Crypto Scammers Steal User Funds Via Fake Zoom Websites

Crypto scams are on the rise as scammers devise a new way to steal money by setting up fake Zoom websites for unsuspecting victims.

The digital currency industry is experiencing increased crypto scams, and unscrupulous actors are developing novel methods to siphon people’s money. NFT_Dreww.eth, a cyber security specialist on X, has warned users about a new, highly convincing ruse that these malicious actors employ: a phony Zoom website that imitates a legitimate website designed to target crypto investors and NFT holders.

How the Fake Zoom Scam Is Executed

The scammer’s strategies are common to all other tricks, as per NFT_Dreww.eth. They initiate the process by posing a series of persuasive inquiries to potential victims, including whether they want to become angel investors or join their team. Subsequently, they invite the target to participate in a Zoom meeting or a partnership opportunity, supplying a malicious link that simulates an authentic Zoom meeting.

In addition, Dreww clarified that the target will be redirected to a website that appears to be Zoom and will be trapped in an infinite loading cycle upon clicking the link. Subsequently, the user will be directed to obtain and install a file named “ZoomInstallerFull.exe,” classified as harmful software. He further stated that the software will appear authentic during the download process, as users must agree terms and conditions. According to the specialist,

“When you begin the download process it all seems legit, accepting T&Cs, hitting start, etc. Then once you download it, it proceeds to spin some more and then it actually redirects you to the legit real zoom[.]us url to make it seem like it was just a glitch or taking forever to load… However in the meantime the nasty malware has already executed and done its job.”

Therefore, the malware cannot be detected by the antivirus software as a result of its inclusion in the Windows Defender exclusion list following its installation. It subsequently commences the theft of victim information. Upon completion, the victim is redirected to the primary Zoom website, which gives the impression that everything is functioning as expected.

The cybersecurity expert has reported that the fraudsters responsible for this attack have already stolen more than $300,000 using this method. The malicious website’s domain names are frequently altered, complicating tracking and blocking it. He declared:

“This is actually their 5th domain so far…. Its a cat and mouse game attempting to take down all the domains versus getting the signatures and malware tagged as such for all engines to throw warnings regardless of domain.”

Self-Defense

Crypto users are advised to exercise caution when clicking on any link, regardless of whether it appears to originate from a reputable source, due to the increasing prevalence of crypto fraud. NFT_Dreww.eth recommended that individuals verify the web address and confirm the authenticity of each file before downloading and installing it.

Crypto investors and NFT owners must also be vigilant for unforeseen communications, particularly those regarding investment opportunities or collaboration requests. Before responding, they should verify the message’s sender and refrain from opening files or links from individuals who are not verified.