Scammers Are Buying Domains Related To Facebook Libra Cryptocurrency
A little over a week ago, Facebook finally confirmed one of the biggest rumours in the cryptocurrency world. After around 2 years worth of development, the company was preparing to launch its very own coin with the hopes of getting in on the mining/blockchain action.
Now, the coin itself still has a fairly long way to go yet as it looks to jump through all the necessary legal loopholes to become one of the more legitimately recognised currencies. Specifically, so that it can be easily traded and exchanged. In a report via Axios, however, scammers are reportedly already making moves to try and get in on the action!
The vast majority of these are fairly boring currently parked and not hosting content. Some domain squatters aim to jump on a domain name with the hope of making a profit when the company looks to buy it back from them. It’s become common practice for a lot of businesses to preemptively buy up all the relevant domains, so they don’t fall into the wrong hands, particularly TLDs which can cause reputational damage or send the wrong message.
The rest of the domains, however, were registered to host malicious content and scams those looking for Facebook’s Libra cryptocurrency. The domains fall into two categories: those impersonating a legitimate Libra or Calibra website, and those promoting scams through their names.
Taking Advantage of Libra’s Media Coverage
When Facebook announced the launch of Libra, most news outlets started reporting on it, and even covered how it takes from some top cryptocurrencies for the “best of all worlds.” Taking advantage of the popularity the cryptocurrency quickly gained, scammers started trying to convince victims they were operating its legitimate website.
This way, potential victims are likely going to trust the claims found on the malicious websites and trust them with their financial data and personal information. Domains can, in fact, closely resemble the legitimate Libra domain by using characters from the Greek, Cyrillic, and other alphabets.
These characters resemble those of the Roman alphabet, and can make domains appear near-identical to unsuspecting users. This is called a homographattack, and at least six cases were found regarding Facebook’s Libra and Calibra:
- “calìbra[.]com (xn--calbra-yva[.]com)
- líbra[.]org (xn--lbra-vpa[.]org)
Cybercriminals with experience are able to clone Libra’s legitimate website and change only what they need to suit their needs. Per Digital Shadow, the best websites can be nearly impossible to distinguish from the legitimate one.
In a case the organization pointed to, scammers were asking users to buy Libra using Ethereum’s ether, and were supposedly granting them a 25% bonus. Facebook’s cryptocurrency is only set to launch in 2020, and cryptocurrency exchanges ShapeShift and Binance are still just planning to list it.
The short version is, until you see a picture of Mark Zuckerberg either holding a Libra coin or cutting the ribbon on something, don’t invest in Libra! Any website offering it at the moment is about 99.9% certainly a scam just looking to take your money!
Facebook is aware of the domain name grabs. In a statement, they have said:
“We’re aware of the issue and will work with the Libra Association to take appropriate action.”
If there’s one thing that will remain constant, it’s that scammers, uh, find a way. There will undoubtedly be dozens more domains created between this blog’s publishing and the time it takes you, my dear reader, to reach its conclusion.
Though not every company is as large as the behemoth that is Facebook, the gold rush that arose following the announcement of their cryptocurrency can serve as a useful example to other organizations and consumers alike, with several lessons learned:
- Be vigilant on your online travels and trust your gut instinct. Have a watchful eye for misspellings in domain names, strange TLDs, redirects, and peculiar characters.
- Be aware of the current limitations of WHOIS data. Since GDPR, WHOIS data cannot, in many cases, be used to reliably gauge the legitimacy of a website, beware of domains created with different registrars than usually used by a company.
- Be stingy with your personal and financial data. Always make sure you’re on the website you intend to be on before handing over your personal details, if something seems broken or off, then it very well may be a fake.
- If it seems implausible or too good to be true, then it probably is. Scammers will constantly try to find ways to outsmart their victims- stay ahead of the game and avoid grandiose claims of fortune.
By this we mean characters as in letters and symbols, but you should generally be wary of other types of peculiar characters as well, like gnomes, or strangers in trenchcoats.