Clone websites designed to capitalize on the hype surrounding Facebook’s recently announced Libra cryptocurrency (not due for release until 2020) and divert investor funds to scammers are already cropping up across the net, cybersecurity firm Digital Shadows (DS) reports in a recent block post.
The company has identified, “at least six examples of domains either directly copying the Libra and Calibra websites or using the brand imagery for potentially malicious purposes,” including:
- calìbra[.]com (xn--calbra-yva[.]com)
- líbra[.]org (xn--lbra-vpa[.]org)
- calibra[.]ooo
- canlibrawallet[.]com
- libracoins[.]co[.]il
- libra-ico[.]org
Several of these sites have been taken down, DS writes, but, “There will undoubtedly be dozens more domains created between this blog’s publishing and the time it takes you, my dear reader, to reach its conclusion.”
Scammers have closely tracked and attempted to mimic legitimate online ventures and actors since the advent of the Internet, but the recent rise of public interest in cryptocurrencies has produced “a vast number of cryptocurrency scams…(see Elon Musk’s Twitter),” Digital Shadows notes.
These scams have, “taken many forms, from social media posts asking for initial payment into a criminal’s wallet, to more technically complex schemes which use botnets to mine cryptocurrency with the power of unsuspecting victims’ computers (see Digital Shadow’s research on the Bitcoin gold rush).”
Some of the Libra and Calibra clones (Calibra is the digital wallet being designed to hold Facebook’s libra coins; it is also not yet available), are using a more advanced form of ‘typosquatting’ called ‘punnycode’:
“(C)riminals can’t just rely on domain names that are obviously fake: Why would the official Libra website use a .fish or .style TLD? This is where punycode comes in. An increasingly common tactic is for criminals to register domains using characters from Greek, Cyrillic, and other alphabets which resemble letters in the Roman alphabet, also called a homograph attack. These can appear near-identical to unsuspecting users, and can be difficult to spot on smaller devices such as mobile phones. Examples could include substituting a lowercase A with the Cyrillic character “а”, or using the Turkish dotless I “ı” in place of a lowercase L.”
One clone site’s “sale” button, “directs you to a page that claims to exchange their Ether (the cryptocurrency for the Ethereum blockchain) for the equivalent amount in Libra, with a 25% bonus. What a deal!”
Another site asks for a dangerous amount of access to a visitor’s system:
“One website, libra-vps[.]com claims to have set up Debian-based Virtual Private Servers (VPS) with access to the Libra blockchain. These are available to purchase starting at $200, and purportedly allow anyone to create a wallet, send/receive Libra, and even mint coins…If the goal of this website isn’t just to scam people out of $200, going so far as to open your ports to an unknown source means you’re probably going to have a bad time. An attacker could leverage this connection to install all imaginable types of malware, harvest credentials and sensitive information, and more.”
Digital Shadows advises the following standards of digital hygiene when investing in cryptocurrencies or engaging in financial transactions online:
- “Be vigilant on your online travels and trust your gut instinct. Have a watchful eye for misspellings in domain names, strange TLDs, redirects, and peculiar characters.[1]”
- “Be aware of the current limitations of WHOIS data. Since GDPR, WHOIS data cannot, in many cases, be used to reliably gauge the legitimacy of a website, beware of domains created with different registrars than usually used by a company.”
- “Be stingy with your personal and financial data. Always make sure you’re on the website you intend to be on before handing over your personal details, if something seems broken or off, then it very well may be a fake.”
- “If it seems implausible or too good to be true, then it probably is. Scammers will constantly try to find ways to outsmart their victims- stay ahead of the game and avoid grandiose claims of fortune.”