Phishing attacks are becoming increasingly sophisticated, as demonstrated by at least two cases where scammers reportedly managed to impersonate Google representatives, resulting in the loss of significant crypto funds.
Security blogger Brian Krebs reported that Adam Griffin, a battalion chief firefighter in the Seattle area, lost nearly $450,000 in crypto assets after falling victim to a scam earlier this year.
According to the report, in May, Griffin received a call from what appeared to be the official number for Google Assistant, an AI-based service – (650) 203-0000. The scammers claimed that his Gmail account had been accessed from Germany.
Shortly afterward, he reportedly received an email from a google.com address, warning about the compromised account. The email claimed that Griffin had already been contacted by a "Google representative" named "Ashton." (The report notes that sending emails from a google.com address is possible via Google Forms.)
The criminals attempted to deceive Griffin further by offering their help in recovering his account. This was followed by a Google prompt appearing on his phone regarding account recovery. When Griffin clicked on the link, it gave the scammers access to his Gmail account and subsequently his Google Photos, where he had stored an image of his seed words. These seed words, a combination of 12–24 words, allow anyone in possession of them to access a bitcoin (BTC) or other crypto wallet.
According to Krebs, the scammers used this access to steal approximately $450,000 in crypto assets from Griffin's Exodus wallet.
Furthermore, after accessing Griffin's Gmail account, the scammers attempted to steal funds from his Coinbase exchange account. However, Coinbase locked the account, preventing an additional $100,000 from being stolen.
In a separate case reported by Krebs, scammers impersonating Google in a similar manner stole 45 BTC ($4.3 million today) from Tony, a 42-year-old from northern California. Tony later recognized the scammer’s voice during a podcast with Junseth, a bitcoiner who had tricked the scammer into speaking.
The scammer admitted to being a teenager working with a team targeting victims. The teenager also revealed that if a potential victim doesn’t have their Google Authenticator synced to their Google Cloud account, it makes it more difficult for scammers to hijack accounts on a crypto exchange.
Bitcoin security expert Jameson Lopp emphasized that "Social engineers are targeting Google accounts since they know they're likely to find TOTP 2FA [Time-based One-Time Password Two-Factor Authentication] secrets there. By controlling your email account, they can reset passwords. Compromise 2FA, and it's game over." Lopp recommended using the Yubico Authenticator with a YubiKey, a hardware authentication device, for enhanced security.
Your email address will not be published. Required fields are markedmarked