. This gives cybercriminals access to personal “email” accounts to impersonate victims’ identities and gain complete control over their emails. They can even send fake messages using all sorts of links and deceptive files.

Furthermore, as explained by Hervé Lambert, Global Consumer Operations Manager at Panda Security, the only downside to this scam is that it does not send out emails that spread this false news, but rather “all the data we have saved. access to personal information.” our e-mail”. He warned that this could lead to “another series of derivative crimes such as extortion and cyber intimidation.”

In fact, according to Lambert, no similar scams have been run or related to cybercriminals directly demanding bank keys or cryptocurrency wallets to “steal all the victim’s assets.” The idea cannot be dismissed.

As Panda mentioned, one way to identify this kind of threat is to observe that not all buttons on fake websites work, at least in this case. For example, the left drop-down button that appears on the supposed page of the newspaper El País does not display any information. In that sense, it can be confirmed that it is a simple image. These types of failures indicate that it is a bogus web page.

Hervé Lambert, meanwhile, stresses that there have been some similar stories on other platforms and that it is “very likely” that they are spreading the scam. “We have confirmed that there are also fake profiles on social networks such as Twitter distributing this news,” he added.

In the case of social networks, these are basically bots that generate conversation threads and name celebrities and join other celebrities’ conversation threads to “follow someone to the link,” Lambert confirmed. increase.