There is a lot of Wild West and fraud in the world of cryptocurrencies. Telegram users in particular can tell you a thing or two about it. It is enough to be a participant in a few Telegram groups of crypto exchanges or some - quite legitimate and serious - crypto projects. Provided you have allowed it in your Telegram settings, it doesn't take long for complete strangers to get in touch with you in a friendly private chat and introduce you to lucrative deals. They pretend to be investment advisors, investors or representatives of crypto projects that are guaranteed to be successful. With everyday names like Bruce Wright, Emine Polat or Oana Chiara and a nice profile picture, the scammers try to give themselves a flimsy veneer of authenticity.
I would like to present an example of this type here: "cryptogamble moderator".
The following short dialogue unfolded the other day:
Hi how are you?
are you a crypto hodler?
And if - why?
I've got a deal for you, we'll get over $ 3,000 in half an hour. You don't have to give me money. I work in the support service of one of the cryptogamble projects. You are interested?
I work as a moderator on a сryрtоgamble project, where I can select the game winners. I can’t make myself a winner, because the project administration knows my IP address, BTC address, tracks my transactions, etc. However, I can choose another person, for example - you as the winner, but then you give me the 50% jackpot you take. I can prove my words. I'm letting you choose any person on the website, and I'll make him win on your eyes.
Is that legal?
Register on the website, send me your username and place a bet in the game, and I will make you a winner. After, you withdraw winnings to yourself, and send my part to me.
Ok, I registered and now I'm logged in. 😊
send me your username
have you already funded your account?
All right? It's simple: In order to play along with this scam - in which YOU will be the scammed party, by the way - you have to register on this cryptogamble platform. Then, of course, you have to deposit money in order to participate in any betting games.
It may be that you win something the first time you play so that you become more confident and subsequently put in more money. If you have already gone so far as to deposit money at the beginning, then the scammer will assume the principle of "greed eats brains" and first provide you with a profit, perhaps even allow a payout - in the not unjustified assumption that you will come back, then with more money.
Now let's do some very basic OSINT:
The scammer contacted me around 11 January 2021.
What does a whois lookup tell us about
Created: 2021-01-13 07:27:40 UTC
Yeah, that fits. In fact, the scammer didn't give me the address until 15 January..
Commercial websites that were registered only a few days ago should always be met with increased vigilance. In the case of a shop, that would be a red flag, here too, of course.
I wouldn't be surprised if this domain only displays a 404 in a few days.
What else do we see... Aha:
Registrar name: NAMECHEAP INC
Namecheap has a certain reputation as, shall we say, a "favourite host for scammers".
Professional cyber criminals can take down entire websites, even entire infrastructures, within a very short time, virtually at the push of a button, and rebuild them somewhere else - i.e. on a new domain. We are talking about minutes to a few hours!
A registrar or hoster who does not pay much attention to the behaviour of his customers and delays or half-heartedly processes abuse reports is supporting criminal activities.
One could still pursue further measures with Recon-ng etc., which would then turn out to be somewhat more elaborate. I would like to leave that to professionals or people with more time.
I would like to close with the rule of thumb: If something is given away on the internet, it is almost always you who pays - with your data or with your money.
Stay safe and healthy.