A British security researcher has revealed a new scam used by cybercriminals to generate money by deceiving internet users. According to the researcher, the criminals make money from webpage views by spoofing BBC News web pages and rerouting users to affiliate websites which generate bitcoin for the scammers.
Appearing just after the holidays across the UK, the scam works by sending convincing-looking emails to internet users with a “Display Message” link that directs users to websites that have been carefully designed to look like BBC News.
When a user clicks anywhere on these fake BBC News sites, they are directed to one of the many affiliate sites run by the scam syndicate which generates a certain bitcoin amount per page view.
Old Tactic, New Implementation
Spoofing is nothing new to anyone with more than a passing interest in internet security. From the dawn of the internet, different types of fraudsters have used spoofing and phishing techniques to get users to give up confidential information or system resources. The key difference between this and other types of spoofing is the fact that in this case, the only purpose appears to be to lure users into sending traffic to the affiliate sites, rather than to convince them to download ransomware or cryptojacking malware.
Like with other common types of spoofing, the criminals involved in this scam use “typosquatting”, whereby the URL of a legitimate website is intentionally misspelled, or more characters are added to the URL, which direct users to a different site altogether if they are not observant enough to spot such discrepancies. An example of such can be seen in the screenshot of the fake “BBC News” website above, where instead of “bbc.com.com/news”, users who click on the email are sent to “https://business-news.bbc-1.site/landers/bbc-business-news/#forward.”
As is also typical with other spoofing scams, the layout and feel of the page is designed to be a recreation of the original BBC News website, with only highly observant users likely to notice that the content on the page – exclusively related to bitcoin and “investment opportunities” – is not from BBC News. To further enhance the scam, criminals reportedly send such emails from familiar or trusted contacts who have had their email addresses duplicated or compromised.
In November, CCN.com reported that Bulgarian authorities seized over $3 million in cryptocurrency from a cybercriminal syndicate that was described as having “innovative mechanisms, specialist software, and advanced knowledge in the area of cryptocurrency,” following months of investigation by the country’s Specialised Prosecutor’s Office