CISPA
Browse
313000a156.pdf (3.08 MB)

Conning the Crypto Conman: End-to-End Analysis of Cryptocurrency-based Technical Support Scams

Download (3.08 MB)
conference contribution
posted on 2024-03-19, 10:50 authored by Bhupendra AcharyaBhupendra Acharya, Muhammad Saad, Antonio Emanuele Cinà, Lea Schönherr, Hoang Dai Nguyen, Adam Oest, Phani Vadrevu, Thorsten HolzThorsten Holz
The mainstream adoption of cryptocurrencies has led to a surge in wallet-related issues reported by ordinary users on social media platforms. In parallel, there is an increase in an emerging fraud trend called cryptocurrency-based technical support scam, in which fraudsters offer fake wallet recovery services and target users experiencing wallet-related issues. In this paper, we perform a comprehensive study of cryptocurrency-based technical support scams. We present an analysis apparatus called HoneyTweet to analyze this kind of scam. Through HoneyTweet, we lure over 9K scammers by posting 25K fake wallet support tweets (so-called honey tweets). We then deploy automated systems to interact with scammers to analyze their modus operandi. In our experiments, we observe that scammers use Twitter as a starting point for the scam, after which they pivot to other communication channels (eg email, Instagram, or Telegram) to complete the fraud activity. We track scammers across those communication channels and bait them into revealing their payment methods. Based on the modes of payment, we uncover two categories of scammers that either request secret key phrase submissions from their victims or direct payments to their digital wallets. Furthermore, we obtain scam confirmation by deploying honey wallet addresses and validating private key theft. We also collaborate with the prominent payment service provider by sharing scammer data collections. The payment service provider feedback was consistent with our findings, thereby supporting our methodology and results. By consolidating our analysis across various vantage points, we provide an end-to-end scam lifecycle analysis and propose recommendations for scam mitigation.

History

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

IEEE Symposium on Security and Privacy (S&P)

Open Access Type

  • Green

BibTeX

@conference{Acharya:Saad:Cinà:Schönherr:Nguyen:Oest:Vadrevu:Holz:2023, title = "Conning the Crypto Conman: End-to-End Analysis of Cryptocurrency-based Technical Support Scams", author = "Acharya, Bhupendra" AND "Saad, Muhammad" AND "Cinà, Antonio Emanuele" AND "Schönherr, Lea" AND "Nguyen, Hoang Dai" AND "Oest, Adam" AND "Vadrevu, Phani" AND "Holz, Thorsten", year = 2023, month = 5 }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC