June 04, 2018

Be Careful What You Click On

That URL Typo Can Break Your Bank Account

By Karl Kronenberger
Partner, Kronenberger Rosenfeld

It’s an easy mistake to make, and it can be costly.

Click on the wrong link, or type the wrong keystroke and you could end up losing a lot of money, personal data, or be the victim of malware.

In 2017, cybercriminals successfully stole millions of dollars using Google ads that sent unsuspecting users who searched for blockchain products to phishing sites.

They purchased Google ads that spoofed Blockchain.info, a major provider of Bitcoin digital wallets. The scammers forwarded victims to sites that had a similar look to the real pages which were under the control of the thieves. At that point, all personal information including passwords to digital wallets was stolen. Cisco’s Talos security group reported that $2 million in bitcoin was stolen in just over three weeks.

The scam was associated with an internet provider in Ukraine. The technique involved using Cyrillic characters to create domain names that look like English letters. Or, with spelling mistakes like “blokchein.info,” and “bockchain.info.”

In the case of non-English speakers, who might have difficulty noticing the difference, computers in Ghana, Estonia and Nigeria were found to be visiting the fake Bitcoin sites.

Talos representatives said that Cyrillic characters used to spoof the domain names are almost impossible to detect with the naked eye.

Tips To Avoid Bitcoin Scams
  • Be very careful before clicking on Internet ads, social media posts and emails. Examine the URLs. Hover your mouse icon over the links.
  • Read the domain with care. Scammers use a variety of ways to spoof domains.
  • Use trusted sites like getlinkinfo.com to find out if a link is real.
  • Use a free malware scanner from Sucuri called SiteCheck.
  • Don’t click on links in emails that you did not request. Links claiming to be from Amazon, DHL, Facebook or LinkedIn could be nothing more than phishing attempts.
Typosquatting: When Your Typo Can Be Disastrous

Scammers love typos, especially yours. Anticipating your slip of the finger, they modify popular web addresses by removing a letter. It’s called typosquatting.

Typosquatting is an increasingly popular scamming scheme that dupes Internet users into clicking on what looks like mainstream websites like itunes-dot-cm, espn-dot-cm, and paypal-dot-cm.

Then, they wait. The unsuspecting Internet user makes a keyboard mistake, ending up at what looks just like paypal-dot-com, while the scammer scoops up login, passwords and credit card details. Some scammers even collect two-factor authentication data from victims and, in real time, enter it into the true destination website of the victim.

Scammers are aggressive, persistent and smart. The best way to stay safe is to develop Internet habits that will avoid typosquatting sites.

Tips To Stay Safe From Typosquatters
  • We all make typos. So, instead of navigating directly to your favorite sites, bookmark those sites, especially the ones that contain financial and personal data, or that request login information.
  • Block all dot-cm sites. In 2009, McAfee Inc., reported that dot-cm was the most insecure domain in the world.
  • If you search for a site, don’t include .com.
  • Links in social media posts can be very risky and can lead to typosquatting sites. Before you click on a URL, look for misspelled company names; typos in the domain field; extra text that follows .com; and a .com designation for a government website.
  • Always carefully review the URL before you hit enter. Taking an extra moment could save you tremendous hassles. The losses associated with identity theft are significant. Viruses, malware, and unknowingly purchasing fake goods are constant threats to our internet lives. Be careful before you click.

Our firm can help you if you’ve been a victim of bitcoin spam, phishing, and other forms of illegal cyber attacks. Please contact me directly for help. I look forward to assisting you.

This entry was posted on Monday, June 04, 2018 and is filed under Resources & Self-Education, Internet Law News.



Related articles

Anonymous Online Misconduct

Firm Files Lawsuit Against NetJets for Interfering With

Kronenberger Rosenfeld, LLP filed a lawsuit against NetJets Aviation Inc., a private jet charter company owned by Berkshire Hathaway Inc., on behalf of NetJets Association of Shared Aircraft Pilots (NJASAP)...

Read Article

Anonymous Online Misconduct

State Bar of California Business Law Section Features

Partner Karl Kronenberger was featured in the Attorney Spotlight of the State Bar of California Business Law Section’s monthly newsletter for bringing visibility to legal issues in cyberspace. Mr. Kronenberger...

Read Article

Anonymous Online Misconduct

Gregory Alexander Pleads Guilty to Criminal Hacking Charge

Today criminal defendant Gregory Alexander pled guilty to unlawfully accessing the email account of victim Randall Hough, under 18 U.S.C. Section 2701(a)(1) (Unauthorized Access to Stored Communications). The guilty plea...

Read Article

Anonymous Online Misconduct

Lawyer Monthly Q&A: Should Companies Pay Data Hacking

In the 21st century, a new form of kidnapping has arisen: data ransoming. Hackers can gain access to digital assets and information through a company’s server or emails, and can...

Read Article
Get the help you need.

We offer legal advice on a wide range of online topics

Get legal help now

Not seeing what you’re looking for?

Submit your case in 3 minutes and get legal help fast.

Submit your case online

OR

Give us a call
Join our mailing list

Stay ahead of legal matters

The internet moves fast. We'll keep you informed.