Face Verification
Address Verification
Document Verification
Age Verification
VideoIdent
Fast ID
eIDV
Consent Verification
NFC Verification
Business Verification
Due Diligence
Investor Verification
E-Signature
QES
AML Screening
Transaction Monitoring
Adverse Media
Business AML Screening
PEP & RCA
Sanctions
Watchlist
Behavioural Biometrics
Device Fingerprinting
Biometric Face Authentication
MFA
Fraud Hub
Onboarding
Ongoing Monitoring
KYC
KYB
KYI
Age Assurance
Identity Verification
Workforce IAM
Candidate Verification
Compliance
Fraud prevention
Trust & safety
Global expansion
Product Managers
Compliance Officers
Fraud Analysts
Developers
Deepfake
Bonus Abuse / Promotion Abuse
Account Takeover
Synthetic Identity Fraud
Document Fraud
Impersonation Fraud
Multi-Accounting
Fraud Networks
Chargeback Fraud
Money Mule Activity
Party Fraud
Regulatory & Compliance Risks
Fintech
Crypto
iGaming
Forex
Social Network
Marketplace
Banking
Gig Economy
Blind Spot Audit
Deepfake Detector
Liveness Spoofs
Document Originality
Document Deepfake
Global Trust Platform
Journey Builder
Case Management
Shufti AI
Fraud Analytics
Vendor Comparison
Brand Personalisation
IDV Modes
AI Compliance Co-Pilot
OCR
Secure Capture
Deployment Options
Identity Methods
API Documentation
Mobile SDKs
Service Status
Help Center
Contact Us
Technical Support
Supported Documents
Supported Countries
Content library
Blogs
News
Reports
Insights
Knowledgebase
ROI calculator
About
Career
Press Release
Certifications
Partnership
Awards
Events & Webinar
Interactive Demo
Podcast Studio
Spotlight Studio
Bitcoin scam exposes thousands to a data breach
Fraud websites have successfully stolen the personal records of a number of individuals from the United Kingdom, Australia, South Africa, the United States, Singapore, Malaysia, Spain, and more. The attack was carried out as a targeted multistage Bitcoin (BTC) scam circulated by a number of fake websites.
A Bitcoin scam exposed thousands of people to a breach in personal data https://t.co/8ugatjOC6L
— Cointelegraph (@Cointelegraph) June 30, 2020
As per a Singapore-based intelligence company Group-IB, the attack revealed personal data for thousands of people.
Victim’s phone numbers, which in most cases came with names and emails, were contained in personalized URLs to redirect people towards websites. These sites constituted as local news outlets, even including fabricated comments from key local personalities.
Analysis performed on the leaked numbers allowed Group-IB to find out where most of the data had leaked from. It was discovered that the U.K. was the most affected place with 147,610 personal records.
The report states that victims commonly received a text message which mentioned the name of the recipient. This was followed by a phishing message meant to impersonate a recognized media outlet.
The head of Group-IB’s brand protection team, Ilia Rozhnov, stated:
“Fraudulent schemes have become more complicated. They now involve several stages, complex distributed infrastructure, and abuse of personal and corporate brands that are hard to track down and block using traditional detection methods. Companies and celebrities whose names were hijacked by fraudsters suffer reputational damage and face diminished customer trust.”
Researchers identified six active domains with the same Bitcoin investment platform. Each however operated with a unique name. Some of these are Crypto Cash, Bitcoin Supreme, Banking on Blockchain, and Bitcoin Rejoin.
The Group-IB team has detected the exposed data through a number of data breach repositories. They have also examined a number of underground marketplaces for the presence of this data. So far, they have not found any evidence of the information.
The source of the leak has not yet been established. The team has reported the study’s findings to the proper authorities in each affected country.
