- Deepfake phishing attacks target crypto users through Zoom by mimicking friends in order to steal sensitive data and funds.
- North Korea-linked BlueNoroff is so famous for such AI-driven deception in phishing schemes and stealing crypto assets via fake plugin downloads.
- Avoid unverified Zoom/Teams calls, and use Signal/Jitsi and implement strong 2FA for account security.
Cryptocurrency attackers are in a sophisticated phishing campaign. They are using AI-generated deepfake videos to impersonate calls.
Criminals deploy malware designed to steal sensitive information and access to Telegram accounts and Bitcoin wallets.
Therefore, it is crucial to stay alert and avoid engaging with unverified or unexpected communications.
Deepfake Phishing Campaign on the Rise
Deepfake technology is increasingly used by Cybercriminals using video technology like Zoom and Teams, who create Deepfake videos.
They then use those videos to engage them in an active video call, then trick them into downloading malicious software onto their computer.
Once the malicious software is installed, cybercriminals will gain control of the victim’s sensitive information.
This includes access to cryptocurrency and Telegram accounts. Criminals often connect with victims through social engineering tactics.
Often, convincing victims to trust them by claiming that there are audio problems during the video chat that will be resolved by downloading a plugin. After downloading, the criminal gets access to the victim’s computer system.
This sophistication makes it difficult for victims to revive their systems.
Protecting Yourself from Phishing Attacks
All crypto customers should act immediately by avoiding unverified Zoom and Teams calls. Especially those that originate via Telegram or any other social channels.
Any requests, especially if it looks like they come from a friend, verify them first. Hackers are utilizing deepfake videos to convince individuals that they are familiar.
Instead of using the standard platforms to communicate with one another, experts encourage the use of Signal or Jitsi. Since these platforms provide end-to-end encryption, thus keeping hackers from intercepting or manipulating conversations.
Google Meet also provides a strong alternative for browser meetings, as it has significant security capabilities.
Customers are encouraged to have strong passwords and 2FA on their accounts. They should also check their security settings to ensure they aren’t utilizing passwords saved on any cloud-based service.
Given the increase in crypto theft over the past few years, all of the above steps are integral to keeping your dollars safe.
The Role of AI in Modern Phishing Attacks
Phishing campaigns are becoming more sophisticated by utilizing Artificial Intelligence and other emerging technologies.
The amount of deception that these attacks use has rendered the previously accepted methods of keeping data safe invaluable.
An example is the North Korean hacking group known as “BlueNoroff,” which used deepfake video technology.
The group used a fake video call that was misrepresented as a legit Zoom plugin and convinced the victim to install malware. This malware was able to escape detection by common security products for an extended period of time.
Experts believe that as these cybercriminals continue to develop their capabilities, crypto users will continue to be at risk due to their evolving nature.
While deepfake technology will only become increasingly sophisticated in the future, we can protect against it.