More Than 5,000 Domains Related to Libra Uncovered in One Month


Here’s How Attackers Reuse ICO Phishing Kits to Leverage ‘Libra Fever’

Facebook’s first entry into the crypto market with its new cryptocurrency, Libra, has got a lot of people excited. So much so, that despite the currency being months away from launch, victims are being tricked into buying early Libra tokens by hackers who do nothing more than set up a fake “token sale site”, and name their price.

In the FOMO frenzy to get in early on Libra, many people will act before they think, falling victim to Libra phishing scams, and entering financial information that will see them out of pocket.

Off-the-shelf phishing kits make it easy for attackers to cash-in 

Segasec research has shown that during the last few weeks, an incredible surge in domains related to Libra has been created. After monitoring for one month, over 5,000 domains were uncovered, with the numbers expected to double over the next month, and again in the month after that as the cryptocurrency nears its launch in 2020. This amount of domains is impossible to monitor manually, and Facebook will need to start leveraging Machine Learning capabilities to stay one step ahead.

The dark web sells DIY phishing kits that are incredibly easy to use, even for attackers without technical know-how. As the Initial Coin Offering (ICO) web pages to fund previous cryptocurrencies are easy to mirror, this gives these phishing attacks a real air of legitimacy. The Libra branding has also been launched, and so smart attackers can build a web page that easily fools users into making a quick decision with long-lasting consequences. This example below, which is still live while these lines are being written, is a realistic copy of the ICO websites, and lends a sense of urgency to the scam, with a fake countdown that encourages users to fall for the attack. 


As ICOs are such a new entry to the financial market, they currently remain unregulated, which means that users have little to no recourse if an ICO ends up being a scam. Preying on well-known psychological traps such as this example below offering a 50% discount for feedback on the currency, it’s easy to recognize that people are going to fall for these scams and lose a whole lot of money in the process. 


Can Facebook cope with the scale of attacks?

Following a similar pattern to ICO scams of previous cryptocurrencies, it’s not just web pages that users need to look out for. Social media is also seeing a surge in false pages and groups that advertise pre-sales for Libra. Many of these are even being advertised across Facebook itself – providing money to the platform, even as the social media giant warns that any offers to buy Libra are definitely a scam and should be ignored.

Many of these groups have been active since before Facebook made the official announcement about Libra in June, more than two months ago. 

If Facebook is failing to protect users ‘in their own house’, the rest of the infinite web doesn’t stand a chance.

If Facebook can’t do more, companies need to step up and find a solution that can cover this growing threat. As the amount of attacks grows, whichever solution business owners choose needs to provide 24/7 surveillance, as well as technology that can handle attacks at scale, removing the risk at the earliest stages, before the threat goes live and can prey on the excitement of the public. 

These early scams connected to Libra are just the beginning. As the launch gets closer, the risk is only going to get higher, taking advantage of the most vulnerable users and putting Facebook’s business reputation on the line.