UK Bitcoin scam

UK Users Hardest Hit in Sophisticated Multi-Stage Bitcoin Scam

The personal data of hundreds of thousands of people – the majority from the UK – has been exposed in a complex Bitcoin scam.

Some 248,926 sets of personally identifiable details from users around the world, including phone numbers, names and email address, were used to create personalised URLs directing users to malicious websites masquerading as legitimate news outlets.

Using the data, scammers would send a text message containing a unique short link to a potential victim’s mobile phone.

Anyone clicking the short link would be  redirected to a website designed to look like a news outlet. In the UK this was either The Sun or The Mirror – the country’s two major tabloid newspapers.

The fake websites would feature fabricated interviews purporting to be with celebrities or other well-known figures claiming they had made millions by investing in cryptocurrency.

When users clicked a link in the article, they were taken to another website claiming to be a bitcoin investment platform where their personal data was pre-filled in the registration form.

If a visitor then completed the sign up, they were shortly asked to fund their account with bitcoin, which was then stolen by the scammers.

The leaked data was discovered by Group-IB, a global threat hunting and intelligence company headquartered in Singapore.

cointiply ad - freecoyn

Ilya SachkovIlya Sachkov, CEO and founder at Group-IB, said: “The bitcoin investment scams have been around for quite a while and we regularly detect new instances of crypto fraud.

“This time however the scheme was significantly upgraded, and a tremendous amount of personal information was leaked.

“The bad guys got smarter in a bid to increase the success rate of their fraudulent operations.

“Using personal data allows them to carry out targeted attacks and make a victim’s journey easier and smoother, which levels up the overall effectiveness of the scheme.

“In general, many people tend to underestimate the risks of their names, phones or emails circulating online until bad things happen.

“In fact, such a huge amount of sensitive data in the wrong hands opens up a whole new world of opportunities for fraudsters.

“This data can be sold further, or they can push a new round of fraud.”

In the UK there were 147,610 victims, followed by 82,263 in Australia, 4,149 in South Africa, 4,147 in the US, 3,499 in Singapore, 2,491 in Malaysia, 2,420 in Spain, with the remainder distributed across other countries.

Group-IB urged people to follow a couple of simple rules to stay safe: If you spot a long redirect chain, it’s a red flag, and always double-check the domain name, website registration date when entering personal information or payment data.

Recent posts: