Skip to content

Phishing sites use misleading letters in domain names to steal XRP

June 17, 2020

Xrplorer forensic scientists warned on June 15 of an extensive phishing scam in which hackers attempt to steal XRP users’ secret keysunder the wrong premise that Ripple is giving away tokens.

According to the message, The fraud campaign, which dates back to around January 17, 2020, started by sending memo messages with minimal amounts of XRP They said:

“Starting February 1, 2020, Ripple will launch 3 billion XRP to incentivize network users. In a few minutes, you’ll get 25% more XRP on your account balance.”

In the memo, which claimed to be Ripple’s Insight blog, the fraudsters linked to a website that published the company’s alleged “great gift”.

The use of “homoglyphic” domains

Phishing sites use misleading letters in domain names to steal XRPPhishing sites use misleading letters in domain names to steal XRP

The main feature of the scam is the fact that fake Ripple websites seem legitimate, not only because of the exact replicas of the templates used to create the site, but also because of the fact that Fraudsters also use “homoglyphic” domains.

A homoglyph is a sign that can be replaced by another, which makes it difficult to recognize it quickly. Instead of the original domain “ripple.com”, the fraudsters bought the domain “rípple.com”. and they use it on fake websites to appear legitimate to the naked eye.

A new wave of phishing attacks occurred in May 2020, according to Xrplorer. This time not with payment notes, but with spam emails to those interested in XRP.

The total amount stolen

At press time, fraudsters managed to steal more than 2,100,000 XRP ($ 399,000) and wash around 1,980,000 XRP ($ 376,200).According to the report, mainly through exchange services such as ChangeNOW and CoinSwitch.

Cointelegraph reported on April 29 that Garlinghouse YouTube videos appeared periodically to promote a fake 50 million XRP air drop. Ripple considered the platform’s response time to be insufficient to remove such content and filed a lawsuit against YouTube in April.