Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

Personal Data of Venezuela’s Humanitarian Aid Campaign Supporters Being Stolen Through Fake Webpage

Shortly after a registration page for volunteers was set up, attackers crafted a mirrored site in an effort to obtain users’ information. The mirrored site uses a strikingly-similar domain and structural website aspects as the legitimate page. Sigerist Rodriguez is listed as the registrar of the original page, while the identity of the registrar for the fake page is hidden by the GoDaddy Privacy Protection feature. Also, voluntariosxvenezuela[.]com is hosted on AWS while the alternate was initially hosted on GoDaddy, but then was switched to Digital Ocean. When signing up for the genuine page, users are asked to give their full name, personal ID, phone number, location, professions, and degrees. Researchers who discovered the page said, “The scariest part is that these two different domains with different owners are resolved within Venezuela to the same IP address, which belongs to the fake domain owner. That means it does not matter if a volunteer opens a legitimate domain name or a fake one, in the end, will introduce their personal information into a fake website.”

Analyst Notes

If trying to access the legitimate site, users should operate on domain name systems (DNS) that are public–such as Google DNS, CloudFlare, and APNIC. A VPN connection is also suggested as well.