It appears Twitter has become so saturated with cryptocurrency scams that attackers are finally starting to target other platforms too – like Facebook.
Unlike the standard Bitcoin giveaway scams on Twitter, the Facebook scam (as noticed by Hard Fork) is designed to trick users into giving up sensitive data, like their credit card information. As a distraction tactic, the attackers have set up a series of fake pages and call-to-actions, the first one of which is a fake sponsored ad.
The ad, which directs to malicious replica of CNBC, promotes a “big” investment opportunity into a non-existent cryptocurrency called CashlessPay. It was posted from the Facebook page of a musician called Jonatanas Kazlauskas; we’ve asked Kazlauskas if his account had been hacked, but we’re yet to hear back.
Once the ad takes you to the new website, the scam becomes slightly more apparent – though it might still fool some less informed people.
Among other things, the URL (which we’ve decided not to share out of caution) does not correspond with a CNBC domain. The fake news report essentially claims that Singapore has passed new legislation that favors the adoption of cryptocurrencies.
“Singapore, in an unprecedented move, just announced that they are officially adopting a certain cryptocurrency as Singapore’s official coin,” the fake CNBC report reads. “The government of Singapore just informed us that they have chosen a preferred firm for the purchase and marketing of their new coin – CashlessPay Group.”
Adorned with bogus celebrity endorsements (including one from English businessman Richard Branson), the rest of the piece walks readers though the process of “investing” in CashlessPay.
Eventually, the fraudulent CNBC replica leads to yet another fake page – this time, the website of the bogus CashlessPay cryptocurrency.
All links on the website are broken, except for a registration form at the top of the website which asks users to fill in their personal data, including phone number and email address.
Once a victim has filled in the form, the website takes you to another fake page, which redirects to a number of fake bogus cryptocurrency exchange desks.
So far, Hard Fork has identified at least two such pages – one called Roiteks, and another one called CoinPro Exchange. According to scam database ScamBroker, both pages have been registered from Bulgaria. ScamBroker further notes both “exchanges” appear to be unregulated – not that this is surprising.
Regardless on which page you end up, you will be asked once again to enter your personal data – and then your credit card details. Interestingly, both pages appear to be equipped with a live chat box.
We used PayPal’s credit card generator – a popular payment testing tool – to see what would happen once users submit credit card information, but the transactions were denied each time.
This is the error the website returned:
It is interesting to see that although the scammers are using the cryptocurrency hype as a hook for their shenanigans, they are still seeking to receive funds the old-fashioned way – via credit cards and bank wires.
In any case, if you somehow end on a suspicious exchange desk, always make sure to verify its legitimacy before filing in your personal information. Chances are that someone might be phishing for your data.
Cryptocurrency ads on Facebook
What makes this case particularly interesting is that the attackers managed to slip malicious cryptocurrency ads past Facebook’s defense mechanisms.
Earlier this year, the social media giant banned blockchain and cryptocurrency related ads, but witty marketers still found ways to sneak them in . Eventually, the company rolled back some of its restrictions on crypto-ads by letting pre-approved advertisers promote on its platform.
But now it seems scammers have found a way to exploit its updated policy.
Cryptocurrency thieves targeting social media platforms
Although the latest, Facebook is not the only platform targeted by scammers.
Twitter has been struggling to curb a string of giveaway scams on its platform since at least February .
Although the attackers initially deployed armies of bots – often impersonating crypto-celebs – to mass-spam links to the giveaways, their strategy evolved over time. Instead of simply posting large volume of giveaway links from random accounts, the scammers found ways to hijack verified profiles (and disguise them as fake Elon Musk ).
Indeed, numerous politicians and government accounts, as well as giants like Google and Target , ultimately fell victim to the tactic.
It’ll be interesting to see whether Facebook can tackle the issue in a more effective manner than Twitter. We’ve contacted Facebook for comment and will update this piece accordingly should we hear back.
In the meantime, watch out where you click when scrolling through Facebook – the cryptocurrency scam epidemic is spreading.
Update November 29 11:50 AM UTC: Facebook has since confirmed it is investigating the malicious ad.
“Deceptive, predatory ads have no place on Facebook,” said Director of Product management, Rob Leathern. “We have removed these ads and disabled both the account and page they ran from for violating our policies.”
Marshall Islands forges ahead with national cryptocurrency
The Republic of Marshall Islands (RMI) president Hilda Heine has survived a vote of no confidence by just one vote , meaning her proposed national cryptocurrency is still on the cards.
Heine’s opponents were unable to find the majority required to oust Heine over persistent plans to alleviate the nation’s reliance on the US dollar with a national cryptocurrency called “the Sovereign,” Nikkei Asian Review reports.
