As interest in Bitcoin continues to escalate on a global scale, scammers have decided to cash in on the digital currency gold rush by taking advantage of the Internet’s less tech savvy users. Over the last several years there have been examples of Trojans stealing Bitcoin wallets and installing Bitcoin miners, however these efforts haven’t been terribly complex. Recently. Now there are a slew of Mt.Gox scam sites on the loose, tricking unsuspecting users into thinking they’re making a wise investment decision.
A recent example last week demonstrates how far criminal intent has come in the Bitcoin economy. Reports began emerging about phishing websites – as reported by Symantec – that are impersonating Mt.Gox. Although Mt.Gox has seen its fair share of hackers, this is geared toward confusing the user about whether or not they’re actually on the correct website to begin with.
Here is how the scam works. The scammers use the same second-level (SLD) domain name as mtgox, but with a different top-level domain (TLD). So, instead of using .com, they will use any of the following – .org, .net, .de, .co, .uk and anything else they can get their hands on such as .edu or.tv. Once one of these dummy sites are reached, the graphics and operation look incredibly similar to the official mtgox.com website.
Once unsuspecting users arrive at the site they are tricked into installing malware with the MTGOX_Wallet.exe file name.
What makes this really sinister is how the phishing websites are using advertising on several major online advertising services such as Microsoft’s advertisement network. So, they’re shelling out good money to be displayed on incredibly reputable sites and enticing users by stating things like, “New Century Gold: BITCOIN Protect your money – Buy Bitcoin.”
Of course, most semi-savvy Internet users would be put off by the fact that the phishing sites don’t use the Secure Sockets Layer (SSL), but these ads are praying on people who don’t know much about Bitcoin, and have only heard the hype about it. This includes the less tech savvy.
As of today, Chrome is already blocking the phishing websites and hopefully other browsers will be doing so as well as to protect users. With all of the uncertainty surrounding Bitcoin, especially within demographics that are less knowledgeable about the Internet as a whole, this type of scamming can be really harmful to Bitcoin’s reputation.
Just as a heads-up. If you’re on Mt.Gox.com, make absolutely sure you see the following stamp in the address bar:
