A multi-stage bitcoin fraud exposed and leveraged personally identifiable information to trick users into enlisting to a dubious investment site. Researchers found close to 250,000 unique records.
The attackers prepared websites impersonating publications that are well-known in the victim’s country with fake interviews and comments where famous people praised a cryptocurrency trading platform.
In the first stage of the scam, a text message informs that a celebrity has an investment secret that increased their wealth. An accompanying short link supposedly takes the recipient to proof of the claim, which is phase two.
The sender of the text would be spoofed to look like it’s coming from a trusted source.
Clicking on the URL opens a site pretending to be a trustworthy local news source, researchers at Singapore-based cybersecurity company Group-IB say in a report today.
The attackers customized the experience so that victims from different geographies land on lookalike sites from their region. Thus, U.K. users would land on a page impersonating The Sun or Mirror. Targets in Australia, though, would see a fake ABC (Australian Broadcasting Corporation) site. Singaporeans would land on a page pretending to be from The Straits Times.
Group-IB found that the URL to the dubious platform includes the victim’s personal information, which is used to populate fields for setting up an account.
Content on all bogus sites is meant to lure the target into the scam. It provides fake interviews and comments from local celebrities claiming they made a fortune using a certain bitcoin trading platform (Crypto Cash, Bitcoin Rejoin, Bitcoin Supreme, Banking on Blockchain).
Among the names used by the fraudsters are Singapore actor and TV host Bryan Wong, American singer Chris Brown, Australian businesspeople Andrew Forrest, Travers Beynon, and Gina Rinehart.
All links on these pages direct to the alleged service, where targets can create an account and activate it for a modest fee of 0.03 BTC (about $270 at current exchange).
It is unclear how the fraudsters obtained the personally identifiable information (PII), but the scam exposed phone numbers, first and/or last name, and sometimes email addresses.
A company representative told BleepingComputer that researchers identified 248,926 unique URLs, each with a set of PII.
Ilya Sachkov, Group-IB CEO, says that fraudsters can use personal data to increase the success rate of the campaign since victims are more likely to fall for targeted attacks.
A breakdown of the steps in the attack is available below:
Most of the victims are from the U.K….