Facebook have just announced release of its own cryptocurrency Libra and the corresponding digital wallet Calibra, as cybercriminals came up with a new fishing scheme tied to this topic.
Reminding, in June social network Facebook announced the launch of Libra in 2020. Since that time, the official digital currency website has tirelessly explained what it is and how it works.At the same time, cybercriminals did stay calm with registering domain names and creating phishing copies of the website of Libra currency and Calibra wallet.
Before the official announcement of Facebook cryptocurrency, experts noted daily 20 domain registrations masking under Libra official resources. After the announcement, this figure rose to 110.
Such data leads the company Digital Shadows, engaged in protection against cyber risks.
“Some domain squatters aim to jump on a domain name with the hope of making a profit when the company looks to buy it back from them. It’s become common practice for a lot of businesses to preemptively buy up all the relevant domains, so they don’t fall into the wrong hands, particularly TLDs which can cause reputational damage or send the wrong message”, — report Digital Shadows specialists.
Similar situation is observed with Calibra’s cryptocurrency wallet – the attackers barely paid attention to this topic before the announcement. But after the experts observed 65 registrations of related domains daily.
Shadow Search results over time for domains registered with “Libra”
Shadow Search results over time for domains registered with “Calibra”
“Digital Shadows has identified at least six examples of domains either directly copying the Libra and Calibra websites or using the brand imagery for potentially malicious purposes. Crafty criminals can clone the entire website and change certain assets to suit their nefarious needs”, — said researchers.
Conclusion & Recomendations
If there’s one thing that will remain constant, it’s that scammers, uh, find a way. There will undoubtedly be dozens more domains created between this blog’s publishing and the time it takes you, my dear reader, to reach its conclusion.
Though not every company is as large as the behemoth that is Facebook, the gold rush that arose following the announcement of their cryptocurrency can serve as a useful example to other organizations and consumers alike, with several lessons learned:
- Be vigilant on your online travels and trust your gut instinct. Have a watchful eye for misspellings in domain names, strange TLDs, redirects, and peculiar characters.
- Be aware of the current limitations of WHOIS data. Since GDPR, WHOIS data cannot, in many cases, be used to reliably gauge the legitimacy of a website, beware of domains created with different registrars than usually used by a company.
- Be stingy with your personal and financial data. Always make sure you’re on the website you intend to be on before handing over your personal details, if something seems broken or off, then it very well may be a fake.
- If it seems implausible or too good to be true, then it probably is. Scammers will constantly try to find ways to outsmart their victims- stay ahead of the game and avoid grandiose claims of fortune.
