Kaspersky Lab’s security experts have found that cyber criminals were able to steal more than 21,000 in Ethereum (ETH) (worth around $10 million) through social engineering schemes over the past year, Cointelegraph auf Deutsch reports Thursday, July 12.

According to a July 9 report, cyber criminals have triggered more than a hundred thousand alarms altogether on security software in connection with cryptocurrencies since the beginning of 2018.

Kaspersky Lab notes that scammers particularly single out investors interested in Initial Coin Offerings (ICO), using fake websites and phishing emails containing an e-wallet number to trick their targets out of money.

The report mentions the Switcheo ICO as an example, stating that criminals stole more than $25,000 worth of crypto by posting a fake offer on a Twitter account claiming to be associated with the ICO.

Another social engineering scam is the fake “cryptocurrency giveaway,” where victims are promised a higher payout of the same cryptocurrency later in return for a small sum of cryptocurrency now. The report describes the popularity of using fake social media accounts purporting to be well-known personalities, such as business magnate Elon Musk and Telegram founder Pavel Durov, for this scam.

According to Nadezhda Demidova, the lead web content analyst at Kaspersky Lab, the attack patterns continue to evolve, making it impossible to protect against them easily. Demidova also notes that cryptocurrency phishing “stand[s] out” from other phishing attacks because scammers can make millions of dollars:

“The success criminals have enjoyed suggests that they know how to exploit the human factor, which has always been one of the weakest links in cybersecurity, to capitalize on user behaviors”.

Kaspersky Lab, which traditionally focuses on protection against malware such as viruses, Trojans, and ransomware, has already been keeping an eye on criminal behaviors involving cryptocurrencies. At the end of June, the cybersecurity company reported on the recent shift in popularity from ransomware attacks to “cryptojacking,” which infects a computer with malware that mines for crypto without the owner’s permission.

Kaspersky Lab also warned cryptocurrency owners in November 2017 against a trojan that replaces the wallet address on a user’s clipboard in order to redirect cryptocurrency transactions to scammers.