Week 17: Advertisement using a deepfake video for a giveaway scam

Languages

Service navigation

Search

Navigation

Week 17: Advertisement using a deepfake video for a giveaway scam

02.05.2023 - Was Elon Musk really giving away cryptocurrency, as a report last week to the NCSC indicated? No, he wasn't. In this case, fraudsters used a deepfake video and the launch of the Starship space vehicle to make their story seem credible. In the video in question, Elon Musk promised to double every cryptocurrency payment made to him and return it to the sender.

Attackers often refer to current issues to make their scams seem more attractive and plausible. A very interesting approach was reported to the NCSC last week.

The attackers used the launch of the Starship space vehicle by Elon Musk's company SpaceX as an opportunity to advertise a giveaway scam. On a website, Elon Musk promised to double and return cryptocurrencies transferred to him. The offer was available only for an extremely short time and only a limited amount of cryptocurrency was available. This claim was intended to increase the pressure on potential victims to act as quickly as possible – a central feature of all such scams.

The offer was only available for a short time during the launch and was limited to 10,000 bitcoin, 100,000 Ether or 100,000,000 Dogecoin.
The offer was only available for a short time during the launch and was limited to 10,000 bitcoin, 100,000 Ether or 100,000,000 Dogecoin.

When analysing the website, a link to a YouTube video stood out. This supposedly contained a video message from Elon Musk about this cryptogiveaway. In reality, the video contained a deepfake advertisement for this giveaway scam. Elon Musk's mouth movements are perfectly matched to the spoken words.

Deepfake video with Elon Musk. In addition to the visual, the voice was also created using deepfake technology. The website is now offline.
Deepfake video with Elon Musk. In addition to the visual, the voice was also created using deepfake technology. The website is now offline.

The only irritating aspect is that his eyes repeatedly focused on exactly the same points, which indicates that the video was created artificially.

Almost identical image at a completely different point in the deepfake video.
Almost identical image at a completely different point in the deepfake video.

Using the crypto addresses used by the fraudsters, it was possible to trace their "success". The fraudsters were able to obtain a total of USD 35,400 from a total of 20 transfers (10 deposits in BTC totalling USD 23,000, 9 deposits in ETH totalling USD 12,000, one deposit in DOGE totalling USD 400).

Based on the cryptocoin addresses used, the number of transactions and sums received could be traced on the respective blockchains.
Based on the cryptocoin addresses used, the number of transactions and sums received could be traced on the respective blockchains.

The sums were immediately withdrawn from the accounts and transferred to various other accounts, so that they could no longer be traced. The video and the website were only online for a very short time – less than a day.

Recommendations:

  • Ignore such promotional campaigns: as a rule, the greater the promised return, the greater the risk.
  • Be extremely cautious if you are offered large sums of money for little or no effort.
  • Be cautious if you are asked to make an advance payment for a promise of profit.
  • Do not allow yourself to be put under pressure.
  • Be aware that individual images, videos and sound documents can be copied almost perfectly.

Last modification 02.05.2023

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2023/wochenrueckblick_17.html