Runs On Your Cloud
No Data Sharing
No Contract Required
Explore Now
Face Verification
Address Verification
Document Verification
Age Verification
VideoIdent
Fast ID
eIDV
NFC Verification
Consent Verification
Business Verification
Due Diligence
Investor Verification
E-Signature
Behavioural Biometrics
Device Fingerprinting
MFA
AML Screening
Business AML Screening
User Risk Assessment
Transaction Screening
Adverse Media Screening
Identity Verification
KYC
KYB
KYI
Bonus Abuse
Fraud Prevention
Banking
Crypto
Fintech
Forex
Gaming
Gig Economy
Marketplace
Social Networks
Product Managers
Compliance Officers
Fraud Analyst
Global Trust Platform
Journey Builder
Content library
Blogs
News
Reports
Insights
Knowledgebase
ROI calculator
Blind Spot Audit
Deepfake Detection
Liveness Detection
Document Originality
Document Deepfake
Events & Webinar
Podcast Studio
Spotlight Studio
API Documentation
Mobile SDKs
Service Status
Help Center
Contact Us
Technical Support
Compliance
Supported Document
About
Career
Press Release
Certifications
Partnership
Awards
Bitcoin scam exposes thousands to a data breach
Fraud websites have successfully stolen the personal records of a number of individuals from the United Kingdom, Australia, South Africa, the United States, Singapore, Malaysia, Spain, and more. The attack was carried out as a targeted multistage Bitcoin (BTC) scam circulated by a number of fake websites.
A Bitcoin scam exposed thousands of people to a breach in personal data https://t.co/8ugatjOC6L
— Cointelegraph (@Cointelegraph) June 30, 2020
As per a Singapore-based intelligence company Group-IB, the attack revealed personal data for thousands of people.
Victim’s phone numbers, which in most cases came with names and emails, were contained in personalized URLs to redirect people towards websites. These sites constituted as local news outlets, even including fabricated comments from key local personalities.
Analysis performed on the leaked numbers allowed Group-IB to find out where most of the data had leaked from. It was discovered that the U.K. was the most affected place with 147,610 personal records.
The report states that victims commonly received a text message which mentioned the name of the recipient. This was followed by a phishing message meant to impersonate a recognized media outlet.
The head of Group-IB’s brand protection team, Ilia Rozhnov, stated:
“Fraudulent schemes have become more complicated. They now involve several stages, complex distributed infrastructure, and abuse of personal and corporate brands that are hard to track down and block using traditional detection methods. Companies and celebrities whose names were hijacked by fraudsters suffer reputational damage and face diminished customer trust.”
Researchers identified six active domains with the same Bitcoin investment platform. Each however operated with a unique name. Some of these are Crypto Cash, Bitcoin Supreme, Banking on Blockchain, and Bitcoin Rejoin.
The Group-IB team has detected the exposed data through a number of data breach repositories. They have also examined a number of underground marketplaces for the presence of this data. So far, they have not found any evidence of the information.
The source of the leak has not yet been established. The team has reported the study’s findings to the proper authorities in each affected country.
