How Scammers Used AI and Social Engineering to Target a Major News Executive's Crypto Account

Source: CryptoNewsNet Original Title: CNBC’s vice president of news details how hackers tried to steal his Coinbase account Original Link: https://cryptonews.net/news/security/32308690/ Last week, a vice president of news at a major U.S. media outlet received a phone call that nearly led to his account at a certain compliance platform being taken over. The call came around 1:30 p.m. His iPhone showed a 650 area code linked to San Francisco Bay.

According to the executive, he answered the call, and the man on the line introduced himself as Brian Miller from the platform’s security team and immediately claimed there was “suspicious activity” on the account. He asked if the executive was trying to log in from Frankfurt, Germany, using an iPhone.

The executive replied, “No, I haven’t been in Germany in 20 years, and I never use my cell phone to log into my account.” The caller said someone using the email address “Mohamad25@gmail.com” was inside the account and had already tried to make a transfer.

Scammer escalates pressure with personal data and fake activity

Brian told the executive that the person claimed they lost their phone on a conveyor belt at the Frankfurt airport and needed access. He paused, then said another transfer attempt was happening in real time. He added that the attacker had the executive’s Social Security number, phone number, and email address.

Brian also claimed the attacker submitted a photo that matched the account’s face scan. The executive responded, “I never gave them my photo.”

Brian pushed back. He said the executive would have had to submit a photo to open the account due to know-your-customer rules. He then claimed the account was on hold and another transfer was blocked. The executive asked for proof that the call was real. Brian said an email with a case number had already been sent.

The messages had the same confirmation codes as the ones given on the phone. There were no typos, there was a company logo and a text box with all the key information. The email address appeared to have come from the platform, but it seemed odd it didn’t have Miller’s name on it.

One message came from “no-reply@mail-platform.com via sportuel.com.” The other came from “support@info.platform via live-platform.com.” The addresses were different. Brian’s name was not on either message.

Brian then asked when the executive last used the platform, and the response was, “Shouldn’t you know that?”

According to the executive, Brian then said confidentiality rules prevented him from seeing balances. The executive gave a wide range and felt uneasy.

Fake support pushes hard wallet and blocks password changes

Brian told the executive he needed a “Hard Wallet.” The executive said he did not know what that was. Brian offered to help him set it up. The executive asked if he should change his Gmail password. Brian said that was probably a good idea. The executive then asked if he should change his platform password.

Brian hesitated. He said it was not recommended. He claimed changing the password would freeze the account for up to two weeks.

The executive said he had a meeting in five minutes and asked how long the wallet setup would take. Brian said 20 minutes. The executive said he had to go but suggested talking again at 3 p.m. Brian agreed to call back.

When the call ended, the executive tried to figure out what to do next. It didn’t seem right but several details lined up. He checked his account. Nothing seemed out of order. Then he took the email addresses that had been sent. He copied them and asked Claude, an AI chatbot, if they were legitimate. The response came back, “This is almost certainly a PHISHING scam.”

The executive contacted a former employee at the platform. She told him she no longer worked there but said it was likely a scam. She added that the platform does not call customers. She forwarded the details to the current team. Within minutes, the executive received a real call and text from the platform confirming the attempt was fraudulent.

Industry warns about AI-driven scams

The executive decided to write up the entire 15-minute call so the company could warn others, which also ran as a news article.

A platform spokesperson said the company monitors accounts for unusual behavior, including large transfers or sudden sales from accounts that rarely move funds.

The spokesperson said, “We invest heavily in prevention, detection, and rapid response.” They also said the platform would never instruct customers to move crypto into a safe wallet. “If someone tells you to move funds to protect them, it’s a scam,” the spokesperson said.

The company also acknowledged that artificial intelligence is making scams harder to detect. It said attackers use bots and AI voice tools to create believable calls.

A crypto recovery firm reported a 1,400% increase in impersonation scams over the past year. The firm’s CEO said attackers operate both inside and outside the United States. They often recruit young men or teenagers and train them using scripts and voice modulation devices.

The recovery firm said it has recovered about $200 million for victims over the past four years. Recovery efforts show that tracing stolen crypto is possible, but recovery often requires help from local authorities and remains difficult.