‘Typosquatting’ scam swiped users’ credentials, but agencies tracked suspects in the UK and the Netherlands
This week Europol coordinated the arrests of six suspects in two nations accused of running a cryptocurrency ring that stole at least $28 million in Bitcoins.
Europol spokesperson Claire Georges told The Avast Blog that the crime ring created a “typosquatting” scam with a fake website and nearly identical web address. In such a scam, Georges said “users might not realize they are on a different website and enter their usernames and passwords, unknowingly submitting this information to the hackers, who would then be able to access their funds.”
The five men and one woman were arrested in simultaneous warrants this week in the United Kingdom and the Netherlands, Europol said. The theft is believed to have affected at least 4,000 victims in 12 countries, and is suspected to ultimately cost more than the current $28 million in damages.
The multi-national cryptocurrency case may be a sign of the times. Georges cited Europol’s recent cybercrime report, which notes “cyber-attacks which historically targeted traditional financial instruments are now targeting businesses and users of cryptocurrencies.”
The report says such crimes call for “greater and enhanced cooperation between international law enforcement agencies.” Georges noted the recent GandCrab ransomware operation managed by Europol involved law enforcement from Austria, Belgium, Bulgaria, France, Germany, the Netherlands, Romania, the United Kingdom, and the U.S.
Cryptocurrency scams and ransomware are priorities for Europol, Georges said, noting cybercrime is no longer a separate area of law enforcement. “We do not make the difference between online and real-world investigations. For us, they are interlinked. Every investigation nowadays has a cyber component.”
To avoid typosquatting scams, slow down long enough to scrutinize web URLs with these tips:
- Know the correct address and domain before you start typing.
- Go to sites through a search engine such as Bing or Google. This can reduce – but does not eliminate – the risk from a typo.
- Think before you click or call – If you are offered something free, maybe it’s not so free.