A recent data breach has left Betterment users vulnerable, with cybercriminals launching a sophisticated cryptocurrency scam. This fraudulent scheme promises unrealistic returns on Bitcoin and Ethereum deposits, preying on customers who have recently been targeted with fake emails. The attackers exploited a security vulnerability to gain access to some user data, enabling them to send deceptive messages that impersonate legitimate communications from Betterment.
How Betterment Users Are Being Targeted
Following a security incident on January 9th, where unauthorized access was gained to a third-party marketing platform, Betterment users are being targeted with fraudulent offers. These emails, often featuring subject lines like "We'll triple your crypto!", claim that Betterment is offering a limited-time promotion to triple deposits of Bitcoin and Ethereum, up to a substantial amount. The scammers create a false sense of urgency by including expiration deadlines, a common tactic to pressure recipients into acting without careful consideration (Betterment, 2024).
Alarmingly, these scam messages were sent from a legitimate Betterment subdomain, [email protected], making them appear highly credible to unsuspecting recipients. This is the same email address Betterment used to communicate critical security updates to its customer base, further enhancing the scam's deceptive nature. It's a stark reminder that even seemingly official communications can be malicious.
Lessons from Similar Attacks
This isn't the first time a large platform's users have been targeted with such elaborate scams. In December, Grubhub users fell victim to a nearly identical scheme. Emails, also originating from a legitimate Grubhub subdomain, promised a 10x return on Bitcoin deposits. This pattern suggests a growing trend where threat actors leverage data breaches to impersonate trusted brands and exploit customer trust for financial gain.
Another example involves phishing attempts targeting users of popular banking applications. Scammers send fake alerts about account security issues, prompting users to click on malicious links that lead to credential-harvesting websites. The primary goal is always to gain access to sensitive financial information, and betterment users are being especially vulnerable due to the recent breach.
What Data Was Compromised
While Betterment has stated that no passwords or login credentials were accessed, and threat actors did not gain entry to user accounts, some customer information was indeed stolen from the compromised system. This included names, email addresses, physical mailing addresses, phone numbers, and dates of birth. The company is reportedly facing a distributed denial-of-service (DDoS) attack as part of the extortion attempt (Betterment, 2024).
The compromised data, while not including direct account access details, is incredibly valuable to cybercriminals. This information can be used for further targeted phishing attacks, identity theft, or to craft more convincing social engineering attempts. Understanding the scope of the breach is crucial for all betterment users to remain vigilant.
How to Stay Safe
If you are a Betterment customer, it is imperative to be extremely wary of any unsolicited communications regarding your account in the coming days and weeks. Scammers frequently exploit data breaches as prime opportunities for phishing. Remember, legitimate companies like Betterment will never ask for your password or other sensitive personal information via email, text, or phone call.
The safest approach when concerned about your account or wishing to update personal details is to navigate directly to the official Betterment website or app. Avoid clicking on any links within suspicious emails, even if they appear to be from a legitimate source. This direct approach bypasses potential malicious redirects and ensures you are interacting with the genuine platform, safeguarding your financial security. Betterment users are being warned to exercise extreme caution.
