June 26, 2019 | AtoZ Markets - The Europol has recently arrested six people against the background of a $27 million stealth in a cryptocurrency hack.
The Europol conducted the arrest in coordination with the United Kingdom’s South West Regional Cyber Crime Unit, the Dutch police, Eurojust, and the U.K.’s National Crime Agency (NCA), as per the press release that took place on June 25.
The attackers arrested were involved in what is called "typosquatting”, which is identified as a fraudulent method of stealing credentials of users.
The malicious hacking means depends on creating a scam website with a similar name to the authentic one, and that is where the method takes the word “typo” in how it is called “typosquatting, so once users log in to the fake website.
The scam website records the credentials of users once they provide them in the login fields, and in return the hackers will have gained access to the user accounts in questions.
Cryptocurrency hackers depend on typosquatting most
The press release mentioned as well that Europol believes the hackers were able to use “typosquatting” to steal login details, which enabled them to gain access to clientele wallets, and what they include of funds. The hackers were believed to have used this scheme to steal at least 4,000 bitcoin (BTC) from many users in 12 different countries.
The six individuals were distributed between the UK and the Netherlands, as per the report.
It is worth mentioning in this context that specific internet browsers have been exploited significantly in the last period of time.
Firefox, the well-known internet browser, was reported to have worked on blocking a malicious script dedicated to cryptocurrency mining malware, late last year.
The update process was said to have implemented an automated method to block such kind of malicious script, as the corporation decided to enhance the overall user experience.
Incidents of hacking cryptocurrency exchanges, along with users’ accounts on such exchanges have been in the headlines more recently.
In the latest news in that regard, AtoZ Markets reported recently that the Israeli authorities managed to arrest two Israeli brothers over charges of hacking the well-known cryptocurrency exchange Bitfinex, which occurred at the beginning of the current month.
Both of Eli Gigi and his younger brother Assaf Gigi were said to have stolen millions of dollar worth in cryptocurrency, depending on creating “credential-stealing clones” of prominent cryptocurrency exchanges and wallets.
What is typosquatting?
Typosquatting is a method of scam hackers usually resort to, to gain access to user accounts of variant natures over the internet.
The hoax depends on visual tricks, and hence, the technical method includes the word “typo” in it.
Hackers target a website that requires visitors to create user accounts to use it. Here, the nature of website should be mostly finance-involved, as for the hackers to care for, where it stores passwords for bank accounts, or even built-in wallets, in the case of cryptocurrency especially for instance.
Once the hacker has a website on mind to target, they create a fake account that resembles in its name the target account.
It is rather easy for victims to fall in such kind of hoaxes, since once the fake website is up, it will look identical to the authentic one, as hackers also care about other added details like the look of the website and others of the contact details and address.
The mechanism of those fake websites work as the following:
- In simple words, the login fields (username and password) of the fake website were designed to record the credentials the user insert in.
- Once the credentials are stored in the fake website that holds an identical name to the authentic one, the owner of the website, who is the hacker, has got access to the genuine user account on the authentic website, and hence, they are in complete control of all that is there.
Once the fake website is all ready, hackers start to spread the link of their scam website through popular social media and messaging platforms like Facebook, Facebook Messenger and Telegram, with whatever tempting news to accompany the link, to make the user log in to it, especially those who already have accounts with the website (the authentic one of course).
The good news here is there is always a trusted way to rely on when it comes to inspecting whether a website is really authentic, genuine and dependable or not.
At the address bar of the web browser in use to surf the internet, any user can view whether the website is safe or not.
In the case of AtoZ Markets for example, if you navigate to the address bar of the web browser, and click on the sign of the padlock, you will get a piece of information that relieves you, telling you that you are between safe hands, as the photo bellow shows.
Other factors one should check for when visiting websites that especially involve financial dealings are whether the website uses the Hypertext Transfer Protocol Secure (HTTPS) and has an SSL certificate or not. As AtoZ Markets cover both and more security features that guarantee to the user that we do not store any credentials of user names or passwords, along with that even the registration process with email addresses is encrypted, we highly urge our readers to keep their eyes open when they visit any other websites, and check the above mentioned points