Dr. Anders Apgar is the latest victim of a crypto scam that utilized bots to steal most of the digital currency he had been adding to his account over the past several years.
How Dr. Anders Apgar Walked into the Thieves’ Hands
The scam began with a series of what he thought were robocalls and naturally, he tried to ignore them. However, the calls kept on going, and eventually, his wife started to get buzzes on her phone. Eventually, Apgar decided he couldn’t ignore them any further, and he decided to pick up his phone one day and see what the commotion was about.
Upon picking up the phone, he and his wife got a notice that their joint crypto account was in jeopardy after there had allegedly been too many failed login attempts. On the other line was a female-sounding voice that stated the following:
Hello, welcome to the Coinbase security prevention line. We have detected unauthorized activity due to failed log-in attempts on your account. This was requested from a Canada IP address. If this (is) not you, please press one to complete precautions to recover your account.
He instantly felt worried and complied. Pressing the number one, he was asked to implement his two-factor authentication code, which he did. From there, his account was instantly locked, and he has been unable to gain access to it since. He says both he and his wife had more than $100K in crypto stored away in their account, though now, he can only assume that most of it – if not all of it – is gone.
In an interview, Apgar said:
It was just dread and an emptiness of just, ‘Oh my gosh, I can’t get this back.’
This kind of fraud is becoming quite prominent. The way cyberthieves obtain money they did not earn is by targeting the two-factor authentication process that many investors and companies utilize as a way of preventing theft. By entering their information when prompted, the investor is ultimately handing the attackers the keys to their digital stash.
The fraud tool behind this and similar situations is referred to as an OTP or one-time password bot. A report issued by cybersecurity firm Q6 Cyber in Florida stated in a new report:
The bot calls are crafted in a very skillful manner, creating a sense of urgency and trust over the phone. The calls rely on fear, convincing the victims to act to ‘avoid’ fraud in their account.
Playing on Investors’ Fear
An analyst with the firm known as Jessica Kelley says this kind of fraud plays on human emotions. Thus, it has worked quite well – especially because at first, the corresponding robocalls can seem quite legitimate. She said:
It’s human nature. If you receive a call that tells you someone’s trying to sign into your account, you’re not thinking, ‘Well, I wasn’t trying to.’