An intelligence firm based in Singapore has said that it has uncovered a large-scale bitcoin scam associated with the leak of personal data of thousands of people.
Group-IB, which describes itself as a “global threat hunting and intelligence company”, said that people from various countries around the world had been affected by the scam.
It said that people in Britain, South Africa, Australia and the US had all been targeted – as had users in Spain, Singapore, Malaysia and more.
It is understood that the data leak that followed the scam led to 248,926 “sets of personally identifiable information” being made available.
Most of those targeted were from the UK, with 147,610 victims there.
A significant number, 82,263, were in Australia.
In a press statement, Group-IB outlined how the problem unfolded and described the nature of the fake websites set up to trick traders.
It said that victims’ phone numbers, which often came with names and emails, were contained in personalised URLs that were used to redirect people to sites posing as local news outlets with fake comments by local personalities about a cryptocurrency investment platform that helped them to build a fortune.
“The source of the leak has not been established yet. The information has been provided to relevant authorities in the affected countries,” it added.
The first stage of the scam appeared to be based around SMS text messages.
“First, a victim receives a text message. Group-IB specialists managed to retrieve 4 samples of SMS. Scammers sometimes send out phishing messages using the name of a recognized media outlet as the sender,” it explained.
It was at this stage that the victims were then redirected to a fake webpage.
At that stage, the localisation would kick in as part of an attempt to beguile the user into investing in what they might think was a legitimate cryptocurrency scheme.
“The content a user would see often depends on their location,” Group-IB said.
“For example, users from the UK would be demonstrated a website disguised as the Sun or the Mirror, the Australians would likely see a fake ABC Australia website.”
One interesting aspect of the scheme was that the leaked data was already present when the user received the original text message.
The URL offered to the user would be customised using information such as the user’s phone number.
“Group-IB researchers have run the exposed info through data breach repositories and have analyzed several underground marketplaces for the presence of this data but have not found any traces of the exposed info,” it said.
“The experts believe that the personal information info could have been obtained by fraudsters through a separate fraudulent scheme or simply bought from a third party,” it added.
In what appeared to be an attempt to convince the user to invest, some of these details would then be transplanted to a pre-filled registration form.
“If a victim decides to click any link in the article, they are taken to a bitcoin investment platform website, where their data, contained in the URL, would already be pre-filled in the registration form without a user’s consent,” Group-IB said.
Safest Forest Brokers 2020
|Broker||Info||Best In||Customer Satisfaction Score|
|#1||Your capital is at risk Founded: 2012||Global CFD and FX broker||
Best FOREX BROKER Visit broker
|#2||Your capital is at risk Founded: 2010||Global Forex Broker||
Low minimum deposit Visit broker
|#3||80.5% of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you can afford to take the high risk of losing your money. Founded: 2008||Global CFD Broker||
Best Trading App Visit broker
|#4||Your capital is at risk Founded: 2006||Globally regulated broker||
BEST CUSTOMER SUPPORT Visit broker
|#5||Your capital is at risk Founded: 2014||Global Forex Broker||
BEST SPREADS Visit broker
Stay up to date with the latest Forex scam alerts
Sign up to receive our up-to-date broker reviews, new fraud warnings and special offers direct to your inbox