Last month, Dr. Anders Apgar had been out for dinner with his family, and his phone wouldn’t stop ringing. He tried ignoring it because it sounded like a robocall. The calls, however, did not stop. The phone of his wife then began to ring as well. “When she takes it up, a popup appears with the message, ‘Your account is in peril,'” he explained.
He picked up his phone after receiving the caution, which he described as a text message. That was the start of the couple’s misery.
The Apgars, who are both obstetricians in Maryland, began investing in cryptocurrency several years ago. Their account had risen to almost $106,000 by December, with the majority of it kept in bitcoin. Their profile is with Coinbase, the country’s largest cryptocurrency platform, like that of tens of thousands of other dealers.
The Fraud
“Hello, welcome to Coinbase’s line of security prevention,” a female voice said when Apgar took up the phone. Due to an unsuccessful log-in session on your account, we have detected illegal activity. This was urged from an IP address in Canada. If this isn’t you, hit 1 to complete the measures for regaining access to your account.” The name only lasted 19 seconds.
Apgar, alarmed, pressed 1.
He stated he can’t recall whether or not he physically typed his two encryption codes or whether they appeared on his display panel automatically. But, because of what happened in that split second, his account was locked in less than two minutes. Apgar stated that because he has not recovered access, he suspects the scammers stole the majority, if not all, of the crypto, but he cannot be certain.
“It was just a sense of dread and emptiness like, ‘Oh my god, I can’t get this back,'” he explained.
The Apgars was targeted by a particularly cunning type of scam that took advantage of two-factor validation, or 2FA. People use 2FA, or two-factor authentication, to protect a variety of profiles at crypto exchanges, banks, and other places where they do digital transactions.
However, this new type of fraud targets the 2FA code, & it makes use of people’s fear of their profiles being hacked to work against them. They expose themselves to robbers by moving, which they believe will protect them.
OTP: The Bot
A one-time password, or OTP, the bot is a fraud instrument.
A cybercriminal would first have to call before these OTP bots. They’d have to phone the victim & try to persuade them to reveal their personal information, bank account PIN, or two-factor authentication passcode. And today, thanks to these bots, the entire system is automated, allowing for considerably more scalability.
The victim’s 2FA code, as well as any other information they asked the victim to input in their phone, is delivered to the bot after they enter it. The bot then delivers it all to the cybercriminal, giving them access to the victim’s account.
“Coinbase will never initiate inappropriate calls to its users, & we advise everybody to be watchful when sharing information over the phone,” a Coinbase spokeswoman said in a news release to CNBC. Do not give out any account information or security codes if you receive a call from someone pretending to be from any financial institution. Rather, hang up the phone and call them at the organization’s official phone number posted on their website.”
According to CNBC last year, Coinbase’s customer service has been a major issue. Customers around the country reported that hackers were depleting their accounts, but that when they contacted Coinbase for help, they received no response. Following the story, Coinbase set up a phone helpline to assist customers, but even that has run into issues, reports Userwalls.com