Getting your Trinity Audio player ready...
|
A cryptocurrency scam which spoofs the BBC News website has been uncovered by security researchers, in the latest crypto scam to target unsuspecting victims.
Uncovered by researchers at My Online Security in response, the scam is being spread by email, with a seemingly innocuous ‘Display Message’ redirecting to a page which then runs a malicious Bitcoin Core (BTC) mining script.
https://twitter.com/dvk01uk/status/1081518655798681601
In a blog post detailing their findings, My Online Security said the ‘Display Message’ link did not display for emails received through Outlook, while victims using Macs were taken to a spoof login page, rather than the mock BBC page.
In all cases, the scammers are looking to exploit their victims, both for their processing power and for login credentials which could potentially be used to steal unsecure cryptocurrency holdings.
The mock BBC page looks convincing at first glance, posing as a story about BTC millionaires. Clicking anywhere on the page redirects users through to an affiliate site for the notorious ‘Bitcoin Trader’ scam.
Bitcoin Trader has been widely exposed as a fraud, with testimonies purporting to come from high profile businessmen, TV personalities and investors all revealed to be fake.
Also known variously as ‘Bitcoin Revolution’ and other, similar names, the scam promises untold riches for those who deposit and sign up for their BTC trading system.
According to My Online Security, a report to CloudFlare saw swift action to prevent others from unwittingly wandering into the trap. It noted, “The Fake BBC site is behind CloudFlare who responded quickly as usual to my report & set up an immediate interstitial page warning of phishing or scam, so hopefully reducing the numbers of potential victims for this scam.”
These types of scams have become increasingly common, with a growing number of reports through the last 12 months. Cryptojacking in particular has become an issue, with hackers harvesting processing power from their victims to mine crypto in the background.
With new scams emerging every day, the message remains clear—to avoid clicking on suspicious links in email as far as possible, and to be extremely wary of anyone claiming they can make you rich from crypto.