Spoofed BBC News Pages

Over the first weekend of January, a researcher from My Online Security was alerted to emails that contained a little button attempting to coerce the recipient to click on it. The button reportedly does not appear for Outlook users and the landing page from actually clicking the button may vary due to the recipient’s IP address, operating system and so on.

The initial report of the emails involved the recipient being directed to a login page. What the researcher found was a set of webpages crafted to look like those of the BBC News’ website. Clicking on any links in the spoofed pages redirected the user to a Bitcoin website where the entity behind the campaign was receiving revenue through the page views of the victim. While this campaign was detected in the UK, the BBC is a globally known news service, so possibly not confined to the UK.

Indicators of Compromise

Domains

  • https://thesecureoffer.com/bitcointraderc/
  • http://login.mobilesecure-mail.host/5c24d32e7205a21424913768?-Ormz3M=&zldKGsCL=IDA7zZe3zt8&-Ormz3M=
  • https://business-news.bbc-1.site/landers/bbc-business-news/#forward

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this:

Notice: ob_end_flush(): failed to send buffer of zlib output compression (0) in /home/systemte/public_html/wp-includes/functions.php on line 4339