bitcoin

Crypto Scams in India

Executive Summary

Crypto Scams in India are growing at a rapid rate.

At the end of December 2023, Financial Intelligence Unit India (FIU IND) issued show cause notices to nine offshore Virtual Digital Assets Service Providers – Binance, Kucoin, Huobi, Kraken, Gate.io, Bittrex, Bitstamp, MEXC Global and Bitfinex. 

Also, it wrote to the Ministry of Electronics and Information Technology to block the URLs of the nine entities operating illegally.

Since then, Shreshta Threat Intelligence team has detected a huge uptick in crypto scams in India such as phishing attacks and fake Android APKs luring citizens of India interested in investment schemes and cryptocurrency.

Many deceptive phishing websites that lure users into fraudulent investment and cryptocurrency schemes are springing up at a rapid rate. These scam websites employ tactics such as initially prompting the user’s email and name without proper validation. Subsequently, it prompts users to send bitcoins to a specified address in order to start the investment schemes.

Motive

The motive of threat actors is to exploit users by tricking them into sharing Personally Identifiable Information (PII) such as name, address, contact number and sensitive details such as bank details.

Crypto Scams in India – Phishing website impersonate WazirX

Phishing website impersonating Wazirx

Figure 1 – Screenshot of phishing website impersonating Wazirx website

Phishing website of Wazirx registration page

Figure 2 – Registering on the WazirX website for trading bitcoin with randomly entered data is successful without undergoing validation

Phishing website  of Wazirx user dashboard

Figure 3 – After registration, the user is presented with a Dashboard

Phishing website of Wazirx prompting users to input financial details

Figure 4 – The page prompts the user to input payment details into the trading account

Phishing website of Wazirx  crediting money for trading

Figure 5 – Crediting money for the trading account

Phishing website of Wazirx requesting PII

Figure 6 – Even though wrong information is fed, the process continues, indicating that this is scam, and prompts user to input their PII

Phishing platform engaging in cryptocurrency

Figure 7 – Screenshot of a phishing platform attempting to deceive users into engaging in cryptocurrency trading by connecting a wallet. However, the provided link redirects to a seemingly legitimate website for downloading wallets and linking them. 

FlashBTC phishing website distributing malware Android APK

Phishing website of Flash BTC

Figure  7 – Screenshot of the Flash BTC phishing website 

Phishing website demo containing malicious content

Figure 8 – After downloading a demo, the zip file which gets downloaded contains malicious  content.

Phishing website redirecting toBTC activation

Figure 9 – When we buy, it navigates the user to BTC activation plans

Phishing website of BTC  requesting to make a transaction

Figure 10 – After buying any plan, it asks to make a transaction either via QR code or the link provided

Phishing website of BTC requesting proof of payment

Figure  11 -Then the proof of payment need to be sent on telegram

Phishing website masquerading as  Binance - Cryptocurrency Exchange company

Figure 12 – Screenshot of the phishing website pretending to be Binance – Cryptocurrency Exchange company

Phishing website requesting investment

Figure 13 – The website prompts the user to invest using their Investment plans

Phishing websiteasking to enter address and payment

Figure 14 – After clicking on particular plan it prompts the user to enter their email address and name and pay the amount respective to that plan

Phishing website requesting bitcoin amount  to be sent  to bitcoin address

Figure 15 – The website then prompts the user to send the bitcoin amount to the specified bitcoin address

Binance phishing website

Phishing website of Banance

Figure 16 – Screenshot of the phishing website that prompts user to transact bitcoins

Phishing website unsuccessful registration of user

Figure 17- When we try to register, the registration is not being taken into account

Phishing website from Korea impersonating Binance

Figure 18 – Screenshot of Korean phishing website prompts user to join membership for cryptocurrency exchange

Phishing website's membership page

Figure 19 – Screenshot to fill the details to join the membership 

Phishing webpage after incorrect entry of login details

Figure 20 – Screenshot of a page that appears after filling incorrect data, meaning it’s a phishing attempt, this page prompts user to provide their sensitive details like bank account number, bank name and contact number and prompts user to trade using cryptocurrency

Phishing website impersonating Binance

Figure 21 – Screenshot of Phishing Binance Trading website that prompts user to trade using cryptocurrency

Phishing website of Binance's registration page

Figure 22 – The above screenshot appears when we register for Binance trading

Phishing page displaying dashboard

Figure 23 – The phishing page displays a Dashboard even though the user registration hasn’t been validated

Phishing page trading plans

Figure 24 – It page prompts the user to choose/buy a plan for trading

Phishing page works with incorrect input

Figure  25 – Even with incorrect inputs, the page accepts and progresses

Phishing page requesting bank details

Figure 26 – Despite the inaccurate details, the page displays an amount already sent, prompting the user to enter their bank details

Safety Recommendations

  1. Users should be wary of any website or an application which promises out of the world returns.
  2. If you become a victim of cybercrime, particularly financial crime, call the national (India) cybercrime helpline 1930 or file a complaint at https://cybercrime.gov.in/ 

Conclusion

Crypto scams in India that we have detected and analysed have comprised of phishing websites and fake Android APKs. Users should be wary of any website or an application which promises out of the world returns.

Free 30-day trial of our threat intelligence

Threat actors constantly optimise and evolve their attacks to steal credentials and data and infiltrate networks. Our threat intelligence feeds are highly actionable and curated to protect against phishing, malware, C2 and newly registered domain names.

Interested? Please send us an email to info@shreshtait.com for a free 30-day trial.

A few other threat intelligence blog posts that you might be interested in,

Website |  + posts