Threat actors are relentless when it comes to recycling old ruses to fool internet users and steal their money. While the ongoing pandemic and vaccination campaigns ushered in a new wave of creative scams, some malicious actors prefer to stick to old-fashioned scams that have proven efficient in the past.
Tesla’s CEO, Elon Musk, is a favorite among cyber thieves and spammers who use the business leader’s name and brand to steal millions from victims.
Bitdefender Antispam Lab has taken notice of spammers’ interest in the topic this month, as threat actors send tens of thousands of malicious and fraudulent Tesla-related emails to internet users.
Although the two spam campaigns differ in style, they leverage the popularity of Elon Musk and the increased interest in the cryptocurrency market.
No, Tesla is not giving you 5,000 dollars worth of Bitcoin
This campaign started on May 15. The spammers send out tens of thousands of scam emails offering recipients the chance to participate in a Bitcoin giveaway allegedly organized by the marketing department at Tesla.
Interestingly enough, the Bitdefender Antispam Lab was able to associate this scam with a separate extortion campaign spotted earlier this month. Although the earlier campaign targeted Ledger data leak victims, the perps used a similar email address, blacklisted by Bitdefender on May 9.
The mails contain a PDF attachment that surprisingly has no malicious payload.
79.72% of scam emails appear to be sent from IP addresses in Germany, targeting users in Europe and North America. 11% of the fraudulent emails have reached users in the UK, 79.26% in Sweden and 9.22% in the US.
Cybercriminals mix and match subject lines, pdf names and messages to dodge spam filters.
For example, in one version of the crypto scam, the subject line reads, “ELON MUSK 5,000 B T C GIVEAWAY!” while others are target specific, containing the victims’ username in front of the main title.
The messages are plain and simple:
Although the spammers were clearly not interested in crafting a convincing story in the body of the email, the PDF attachments offer users the details they need to participate in the so-called giveaway.
“Our marketing department here at Tesla HQ came up with an idea: to hold a special giveaway event for all crypto fans out there,” the advertisement reads.
A note insertion at the end states that”all persons are able to participate, including those in the United States. All wallets and exchanges are eligible! The completion will last until the entirety of the 5,000 BTC held in the airdrop funds have been released. If you are late, your BTC will be instantly refunded.”
Tesla buys $1.5 billion bitcoin, plans to give away $750M of it
The second version of this crypto fraud campaign showcases the spammers’ creative side, including a Bitcoin Address QR Code to be scanned by participants. While some internet users might not have heard about the acquisition of $1.5 billion worth of Bitcoin by Tesla earlier this year, cryptocurrency investors have. This scam campaign has reached over 30,000 users across the globe. 16.73% of the spam emails originate from IP addresses located in Brazil, 14.15% in Russia, 6.32% in Indonesia, 4.91% in Turkey, 4.56% in Ukraine, 4.44% in Spain, 3.68% in the US, 3.63% in Italy, 2.16% in India, 2.11% in Romania and 1.93% in the Netherlands.
The fraudsters send out a promotional email presenting the Bitcoin giveaway.
“If you would like to participate in the giveaway, it’s very simple!,” the message reads. “All you need to do is send any amount of Bitcoin (BTC), (between 0.1 BTC to 50 BTC) to our official contribution address for this event, and once we have received your transaction, we will immediately send back (2x) to the address that you sent the BTC from.” They even provide a set of rules offering additional information about the giveaway.
At the moment, one of the crypto wallets used by the perps shows 31 transactions that translate to 1965.21 dollars.
Cryptocurrency scams have proven a highly effective social engineering scheme that reel in millions of dollars from victims each year. These phishing campaigns sing the same tune that is meant to hypnotize the audience, inducing a false promise of getting rich quick.
Click to Open Code Editor