[2018-02-14] Cisco And Ukrainian Cyber Police Uncover $50 Mln Bitcoin Phishing..

[Diced90]

Cisco And Ukrainian Cyber Police Uncover $50 Mln Bitcoin Phishing Scam

Technology conglomerate Cisco and the Cyber Police of Ukraine have revealed a Ukrainian Bitcoin (BTC) phishing ring that has stole over $50 mln over a three year period, Cisco’s threat intelligence team Talos reports.

Talos was first alerted to the phishing threat on Feb. 24, 2017, when a Ukrainian-based phishing scheme, COINHOARDER, targeted the blockchain.info wallet service through Google Ads that contained “gateway phishing links” and generating over 200,000 client search queries.

The Google Ads would appear to represent the real blockchain.info Bitcoin wallet by using domain names that closely resembled that of the official wallet, like blockchein.info. The phishing sites themselves are also designed to match the real site in every way except for the domain name.

Talos reports that COINHOARDER began making their phishing site look more legitimate over time by using rogue SSL certificates in combination with their “typosquatting,” “brand spoofing,” and “homograph attacks.”

Talos found that the phishing targeted geographic areas where local currencies were unstable and English was not the first language of the region, like Nigeria and Ghana, for victims were more likely to miss the slight differences in the domain and SSL names.

Cisco’s collaboration with the Cyber Police of Ukraine helped them identify the attackers’ BTC wallet address. Talos writes that “around $10 mln” alone was stolen while tracking the wallet’s activity from Sept. through Dec. 2017.

After the discovery of this large-scale phishing scheme, Cisco began flagging the associated domains as suspicious, and used DNS requests to find and block other domains opened by the same registrant of the initial site.

Talos ends their report with the list of the IP addresses associated with the phishing scam, as well as ways for Cisco customers to protect themselves against similar threats.

Crypto phishing scams on Twitter have recently become much more prevalent, with users creating fake accounts that closely mimic those of crypto elites like Charlie Lee or Vitalik Buterin and then promoting fake crypto giveaways.

source https://cointelegraph.com/news/cisco-and-ukrainian-cyber-police-uncover-50-mln-bitcoin-phishing-scam

[1713570267]

1713570267

[Lucius]

When I see this kind of news then it is quite clear why Google,Facebook,Twitter and some others have decided to ban any advertising which is related to cryptocurrency.Just imagine what is the total damage world-wide if only one organization managed to steal 50$ million in three years.These things inflict enormous damage to cryptocurrency,and most of users who are victim of phishing will just blame BTC and mark it as SCAM.

The only way that advertising can be re-enabled is to check every advertisement before being approved.I think this is nothing complicated at least in the case of phishing site who want to imitate online/desktop wallets.It seems that the only problem is in ignorance of these big companies,they simply do not know how to do it for now.

[Taki]

When I see this kind of news then it is quite clear why Google,Facebook,Twitter and some others have decided to ban any advertising which is related to cryptocurrency.Just imagine what is the total damage world-wide if only one organization managed to steal 50$ million in three years.These things inflict enormous damage to cryptocurrency,and most of users who are victim of phishing will just blame BTC and mark it as SCAM.

The only way that advertising can be re-enabled is to check every advertisement before being approved.I think this is nothing complicated at least in the case of phishing site who want to imitate online/desktop wallets.It seems that the only problem is in ignorance of these big companies,they simply do not know how to do it for now.

The point is in whom a user or investor is going to judge and to sue in court in the case of cheating? People will complain on all of those corporations as Google, Twitter and Facebook, cause of they promoted such scammy projects. So, it is clear that they want to protect themselves from such unpleasant cases.

[Lieldoryn]

All exchanges have long warned its users that the network may be double sites. The only difference is the domain name. I'm always in front of the entrance to the site to check the name. It seemed to me that it is very difficult now to use such a primitive way of theft. The financial literacy of the population is growing every year and fraudsters will find it harder to deceive people.

[CryptoBry]

I would zero in to the ads made by these phishing sites. these are the kind of ads that Google should be banning and not those legitimate ones doing business using the cryptocurrency platform. Putting a blanket decision affecting everybody is not doing justice for many who are honest in the pursuit of their enterprises. Google and Twitter should come up with a good guidelines defining what can be allowed and not allowed.