Personal details of leaked investors
A global search and threat intelligence company, Group IB, revealed this week that it “discovered thousands of personal records of users from more than 20 countries around the world exposed in a targeted multi-step Bitcoin scam”. The Singapore-based company said it found 248,926 sets of personally identifiable information, elaborating:
“Analysis of the country codes of the exposed phones showed that the majority of victims were from the United Kingdom (147,610), followed by Australia (82,263), South Africa (4,149), USA (4,147), Singapore (3,499), Malaysia ( 2,491), Spain (2,420) and other countries. ”
The company described at least six active domains with the same Bitcoin investment platform. The scheme operates under different names, such as Crypto Cash, Bitcoin Rejoin, Bitcoin Supreme and Banking on Blockchain. Group IB analysts added that this new scheme resembles the Bitcoin Evolution scam.
An illustration of how this “personalized Bitcoin investment scam” works. Source: Group IB
The company also explained how this Bitcoin scam works. First, a potential investor receives an SMS text message. Scammers sometimes send phishing messages using the name of a media recognized as the sender.
Each message contained a short and unique link that takes the investor to a website “that already shows their personal data, such as a phone number, first or last name, and sometimes an email address, used to redirect to fake websites. , masked as a means of local communication ”, detailed the intelligence company. “Experts believe that personal information may have been obtained by scammers through a separate scam or simply purchased from third parties.”
The content displayed usually depends on the location of the targeted crypto investor, such as the main news outlets in the investor’s country. The fraudulent sites feature fake interviews from famous people, articles, news and comments attributed to local celebrities. They claim that famous people made their fortune using the new cryptocurrency investment platform. One example is Prince Harry and Meghan Markle, Duke and Duchess of Sussex, used by Bitcoin Evolution as news. Bitcoin.com previously reported:
“All the fake pages discovered are almost identical in terms of design, but the URL and page code are unique each time and contain users’ personal records. If a victim decides to click on any link in the article, they will be directed to a Bitcoin investment platform website, where their data, contained in the URL, would already be pre-filled in the registration form without the user’s consent.
Later, a victim would be asked to add to the balance of his BTC account ”, detailed the researchers. Bleepingcomputer noted that “targets can create an account and activate it for a modest fee of 0.03 BTC [US$ 274]”.
According to the intelligence company, the source of the leak was not established, but the information was provided to the relevant authorities in the affected countries.