Cybercriminals have been conducting a massive phishing campaign impersonating crypto solutions provider Ripple since March 30, Bitdefender Antispam Lab warns.
Ripple is a payment protocol and exchange network developed by Ripple Labs Inc, a US tech company and leading provider of crypto solutions for businesses.
XRP, which holds a pre-mined supply of only 100 billion, is the native digital token used by Ripple due to its reliable, carbon-neutral and fast delivery. XRP transactions are solely operated on its decentralized open-source blockchain XRPL or XRP ledger.
Cybercrooks often mimic crypto organizations to defraud users of their digital assets and personal information. The impostor letter allegedly sent from the “Ripple Team” announces a fresh XRP token allocation program to investors.
The email connects users to a fake Ripple blogpost describing the “Token Allocation Program,” and how investors can register their XRP claim.
Before we delve deeper into the latest scam impersonating Ripple, let’s breakdown some important facts:
Subject lines include:
Users are advised to connect to RippleNet, a cloned version of the Ripple webpage, where they are given additional instructions to claim their XRP bonus.
Our researchers triggered a 2x Bonus that landed them a 1,247.34 XRP reward, as seen in the screenshot below. They were also given a five-minute window to complete the claim.
To add more credibility to their ruse, the scammers emphasized the importance of using well-known hardware wallets Ledger and Trezor to complete the transaction in both the blogpost and fake token allocation tool platform.
Here's what happens when we attempt to connect:
Recipients who go ahead with the fraudulent token allocation process by using one of the four connection methods will ultimately give attackers the means to empty their wallets.
Cybercriminals are continuously using social engineering attacks to target cryptocurrency holders via email, text and social media platforms.
To protect digital assets from cybercrooks, crypto investors should scrutinize any form of Ripple correspondence that promote any form of XRP giveaways, information also found in the FAQ page on the official Ripple platform.
“Neither Ripple nor any executive of our company will be offering free giveaways of digital assets,” Ripple said in a 2022 blog post. “Any XRP giveaway is not endorsed by, affiliated with, maintained, authorized or sponsored by Ripple.”
Users should also pay close attention and hover over any embedded links to spot any inconsistencies.
We also advise customers to be extremely cautious when searching for any giveaway campaigns online. In our attempts to investigate the claims of the bogus emails, Bitdefender researchers found that the first two search queries listed on Google connected users to clone versions of the Ripple website.
To fend off similar malicious campaigns:
Bitdefender all-in-one plans come with handy features to fend off fraud and phishing attempts that may harm you financially, including: