The European Union Agency for Law Enforcement Cooperation (Europol) has published a press release announcing the arrest of six individuals in connection with a $27 million cryptocurrency theft operation.
According to the release, Europol collaborated with the National Crime Agency (NCA) and the South West Regional Cyber Crime Unit. In addition to the two U.K.-based law enforcement agencies, Europol also worked with the Dutch police and Eurojust, an E.U.-led judicial agency.
The suspects- five men and a woman- were confirmed to be based in the Netherlands and the U.K., and according to Europol, they engaged in a typosquatting operation; primarily, a form of fraud where the perpetrators set up scam websites that are similar to legitimate ones.
The aim of typosquatting is pretty much the same as every other fraudulent operation; the attackers impersonate legitimate businesses, while unsuspecting victims log on to the website and enter their credentials. From then on, it’s pretty much smooth sailing for the attackers.
Explaining how the criminals operated, the Europol said they got their victim’s login details into the exchanges by using typosquatting domains. Once they got the login details, they went in and cleared the funds. Per the report, the suspects stole up to $27 million in cryptocurrency from as much as 4,000 victims across 12 countries.
Impersonating Legitimate URLs
The typosquatting operation is one that has been around for quite a while, and while it is a finicky one, it could be quite effective. Primarily, this form of fraud targets URLs with a high influx of people that collects confidential data. That’s why probably no one will think of impersonating Pinterest or the website of a gym. On the flip side, high-risk, asset-holding sites (such as those of crypto exchanges or banks) are frequent targets.
A Medium post by Radix Registry confirms that all the attackers have to do is find a clever workaround for the domain name to impersonate these legitimate businesses effectively, and the operation could actually work.
Hey, Facebook. Take notes!
It’s understandable that a lot of these exchanges might not be able to prevent hackers from copying their domain names, but as long as they can ensure best security standards for their websites, they none of the blame for all of this would be on them. However, this case points to something that a lot of prospective exchange operators might want to take note of.
Earlier this week, news medium The Next Web reported that there has been an upsurge in the number of exploitative schemes targeted at riding on the popularity of Facebook and its recently announced Libra cryptocurrency.
In one instance, the outlet pointed out a website- calìbra.com- which looks strikingly similar to calibra.com, the official website of the social media giant’s Calibra cryptocurrency wallet. The only difference between the two is the grave accent ‘ì’ which is present in the former. Customers who are unfamiliar with multiple languages which adopt this accent might see the website and disregard the difference. These people are a potential prey for typosquatting scams.
The entire purpose is this; going forward, it is important for everyone to be careful with the websites they visit, particularly those that keep hold of their funds. Typosquatting is a form of fraud that can easily be implemented, and most of the time, it could even go on unnoticed.