Scamming users into believing something to extort money and/or information is a tried and true method for threat actors. Cryptocurrency users are often a target of such attacks and the latest is using Nvidia to fool users into parting with their wallet information.
US company Nvidia is one of the largest developers of GPUs in the world. It is a 100% legitimate organization and is common/popular in the crypto space because Nvidia GPUs power many mining operations.
According to a report from cybersecurity giant Kaspersky, scammers have been using Nvidia's 30th anniversary – which falls in 2023 – to trick users into thinking they could receive a cryptocurrency reward from a giveaway.
It is a simple but effective ploy that involves creating a fake website that appears to be official to celebrate Nvidia's anniversary. On that site, there is a “Bitcoin Giveaway” with a big button to hit to participate in the draw.
The splash screen seems real enough with Nvidia's logo, while it names the company's CEO, Jensen Huang. However, look closely and you will see the Nvidia logo is purple instead of green/white. While this is a red flag, users may think it is a special logo for the anniversary.
Giveaway
If the user interacts by clicking the button, they are taken to a separate page with details on the fake giveaway. Again, this all looks legit on the surface, including a photo of Huang and other menu options. Taking a closer look, there are grammatical errors that are common in most such phishing scams.
“Here, purportedly on behalf of Mr. Huang and Nvidia, the cybercriminals announce a giveaway of 50,000 BTC (worth more than a billion US dollars at the time of writing),” Kaspersky explains. “One of the main conditions for taking part is that users themselves must first make a contribution, like buying a lottery ticket. The scammers promise that the participant will immediately get double their money back, not to mention the prospect of winning the 50,000 BTC.”
A 50,000 BTC giveaway is the biggest red flag. That is a huge amount and no company is going to give away a billion dollars in cryptocurrency. Even so, some users could fall for the trick and make the “contribution”.
On the page there are instructions for the crypto wallet the user should make their contribution. Kaspersky explains that money already exists in the wallet, although it is not clear if this is a victim or the scammers wanting to legitimize the wallet.
“Curiously, if you enter the address of the scammers' cryptowallet on blockchain.com, it turns out that some money has actually been transferred thereto — a total of 0.42 BTC (worth more than $8000 at the time of writing). It's unknown who sent the funds: it could be victims or the scammers themselves, for example, to check if the wallet is working or to pretend to be “lottery” participants. In any case, there's no trace of the reported 50,000 BTC, and no hint of double-your-money paybacks.”
Tip of the day: The Windows Sandbox gives Windows 10/11 Pro and Enterprise users a safe space to run suspicious apps without risk. In out tutorial we show you how to enable the Windows Sandbox feature.
