Phishing Sites Use Trick Letters in Domain Names to Steal XRP
Cryptocurrencies forensics experts from Xrplorer warned on June 15 of an elaborate phishing scam where hackers try to steal the secret keys of XRP users, under the false premise that Ripple is giving away tokens.
According to the report, the scam campaign, whose origin dates back to approximately January 17, 2020, began sending memo messages with minimal XRP amounts that said:
“Starting February 1, 2020, Ripple is releasing 3 Billion XRP to incentivize network users. Get 25% more XRP added to your account balance in just minutes.”
The scammers linked to a website inside the memo impersonating the Ripple’s Insight blog, with the message of the alleged “grand giveaway” promoted by the company.
Usage of “homoglyph” domains
The scam’s primary feature is the fact that the fake Ripple websites appear legitimate, not only because of the exact replicas of the templates used to build the site but also because of the scammers also use “homoglyph” domains.
A homoglyph is a character that can be substituted for another, making it more difficult to spot quickly. That’s why instead of the original domain “ripple.com,” the scammers acquired the domain “rípple.com” and use it on fake sites to appear legitimate at a glance.
According to Xrplorer, a new wave of phishing attacks emerged in May 2020. This time, it was not with payment memos, but spam emails targeting people interested in XRP.
Total amount stolen
As of press time, the scammers managed to steal over 2,100,000 XRP ($ 399,000) and laundered around 1,980,000 XRP ($ 376,200), mainly through swap services like ChangeNOW and CoinSwitch, according to the report.
Cointelegraph reported on April 29 that YouTube videos of Garlinghouse periodically popped up to promote a fake 50 million XRP airdrop. Ripple considered the platform’s response time in removing such content insufficient and filed a lawsuit against YouTube in April.