A British security firm has revealed that scammers have found a way to use BBC’s news website to mine Bitcoin. According to myonlinesecurity, cybercriminals have spoofed the BBC news page. The attackers reroute victims to affiliate websites which generate bitcoins for them.
The security loophole was discovered last week by the security firm. According to the report, internet users receive convincing-looking emails with a “Display Message” link. The links direct users to web pages that have been designed to look similar to BBC News.
How spoofing works
When users click anywhere on the fake BBC News page, they are directed to one of the affiliate sites controlled by the attackers. This, in turn, generates a certain amount of bitcoins per page view. The report pointed out that the “Display Message” was not visible for Outlook clients. Mac users meanwhile were sent to fake login pages instead of the fake BBC News sites others are directed.
In cases like this, the attackers add words to the original site address. This keeps the format but changes the direction. The researchers pointed out that the BBC email scam redirected readers to https://business-news.bbc-1.site/landers/bbc-business-news/#forward
The spoofing of the BBC News site works similar to spoofing attacks in the past. At first glance, the site may have looked legitimate, but a closer look showed that all articles and links on the site refer to Bitcoin.
To further boost their credibility, the attackers duplicate and compromise some emails and use them to send links to familiar or trusted contacts.
Spoofing implemented in a new way
Spoofing has been around for a while. The technique alongside phishing has been used to trick users into giving up confidential information or system resources. The spoofing of BBC News site differs from others carried out in the past because the only purpose here is to lure users into sending traffic to the affiliate sites.
It is still unknown how many people have been affected by this attack. Cloudflare, which hosted the fake website set up a scam alter page after it was notified by the researchers.