Technology conglomerate Cisco and the have revealed a Ukrainian (BTC) phishing ring that has stole over $50 mln over a three year period, Cisco’s threat intelligence team reports.
Talos was first alerted to the phishing threat on Feb. 24, 2017, when a -based phishing scheme, COINHOARDER, targeted the wallet service through Google Ads that contained “gateway phishing links” and generating over 200,000 client search queries.
The Google Ads would appear to represent the real blockchain.info bitcoin wallet by using domain names that closely resembled that of the official wallet, like blockchein.info. The phishing sites themselves are also designed to match the real site in every way except for the domain name.
Talos reports that COINHOARDER began making their phishing site look more legitimate over time by using rogue SSL certificates in combination with their “,” “brand spoofing,” and “.”
Talos found that the phishing targeted geographic areas where local currencies were unstable and English was not the first language of the region, like Nigeria and Ghana, for victims were more likely to miss the slight differences in the domain and SSL names.
Cisco’s collaboration with the Cyber Police of Ukraine helped them identify the attackers’ BTC wallet address. Talos writes that “around $10 mln” alone was stolen while tracking the wallet’s activity from Sept. through Dec. 2017.
After the discovery of this large-scale phishing scheme, Cisco began flagging the associated domains as suspicious, and used requests to find and block other domains opened by the same registrant of the initial site.
Talos ends their report with the list of the IP addresses associated with the phishing scam, as well as ways for Cisco customers to protect themselves against similar threats.
Crypto phishing scams on Twitter have recently become much more prevalent, with users creating fake accounts that or and then promoting fake crypto giveaways.
Published at Thu, 15 Feb 2018 13:05:42 +0000
bitcoin Scams
