The personal data of hundreds of thousands of people – the majority from the UK – has been exposed in a complex Bitcoin scam.
Some 248,926 sets of personally identifiable details from users around the world, including phone numbers, names and email address, were used to create personalised URLs directing users to malicious websites masquerading as legitimate news outlets.
Using the data, scammers would send a text message containing a unique short link to a potential victim’s mobile phone.
Anyone clicking the short link would be redirected to a website designed to look like a news outlet. In the UK this was either The Sun or The Mirror – the country’s two major tabloid newspapers.
The fake websites would feature fabricated interviews purporting to be with celebrities or other well-known figures claiming they had made millions by investing in cryptocurrency.
When users clicked a link in the article, they were taken to another website claiming to be a bitcoin investment platform where their personal data was pre-filled in the registration form.
If a visitor then completed the sign up, they were shortly asked to fund their account with bitcoin, which was then stolen by the scammers.
The leaked data was discovered by Group-IB, a global threat hunting and intelligence company headquartered in Singapore.
Ilya SachkovIlya Sachkov, CEO and founder at Group-IB, said: “The bitcoin investment scams have been around for quite a while and we regularly detect new instances of crypto fraud.
“This time however the scheme was significantly upgraded, and a tremendous amount of personal information was leaked.
“The bad guys got smarter in a bid to increase the success rate of their fraudulent operations.
“Using personal data allows them to carry out targeted attacks and make a victim’s journey easier and smoother, which levels up the overall effectiveness of the scheme.
“In general, many people tend to underestimate the risks of their names, phones or emails circulating online until bad things happen.
“In fact, such a huge amount of sensitive data in the wrong hands opens up a whole new world of opportunities for fraudsters.
“This data can be sold further, or they can push a new round of fraud.”
In the UK there were 147,610 victims, followed by 82,263 in Australia, 4,149 in South Africa, 4,147 in the US, 3,499 in Singapore, 2,491 in Malaysia, 2,420 in Spain, with the remainder distributed across other countries.
Group-IB urged people to follow a couple of simple rules to stay safe: If you spot a long redirect chain, it’s a red flag, and always double-check the domain name, website registration date when entering personal information or payment data.
- Baby Boomers Turn to Bitcoin for Investment Portfolio Returns
- Bognor Regis Teenager Charged Over Obama, Musk, Kardashian Bitcoin Twitter Hack
- Power Plants in Iran are Now Allowed to Mine Bitcoin and Other Cryptocurrencies
- Bitcoin is an Aspirational Store of Value According to Global Investment Powerhouse Fidelity
- Millions of Dollars’ Worth of Bitcoins Stolen in 2016 Bitfinex Heist Have Just Been Moved
- Dr Seuss’ Favourite Characters to Become Blockchain Collectibles with Dapper Labs
- Russian Chess Grandmaster Garry Kasparov Backs Bitcoin and Cryptocurrency
- Satoshi’s Bitcoin Treasure Protected Blockchain From 51% Attack And May Never Be Spent
- The Number of Women Investing in Bitcoin and Cryptocurrency is Surging
- Brazilian Jiu-Jitsu Star Craig Jones Reveals His Tale of Bitcoin Woe