The importance of such Bitcoin phishing scams has increased due to the massive Twitter accounts hack spree on July 15th, 2020.
A couple of days ago, we covered a massive hack on Twitter that had taken over official accounts of various celebrities including but not limited to BillGates, Jeff Bezos and Elon Musk. Turns out though, beyond Twitter, there’s another dimension that hasn’t been exposed yet.
Reported by Area 1 Security, an email phishing campaign has been discovered in which the Bill & Melinda Gates Foundation is being impersonated with messages demanding Bitcoin being sent out. The messages closely resemble that of the Twitter hack with an attractive quick rich scheme offer.
To increase their chances of success, the malicious actors employed typosquatting technique and registered a domain nearly identical to the original domain of the foundation a few minutes before starting the campaign.
Spelled out as gatesfoundatloncom; the “l” after the “t” could indeed not be recognized unless someone looked very carefully.
See: “I think you appear in this video” phishing scam hijacks Facebook accounts
Furthermore, the researchers state that “the attacker also set up an SPF record for the domain in order to ensure reliable delivery of their attack”. This may have led someone unsuspicious to fall for the scam.
Coming to the root problem, on the other hand, the domain was registered using Namecheap which brings us to a critical question, why can’t domain registrars do more to fight against typosquatting?
While the law may not require them to make all domain names comply with trademark regulations, they on their own initiative could lock access to any addresses that closely resemble distinctive brands or organizations such as the Gates Foundation in this case. In this way, legitimate firms can only purchase them solving a huge problem in the cybersecurity industry.
Good news, for now, is that at the time of publishing this article the malicious domain was offline. Moreover, a look at the scammer’s Bitcoin address (18XJzrgPqYhKKeR2j4vz6wPQorK3sN
See: ‘Zoom account suspended’ phishing scam aims at Office 365 credentials
To conclude, web users are advised to firstly never pay any amount whatsoever through an unofficial challenge as no reputable company or foundation demands so. Secondly, carefully assess any domain names before giving out your information – time-consuming – but pays in the long run. Lastly, if it sounds too good to be true – a cliche – it may indeed not be true.
Twitter Hack From July 15, 2020:
Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.