Facebook Thieves Are Emptying Bank Accounts for Bitcoin

Cybersecurity research group BadCypher recently uncovered a clever, unusual trick Polish thieves are using to empty Facebook users’ bank accounts and turning their funds into bitcoin so they won’t get caught.

Get exclusive analysis of bitcoin and learn from our trading tutorials. Join Hacked.com for just $39 now.

According to the report, the hackers rely on well-known phishing and social engineering techniques, such as emailing someone an attachment with malware in it, to take over their Facebook account. Since most Facebook users don’t even bother using two-factor authentication (2FA), the takeover is relatively easy.

Once they control the account, the hackers then examine message logs to find those close to the initial victim. Then, posing as the original account owner, they ask for a small amount of money to be wired to them. Requests are kept to small amounts, as asking for a large amount would surely prompt questions and a phone call that would reveal the user has been hacked.

As soon as the person agrees to wire the money, they are sent a spoofed link to cloned versions of popular payment provider websites. These are popular in Poland, as they have contracts with banks that allow users to shop online without the use of a credit card.

The victim enters his bank account information on the cloned version of the website, and is then sent a code via SMS, in order to confirm the small transaction. So far, only a few dollars have been stolen from the victim, but the scam doesn’t end here.

Emptying Bank Accounts for Bitcoin

The thieves managed to guarantee the SMS message sent to the victim only asks the user to confirm that one transaction, even though it actually grants them access to transact as much as they want to without additional SMS code confirmations.

They do this by asking for the approval of so-called “trusted transfer” accounts, which the user unknowingly approves when he enters the SMS code that approves the original transaction. Banks usually allow these trusted accounts for the sake of usability.

With permission to transfer as much as they want to, the thieves then transfer everything the victim has into a bank account they will then use to buy bitcoin, or directly buy bitcoin using the victim’s bank account. The thieves usually create a regular transfer pattern to Polish bitcoin exchanges they use to buy the cryptocurrency, so everything looks fine on the bank’s side. Experts estimate it takes 15 minutes to turn everything the victim’s bank account has into bitcoin.

These attacks are rather complex, and as such hard to detect and prevent. So far reports suggest attacks only occurred in Poland, but they can easily spread. According to BadCypher:

Only vigilant fraud detection departments equipped with proper detection mechanisms can handle those attacks properly. Fortunately for the victims those scenarios don’t scale well, but a handful of attempts can be noted in one evening.

Featured image from Shutterstock.

Comments

comments

Filed in: Mainstream Bitcoin Tags: ,

You might like:

Welcome to Bitcoin Country: Silk Road and the Lost Threads of Agorism Welcome to Bitcoin Country: Silk Road and the Lost Threads of Agorism
Better in Byzantium? Ethereum Takes Baby Steps Toward a Privacy Boost Better in Byzantium? Ethereum Takes Baby Steps Toward a Privacy Boost
Money Manager Josh Brown: 'ICOs Are Where The Frauds Will Take Place' Money Manager Josh Brown: 'ICOs Are Where The Frauds Will Take Place'
EU Budget Amendments Call For Millions in Blockchain Funding EU Budget Amendments Call For Millions in Blockchain Funding
ICO Creator And Coinme Team Up To Spread Bitcoin ATMs ICO Creator And Coinme Team Up To Spread Bitcoin ATMs
China shutting down Bitcoin exchanges China shutting down Bitcoin exchanges
Hackers Lock Out iPhone And Mac Users, Demand Bitcoin Ransom: Here's How To Stay Safe Hackers Lock Out iPhone And Mac Users, Demand Bitcoin Ransom: Here's How To Stay Safe
BRIEF-Evolve Funds Group says it has filed a preliminary prospectus with Canadian securities regulators for Evolve Bitcoin ETF BRIEF-Evolve Funds Group says it has filed a preliminary prospectus with Canadian securities regulators for Evolve Bitcoin ETF
© 2017 Virtual Mining Bitcoin News. All rights reserved. XHTML / CSS Valid.