Fraudulent websites successfully have stolen the personal records of a number of individuals from the U.K., Australia, South Africa, the U.S., Singapore, Malaysia, Spain, and more. The attack was executed as a targeted multi-stage Bitcoin (BTC) scam propagated by a number of fraudulent websites.
According to the Singapore-based intelligence company, Group-IB, the attack exposed personal data for thousands of people.
Impersonating recognized media outlets and personalities
Victim's phone numbers, which in most cases came with names and emails, were contained in personalized URLs used to redirect people to websites. These sites posed as local news outlets, even going so far as to include fabricated comments from prominent local personalities.
Analysis conducted on the leaked numbers allowed Group-IB to establish where the majority of the data had leaked from. They discovered that the U.K. was the most affected location with 147,610 personal records.
The report details that victims commonly received a text message, or SMS, which mentioned the name of the recipient. This was followed by a phishing message that was meant to impersonate a recognized media outlet.
Ilia Rozhnov, head of Group-IB's Brand Protection team in the Asia Pacific, told Cointelegraph:
"Fraudulent schemes have become more complicated. They now involve several stages, complex distributed infrastructure, and abuse of personal and corporate brands that is hard to track down and block using traditional detection methods. Companies and celebrities whose names were hijacked by fraudsters suffer reputational damage and face diminished customer trust."
Different names for the same fraudulent investment platform
Researchers spotted six active domains featuring the same Bitcoin investment platform. Each operated under a different name. Some of these include Crypto Cash, Bitcoin Rejoin, Bitcoin Supreme and Banking on Blockchain.
"Further analysis of the URLs revealed that a short link takes a victim to another URL which already demonstrates their personal data, such as the phone number, first or/and last name, and sometimes an email address, and used for redirects to fake websites masquerading as a local media outlet. (...) The experts believe that the personal information info could have been obtained by fraudsters through a separate fraudulent scheme or simply bought from a third party."
The Group-IB team has analyzed the exposed info using a number of data breach repositories. They have also analyzed several underground marketplaces for the presence of this data. So far, they have not found any traces of the exposed info.
As of press time, the source of the leak has not been established. The team has reported the study’s findings to the proper authorities in each affected country.
Cryptocurrencies forensics experts from Xrplorer warned on June 15 that hackers were trying to steal XRP users’ secret keys by claiming that Ripple was giving away tokens.