Personal details of more than 3,000 people in Singapore leaked online

The scam features a celeb in the victim's location, like Bryan Wong in Singapore, saying he or she had made a fortune on a cryptocurrency investment platform.
PHOTO: GROUP-IB

The personal records of 3,499 people in Singapore have been leaked online, and they are being targeted in a bitcoin scam. The records, which include names, phone numbers and e-mail addresses, were discovered by Singapore-based cyber security company Group-IB recently.

In a release yesterday, it said the records were part of a larger haul comprising the records of almost 250,000 people.

Most are from Britain, tallying more than 147,000 records, while the rest are from Australia, South Africa, the US, Singapore, Malaysia, Spain and other countries.

The source of the leak and how the details were stolen are unknown.

The leaked details are being used by scammers, who send victims text messages disguised as being from recognised media outlets with an enticing headline and a link.

Sample messages acquired by Group-IB researchers showed the headline would usually feature a celebrity relevant to the victim's location, such as Bryan Wong in Singapore or Chris Brown in the US.

Those who click the link are taken to a fake news site featuring celebrities saying they made a fortune on a new cryptocurrency investment platform.

Clicking any link in the article takes victims to the scam bitcoin investment platform website.

The Group-IB team found the scam platform used the names Crypto Cash, Bitcoin Rejoin, Bitcoin Supreme and Banking on Blockchain.

Mr Ilya Sachkov, chief executive and founder of Group-IB, warned that the elaborate nature of the scheme showed that cyber criminals were getting more sophisticated.

"Bitcoin investment scams have been around for a while and we regularly detect new instances of crypto fraud," he said.

"This time, however, the scheme was significantly upgraded, and a tremendous amount of personal information was leaked. The bad guys got smarter in a bid to increase the success rate of their fraudulent operations."

Group-IB said one should be wary of long redirect chains and double check the domain name before entering personal data on a site.

In response to the leak, a spokesman for the Cyber Security Agency of Singapore said members of public should stay vigilant and warned that scammers will use topics of high interest to lure victims.

"These could take the form of investments that promise high returns, General Election-related news, or threats to freeze their online accounts," she said.

"(Members of public) should not disclose personal or financial details, make transfers or follow any instructions to install apps or log into their banking accounts."

This article was first published inĀ The New Paper. Permission required for reproduction.