Security researchers have discovered that apparently legitimate BBC News websites are being misused by scammers to mince bitcoin. The scam was discovered in the first week of January, reports The Next Web.
Scammers created an email that seemed to be legitimate, containing a button to display the message. This button led users to an affiliate website with the task of generating bitcoin based on views of the page. The button was not visible to Outlook users, but Mac users could see it. However, they were redirected to fake login pages, instead of the fake websites of BBC News.
Techniques
It is not uncommon for rogue actors to use spoofing to access users’ login credentials, or to mine cryptic currency as a bitcoin. The typosquatting technique is often used for this purpose. This technique involves misspelling the names of legitimate websites in order to mislead users. They also add words to the original website address, so that the format remains the same but the destination changes.
Researchers have revealed that the BBC’s e-mail scam used the second method. Readers were redirected to https://business-news.bbc-1.site/landers/bbc-business-news/#forward. The website seems to be legitimate for the untrained eye, but on closer inspection it appears that all articles and URLs refer to bitcoin.
The scammers also used other smart techniques to deceive unsuspecting users. In doing so, users were often misled into believing that they were opening a legitimate email from a known contact.
Warning
The number of victims of the scam is as yet unknown. However, Cloudfare, which hosted the fake website, set up a warning page for the scam after being informed by users of the practices.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.
9 hours ago
