- The CoinEgg scam uses fake domains and social media accounts to coax users into investing in fake exchanges.
- After making victims invest, scammers approached them as investigative agents who could help with the scam.
- How long the fraud has been going on is unclear at the moment.
Despite the immense popularity of cryptocurrencies and crypto-trading in India, users in the country are still falling for high profile scams. Researchers at security firm CloudSEK have unearthed a new scam called CoinEgg, which defrauded as much as ₹10 billion [₹1,000 crore] from users in the country.
“We discovered an on-going malicious scheme involving multiple payment gateway domains and Android-based applications, used to lure unsuspecting individuals into a mass gambling scam,” the company said in a blog
post.
CoinEgg Scam: How this works
According to the researchers, the threat actors created multiple fake domains impersonating crypto trading platforms, with the word ‘CloudEgg’ in them. “The sites are designed to replicate the official website’s dashboard and user experience,” the company said, adding that the scam is divided in seven phases.
After creating the fake domains, in the second phase, the attackers create a female profile on social media “to approach the potential victim and establish a friendship”. This profile is used to influence the victim to invest in crypto and start trading. “The profile also shares USD 100-dollar credit, as a gift to a…
