Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
The spoofed BitVex crypto trading platform claims to be managed by Tesla CEO Elon Musk, who founded it to provide 30% returns on bitcoin deposits.
What Happened?
This phishing attempt started earlier this month with threat actors establishing new YouTube accounts or hacking into ones that already existed in order to broadcast deep fake films purporting to be of Elon Musk, Cathie Wood, Brad Garlinghouse, Michael Saylor, and Charles Hoskinson.
These videos are authentic interviews that have been altered using deep fake technology so that the person’s voice may be used to read a script that threat actors created, but if you pay close attention, you will notice that the deep fake synchronizes the person’s speech to the script that the threat actor is reading, which is so ridiculous that it borders on being funny.
Numerous additional indicators point to the fact that this is an elaborate hoax, in addition to the fact that the interviews have been tampered with in order to give the impression that Elon Musk is promoting the BitVex trading platform using his own voice.
A number of YouTube channels that promote this trading platform have been hijacked, and as a result, users are suddenly being shown YouTube videos and YouTube Shorts that advertise the BitVex trading site.
When you visit the actual BitVex trading website, it immediately becomes clear that you are being taken advantage of.
For instance, the website asserts that Elon Musk is the chief executive officer of the trading platform. Additionally, the website includes endorsements from Cathie Wood of Ark Invest and Changpeng Zhao, the chief executive officer of Binance.
Users are required to sign up for an account at either bitvex[.]org or bitvex[.]net in order to have access to the BitVex investment platform and utilize the BitVex platform.
After you have successfully logged in, the website will provide you with a dashboard that allows you to make a variety of cryptocurrency deposits, choose an investing plan, and withdraw your profits.
As is the case with almost all cryptocurrency-related frauds, the dashboard will pretend to show recent withdrawals of a number of different cryptocurrencies in order to give the impression that the website is authentic.
According to BleepingComputer, these withdrawals are generated by JavaScript, which chooses at random one of five distinct cryptocurrencies (Cardano, Ethereum, Bitcoin, or Ripple), and then generates withdrawal amounts at random. These phony withdrawals are updated in a random fashion whenever the website is refreshed.
How to Stay Safe from Spoofing?
- Invest in cybersecurity software: Install anti-malware and anti-spam software to safeguard your device from dangerous threats and viruses.
- Only access websites that have a valid security certificate (https:// in the URL).
- Before you click on a URL, hover over it to make sure it’s going to a reliable source.
- To prevent fraudulent emails from reaching your inbox, use spam filters.
- Check the email sender’s email address for misspelled or otherwise inaccurate content before the email domain (the domain is the information following the @ symbol).
- Do not open attachments or click on links from unknown senders or unfamiliar domains. They generally contain malware or other infections that can seriously damage your device.
- When feasible, employ two-factor authentication with strong passwords.
- Update all apps, operating systems, browsers, network tools, and internal software on a regular basis to guarantee you have the most up-to-date and secure version.
- Use real-life examples to teach employees how to avoid becoming victims of social engineering.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.
