A cryptocurrency investment scam has exposed the personal details of hundreds of thousands of people around the world.
Group-IB, a Singapore-based intelligence company, uncovered the stolen personal records of 248,926 people from the UK, Australia, South Africa, Spain, Singapore, the US, Malaysia and other countries.
The United Kingdom and Australia represent approximately 93% of all affected users.
It’s not known exactly where or how the leak originated, but Group-IB has discovered that it’s being used in a multi-stage cryptocurrency investment scam that comes at the victims in three phases.
To begin with, the target receives a text message that is masked as a local media outlet. The link bears a headline boasting that a celebrity endorses a new get-rich-now investment, and each text message also contains a short, unique link.
When the target clicks the link, they are taken to a fake news website that displays a long, personalized URL that includes the target’s name, phone number, and sometimes, email address.
The fake news site shows made-up content about a particular celebrity who made a fortune with a new cryptocurrency investment platform. Celebrities whose names and images were stolen for this scam include Bryan Wong, Travers ’Candyman’ Beynon, Gina Rinehart, Andrew Forrest, Chris Brown and others.
The use of celebrity names and images to promote scams is nothing new. Earlier this month Elon Musk’s name was used in a Bitcoin giveaway scam.
If the target clicks on that second link, they are taken to a fake cryptocurrency investment platform site where their personal information is already preloaded into the signup form. If they join, they are then asked to add to their account using cryptocurrency.
Group-IB detected six active domains that offer the same Bitcoin investment platform but operate under different names including Crypto Cash, Bitcoin Supreme, Bitcoin Rejoin and Banking on Blockchain.
Group-IB CEO, Ilya Sachkov, states in the company’s report on the scam: “The bad guys got smarter in a bid to increase the success rate of their fraudulent operations. Using personal data allows them to carry out targeted attacks and make a victim’s journey easier and smoother, which levels up the overall effectiveness of the scheme.”
The firm has shared its findings with the appropriate law enforcement groups in the affected countries for further investigation.
