As cryptocurrencies like bitcoin surge in popularity, so do scams.
As seen in the cryptocurrency subreddit, scammers have found a way to make their website addresses (URLs) look just like the authentic URLs of some popular cryptocurrency exchange sites, like Binance and Bittrex.
Unfortunately for the unsuspecting crypto trader, using your login credentials on a scam site can lead to theft of your cryptocurrency or your regular government-minted money.
Cautious cryptocurrency traders are absolutely right to look for that green “https” tag that usually comes before a website’s URL in a browser address bar. That tag helps users identify if a website is legitimate or not. But they may want to have a closer look at the URL next time they sign into their cryptocurrency exchange.
Check out how scammers can get by your defences, even if you think you’re being vigilant:
Usually, you can tell if a website isn’t legitimate if it doesn’t have the green “https” that comes before a website’s URL.
Reddit user “chrysotileman” posted a screenshot of a fake cryptocurrency exchange site “coinsmarkets.com.” If you’re vigilant, it’s easy to spot that it’s not a legitimate site or a legitimate entity running the site because it doesn’t have the proper certification to show that’s it’s trusted.
What you’re looking for is a green “Secure” and “https” before the website’s URL address, which is a sign that the site and company obtained the proper SSL (secure sockets layer) certificates. Obtaining an SSL certificate shows that the company behind the site is trusted.
Coinsmarkets.com doesn’t have either the green “Secure” or “https” before its URL address. Instead, it has a grayed out “Not Secure” and a regular “http” before the URL.
Usually, scam sites are identified and taken down pretty quickly. If you try to visit coinsmarkets.com now, you’ll be met with an error message.
But some scammers have found ways to display the green “Secure” and “https” in the website URL address, and they make an incredibly subtle change to the site’s address.
At first glance, this URL for the popular cryptocurrency exchange Binance looks perfectly legitimate. You can clearly see the green “https” before the Binance website URL.
It isn’t clear how scammers obtain an SSL certificate, which allows them to add that re-assuring green “https” to the front of the URL. At the same time, it’s also pretty easy to get an SSL certificate from a less reputable certificate issuer.
A closer look reveals small dots under each instances of the letter “n” in the word “binance,” which shouldn’t be there.
Those two dots under the Binance URL mean that you’re not actually looking at or using the real Binance site. Instead, you’re looking at a totally different site made by scammers to look nearly identical to the Binance site.
And since the site looks familiar and the URL checks out at first glance, unsuspecting users type in their login credentials, which can then be recorded by the scammers. Once they have your account login credentials, scammers can do whatever they want in your account, including stealing your cryptocurrency and even stored USD funds.
Even if you’re vigilant, those two dots in the Binance URL are hard to notice.
Reddit user “evantbyrne” commenting on the original post said “I’ve known about this for a while and I still had difficulty spotting it in the screenshot…”
Indeed, those dots can easily pass off as specks of dust on your monitor.
In this case, scammers used the regular letter “n” with an added so-called dot diacritic, or an underdot, which is used in central European languages and Vietnamese, according to Wikipedia.
It’s far more deceiving and effective than using a number that appears similar to a letter, like using the number “1” instead of the letter “i.”
Here’s another scam site impersonating the popular Bittrex cryptocurrency exchange site.
Twitter user Lukas Stefanko took screenshots of a fake Bittrex site that has the green “https” before the site’s URL address.
The fake URL has a cedilla, which looks like a comma under the “r” in Bittrex. You’ll have to click into the tweet below to see the larger screenshots.
— Lukas Stefanko (@LukasStefanko) October 11, 2017
Cedillas are widely used in languages like French and Portuguese. That’s not to say that the scammers are from those countries, as anyone can use any alphabet that a web browser supports.
How to avoid scam sites that impersonate real, legitimate sites
Scammers can leave links that lead to their scam sites in online places like forums, social media, email, or even on Google. So even if you’re expressly looking for an abnormality in the link, like an underdot or cedilla under a letter, it could be hidden by the underlining that usually accompanies a link.
The best way to avoid a scam site is to manually type the URL address to the site you want in your browser’s address bar. If you frequently visit that site, you can create a shortcut on your browser’s bookmarks toolbar. Still, after seeing this kind of scam, I’m now double-checking the website URLs on most of the sites I visit, especially those where I have accounts.
There are also web browser extensions you can download that help prevent phishing scams specially designed for “crypto enthusiasts,” like the Cryptonight extension for Chrome.