Fraudulent websites have successfully stolen the personal records of several people from the UK, Australia, South Africa, the United States, Singapore, Malaysia, Spain and more. The attack was executed as a multi-stage Bitcoin (BTC) scam spread by several fraudulent websites.
According to the Singapore-based intelligence company, Group-IB, the attack exposed personal data of thousands of people.
Phishing sites use misleading letters in domain names to steal XRP
Impersonating well-known media and personalities
The victims‘ phone numbers, which in most cases included names and e-mails, were contained in personalized URLs that were used to redirect people to websites. These sites posed as local news media, even including fabricated comments from prominent local personalities.
Analysis of the leaked numbers allowed the IB Group to establish where most of the data had been leaked. They found that the UK was the most affected with 147,610 personal records.
They claim that the blockchain technology will provide more security for B2B Safe
The report details that victims commonly received a text message, or SMS, that mentioned the name of the recipient. This was followed by a phishing message intended to impersonate a recognized media outlet.
Ilia Rozhnov, director of the IB Group’s Brand Protection team in Asia Pacific, told Cointelegraph:
„Fraudulent schemes have become more complicated. They now involve several stages, a complex distributed infrastructure and abuse of personal and corporate brands that is difficult to track and block using traditional detection methods. Companies and celebrities whose names have been hijacked by fraudsters suffer reputational damage and face a decline in customer confidence.
The DeFi Balancer protocol was hacked by an exploit they were apparently already aware of
Different names for the same fraudulent investment platform
The researchers detected six active domains with the same Bitcoin inversion platform. Each operated under a different name. Some of these include Crypto Cash, Bitcoin Rejoin, Bitcoin Supreme and Banking on Blockchain.
„Further analysis of the URLs revealed that a short link takes the victim to another URL that already displays his personal data, such as phone number, first and/or last name, and sometimes an email address, and is used to redirect to fake websites posing as a local media outlet. (…) Experts believe that personal information may have been obtained by fraudsters through a separate fraudulent scheme or simply purchased from a third party.
A developer successfully hacks a Bitcoin wallet to win a contest
The IB Group team has analysed the information exposed using various data filtering repositories. They have also analysed several underground markets to detect the presence of this data. So far, they have found no trace of the information exposed.
At the time of going to press, the source of the leak has not been established. The team has reported the study’s findings to the appropriate authorities in each affected country.
Xrplorer’s forensic crypto experts warned on June 15 that hackers were trying to steal secret keys from XRP users by claiming that Ripple was giving away tokens.