Cybercriminals Generate Bitcoin Using BBC Webpage Spoof Scam

Journalist:
David Hundeyin @DavidHundeyin
January 16, 2019

A British security researcher has revealed a new scam used by cybercriminals to generate money by deceiving internet users. According to the researcher, the criminals make money from webpage views by spoofing BBC News web pages and rerouting users to affiliate websites which generate bitcoin for the scammers.

Appearing just after the holidays across the UK, the scam works by sending convincing-looking emails to internet users with a “Display Message” link that directs users to websites that have been carefully designed to look like BBC News.

Users are sent emails that direct them to fake BBC News web pages like this

When a user clicks anywhere on these fake BBC News sites, they are directed to one of the many affiliate sites run by the scam syndicate which generates a certain bitcoin amount per page view.

After clicking on the fake BBC News sites, users are rerouted to affiliate sites like this used by scammers to generate bitcoins.

Old Tactic, New Implementation

Spoofing is nothing new to anyone with more than a passing interest in internet security. From the dawn of the internet, different types of fraudsters have used spoofing and phishing techniques to get users to give up confidential information or system resources. The key difference between this and other types of spoofing is the fact that in this case, the only purpose appears to be to lure users into sending traffic to the affiliate sites, rather than to convince them to download ransomware or cryptojacking malware.

Like with other common types of spoofing, the criminals involved in this scam use “typosquatting”, whereby the URL of a legitimate website is intentionally misspelled, or more characters are added to the URL, which direct users to a different site altogether if they are not observant enough to spot such discrepancies. An example of such can be seen in the screenshot of the fake “BBC News” website above, where instead of “bbc.com.com/news”, users who click on the email are sent to “https://business-news.bbc-1.site/landers/bbc-business-news/#forward.”

As is also typical with other spoofing scams, the layout and feel of the page is designed to be a recreation of the original BBC News website, with only highly observant users likely to notice that the content on the page – exclusively related to bitcoin and “investment opportunities” – is not from BBC News. To further enhance the scam, criminals reportedly send such emails from familiar or trusted contacts who have had their email addresses duplicated or compromised.

In November, CCN reported that Bulgarian authorities seized over $3 million in cryptocurrency from a cybercriminal syndicate that was described as having “innovative mechanisms, specialist software, and advanced knowledge in the area of cryptocurrency,” following months of investigation by the country’s Specialised Prosecutor’s Office

Last modified (UTC): January 16, 2019 05:17

David Hundeyin @DavidHundeyin

I am a busy Nigerian writer, journalist and writer with an interest in tech and finance. When I'm not contributing to CCN and traveling around Africa, you can catch me contributing to CNN Africa, or in the writers room at 'The Other News', Nigeria's weekly answer to 'The Daily Show' with nearly 2 million viewers. My work on 'The Other News' was featured in the New Yorker Magazine, and that was then cited in the Washington Post so I'm not sure that counts as a feature but I'll definitely mention it too! I have been nominated by the US State Department to take part in the 2019 Edward R. Murrow Program for journalists under the International Visitors Leadership Program. I also like hamsters. You can reach me on Twitter at _David_Hundeyin