Fake websites have successfully stolen the personal records of a number of people from the United Kingdom, Australia, South Africa, the United States, Singapore, Malaysia, Spain and more, as the attack was executed as a targeted multistage Bitcoin (BTC) scam propagated by a number of fake websites.
However, victim’s phone numbers, which in most cases came with names and e-mails, were contained in personalized URLs used to redirect people to websites. These sites posed as local news outlets, even going so far as to include fabricated comments from prominent local personalities.
Analysis conducted on the leaked numbers allowed Group-IB to establish where the majority of the data had leaked from. They discovered that the UK was the most affected location with 147,610 personal records.
As per the report, victims commonly received a text message, or SMS, which mentioned the name of the recipient. This was followed by a phishing message that was meant to impersonate a recognized media outlet.
Ilia Rozhnov, the head of Group-IB’s brand protection team in the Asia Pacific, said:
“Fraudulent schemes have become more complicated. They now involve several stages, complex distributed infrastructure, and abuse of personal and corporate brands that is hard to track down and block using traditional detection methods. Companies and celebrities whose names were hijacked by fraudsters suffer reputational damage and face diminished customer trust.”
Likewise, researchers spotted six active domains featuring the same Bitcoin investment platform. Each operated under a different name. Some of these include:
- Crypto Cash
- Bitcoin Rejoin
- Bitcoin Supreme
- Banking on Blockchain
“Further analysis of the URLs revealed that a short link takes a victim to another URL which already demonstrates their personal data, such as the phone number, first or/and last name, and sometimes an email address, and used for redirects to fake websites masquerading as a local media outlet. […] The experts believe that the personal information info could have been obtained by fraudsters through a separate fraudulent scheme or simply bought from a third party.”
However, the Group-IB team has analyzed the exposed info by using a number of data breach repositories. They have also analyzed several underground marketplaces for the presence of this data. So far, they have not found any traces of the exposed info.
The team has reported the study’s findings to the proper authorities in each affected country.
Thus, on June 15, cryptocurrency forensics experts from Xrplorer warned that hackers were trying to steal XRP users’ secret keys by claiming that Ripple was giving away tokens.