Internet security researchers have found a scam cryptocurrency website which mimics the well-respected and legitimate British news source the BBC.
Email users are led to the fake website by an innocent-looking “Display Message” link. However, according to Coingeek, the fake site could then be doing anything from attempting to gather login information to running a “Bitcoin Core” mining script.
Bitcoin mining is a lucrative job – and fraudsters who are able to use their victims’ computers to do it are often at an advantage, as they are essentially using other people’s electricity and processing capacity to do their work.
In a blog post outlining the scam, researchers at My Online Security said that the scam often begins with the user receiving an email message. In some cases, this email message will contain a link saying “Display Message” – although in others, it may be blank.
To some extent, the format in which the message is received will depend on the software and operating system you use. The researchers believe that using Outlook will mean the link will be hidden, while Mac users may also see it differently.
“…I think in this case that the recipient was using a Mac computer which does have different settings to windows. I frequently see complaints about Macs where redirects or some secure sites don’t work as expected”, the My Online Security team said in the blog post.
“I think that has happened in this case & instead of being redirected several times on login.mobilesecure-mail.host, they have been directed to a login page thinking that it is the criminal trying to login & change something.”
Upon getting through to the fake BBC news website, the headline “Panorama: Who Wants to Be a Bitcoin Millionaire?” will appear.
Clicking on links on the page will send users to a page promoting the “Bitcoin Trader” affiliate system – a notorious site which is considered spam within the trading community.
“Bitcoin Is Making People Rich And You Can Become The Next Millionaire”, it promises.
In the blog post, the My Online Security team said that they had contacted internet security firm Cloudflare for assistance.
“The Fake BBC site is behind Cloudflare who responded quickly as usual to my report & set up an immediate interstitial page warning of phishing or scam, so hopefully reducing the numbers of potential victims for this scam”, it said.
In the comments below the blog post, one user pointed out that the email messages which hook users in and encourage them to visit the site in the first place were often coming from trusted individuals.
“Received a similar email with the green ‘Display Message’ button back in middle of December. Have received several more since then, all from people I know”, said the commenter named Mike Hardman.
He also pointed out that the malware took steps to be convincing. “Once activated, the malware seems to go through your ‘sent items’ folder (not your contacts list), emailing people you’ve previously emailed, with a subject line you’ve previously used”, he added.