By Karl Kronenberger
Partner, Kronenberger Rosenfeld
It’s an easy mistake to make, and it can be costly.
Click on the wrong link, or type the wrong keystroke and you could end up losing a lot of money, personal data, or be the victim of malware.
In 2017, cybercriminals successfully stole millions of dollars using Google ads that sent unsuspecting users who searched for blockchain products to phishing sites.
They purchased Google ads that spoofed Blockchain.info, a major provider of Bitcoin digital wallets. The scammers forwarded victims to sites that had a similar look to the real pages which were under the control of the thieves. At that point, all personal information including passwords to digital wallets was stolen. Cisco’s Talos security group reported that $2 million in bitcoin was stolen in just over three weeks.
The scam was associated with an internet provider in Ukraine. The technique involved using Cyrillic characters to create domain names that look like English letters. Or, with spelling mistakes like “blokchein.info,” and “bockchain.info.”
In the case of non-English speakers, who might have difficulty noticing the difference, computers in Ghana, Estonia and Nigeria were found to be visiting the fake Bitcoin sites.
Talos representatives said that Cyrillic characters used to spoof the domain names are almost impossible to detect with the naked eye.
Scammers love typos, especially yours. Anticipating your slip of the finger, they modify popular web addresses by removing a letter. It’s called typosquatting.
Typosquatting is an increasingly popular scamming scheme that dupes Internet users into clicking on what looks like mainstream websites like itunes-dot-cm, espn-dot-cm, and paypal-dot-cm.
Then, they wait. The unsuspecting Internet user makes a keyboard mistake, ending up at what looks just like paypal-dot-com, while the scammer scoops up login, passwords and credit card details. Some scammers even collect two-factor authentication data from victims and, in real time, enter it into the true destination website of the victim.
Scammers are aggressive, persistent and smart. The best way to stay safe is to develop Internet habits that will avoid typosquatting sites.
Our firm can help you if you’ve been a victim of bitcoin spam, phishing, and other forms of illegal cyber attacks. Please contact me directly for help. I look forward to assisting you.
This entry was posted on Monday, June 04, 2018 and is filed under Resources & Self-Education, Internet Law News.