RMI’s parliament ended split evenly over whether to remove Heine from her leadership, 16 to 16. Heine will continue to serve as the nation’s head of state.
The decision to vote was realized after eight senators accused Heine of ruining the nation’s reputation with her idea of a state-backed cryptocurrency.
Straight after the vote, RMI finance minister Brenson Wase reportedly confirmed the government’s intent to launching the Sovereign, pending it meets requirements set by regulators from the US, Europe, and the International Monetary Fund (IMF).
The Sovereign was first revealed at the start of the year, when government ministers announced it would issue a new digital cryptocurrency via initial coin offering (ICO), intended to be used as legal tender.
But just last month, the IMF warned Heine to ease off on launching the Sovereign , or face being cut off from the US dollar altogether, which RMI uses to access critical monetary meant to curtail spiralling inflation.
To date there has been little evidence for Heine giving up on the idea of a sovereign cryptocurrency any time soon, and surviving today’s vote could only bolster her confidence – that is, until the IMF catches wind of these results.
India’s central bank admits it banned cryptocurrencies without ever researching them
India’s central bank, Reserve Bank of India (RBI), has been repeatedly warning citizens against the risk of investing in cryptocurrencies since at least 2013 .
After repeating the warning twice again in 2017, RBI let out a directive in April to ban all Indian banks from dealing with any cryptocurrency business. You would assume that RBI must have studied cryptocurrencies deeply to come to this conclusion, but you would be wrong.
In a response to a right to information (RTI) application filed by a local lawyer, Varun Sethi, the central bank has admitted they did not conduct any research or consult finance experts before taking this decision.
For some background, under Indian law, every citizen has the right to information from the government. If someone files an application seeking information from any public authority, it is mandatory to respond within 30 days.
RBI responded to Sethi’s query, but didn’t elaborate much on its answers. In fact, almost all the answers are either “No,” “We are not legally bound to answer that,” or “We don’t have that information.”
Here are the key takeaways from the RTI:
RBI didn’t constitute any committee to study the risks associated with cryptocurrencies. It is usual procedure for the bank to make such decisions based on the recommendations of expert committees, but clearly, not in this case.
RBI chose not to answer how they came to this decision if no committee was formed in the first place.
Is there any official working specifically on studying cryptocurrencies at RBI? No.
Did RBI consult any other country’s central bank or studied their regulation before taking this decision? No.
But, here is the best one: Did RBI do its own research before taking their stance on the risks involved with cryptocurrencies? The bank’s answer is a straightforward no.
So, what has RBI done to actually examine cryptocurrencies? In the longest answer to the RTI, RBI has described the list of ‘committees’ the body has been a member of, and the number of circulars it has issued against the risk of virtual currencies. But no mention of any research or consultations that the banks undertook. That’s right.
The petitioner is understandably not content with RBI’s response.
“A restriction of this magnitude should have beeb backed by expert opinion and research,” Sethi told Hard Fork. “We are already drafting the next steps — appeal under RTI and separately a case under Banking Regulation Act for a face to face representation with RBI in this matter.”
“Public Interest Litigation is something that is on the lines, however we shall be gathering more evidence on the matter and then proceed with it,” he further added.
Sethi further said that this is not the first he has filed an RTI with a government body in India regarding cryptocurrencies.
“ We earlier filed 5 RTIs in October 2017 with Securities and Exchange Board of India (SEBI), Reserve Bank of India, Income Tax Department, Ministry of Corporate Affairs, and Goods and Services Tax Department — however the responses were either vague or incomplete,” Sethi told Hard Fork. “We were not able to publicize the reports at the time, hence we built a website and got more active on twitter to share the results of our research to bigger audience. Our team would continue to research on the topic and communicate with more government departments to understand government’s perspective.”
When RBI banned banks from dealing with virtual currency businesses, it sent a wave of frenzy in the Indian cryptocurrency community — leading to multiple lawsuits being filed.
The attorneys involved in those lawsuits are now saying that they can use the RTI response to make their case against the central bank.
“This RBI response has cemented our case ahead of the hearing in SC. The grounds on which our writ petition has been filed is that the RBI has not done enough research to ban a business completely,” Rashmi Deshpande, one of the lawyers fighting out the case in India’s Supreme Court told local outlet, Economic Times.
The Indian bank is not the first to react frantically to cryptocurrencies. In fact, it has been a pattern all over the world.
Authorities in South Korea, Japan, the US all initially attempted to introduce blanket bans on cryptocurrency related businesses, later softening their stance with regulations instead of an outright ban . In fact, recent trend has shown that India may well be up to a similar path. There were reports in May that the country is considering introducing a retrospective tax on cryptocurrency trading rather than a ban.
For those interested, here is the full RTI application and RBI’s response to it (or download it here ):