Behind the confusing message is a website that looks like a cryptocurrency exchange.
Finnish people are being approached with a new type of scam. In the e-mail messages, the website address is given, as well as the password and username used to log in to the site.
The message also advised not to share information from the website. Furthermore, it is implied that there is a large amount of money behind the site.
Messages have been coming in slightly different forms for four weeks, most recently.
After logging in, a site opens that gives the impression of a cryptocurrency platform on which investments worth millions of euros have been diversified.
To log in to the website, you need the password and username you received in the message. However, they are the same for all recipients of the scam message.
User IDs are not unique in the original messages, as multiple people have received the same message and “userid”. It’s necessary, though, because you can’t log in to sites by typing anything into the username and password fields.
It is not known whether the scams have also been spread through e-mails. There have been at least two scam sites, the first of which is no longer operational.
The page states that there are many diversified investments. The list goes way beyond the picture.
Olli Hono, an information security expert at the cyber security center of Finnish transport and communications agency Traficom, says the authority began receiving notifications about the sites more than four weeks ago.
Hono corroborates IS’s explanation that the scam’s operating logic is based on the fact that the victim thinks he or she is logging in with someone else’s credentials.
– We think so.
The website implies that profits have been successfully repatriated from there.
The authority is not aware of the exact fraud mechanism of the websites.
– We don’t know what the final thought is. However, based on a quick check, they don’t appear to be an immediate security threat or phishing, Hono says.
Based on IS Digitude’s comments, financing may be based on repatriation of funds into the “Service”, for which card information may be requested. However, it is not available immediately.
This is where it gets difficult. You can’t withdraw money just like that.
Since the method of cheating is new, people may not recognize it immediately. Hono reminds to be sharp with funny messages.
– The old basic rule applies. Hono says, if something sounds too good to be true, it probably isn’t.