Cyber-scammers are scrambling to take advantage of Facebook's upcoming digital currency and wallet, registering domains related to Libra and Calibra in the hope of drawing in unsuspecting victims investigating the projects, say security researchers.
In the days after Facebook's 18 June announcement, Digital Shadows saw a surge in the number of domains with references to either Libra or Calibra registered.
In a blog, Digital Shadow's Alex Guirakhoo says that the vast majority of these new domains are boring and not hosting any content. He speculates that many are domain squatters looking to make a quick buck from Facebook.
However, some - at least six - are impersonating the legitimate Libra or Calibra sites in an effort to trick visitors into thinking they are at the real thing and that they can safely share sensitive information.
Other domains are being used to promote scams that abuse the Libra and Calibra names. One site claims to have set up Debian-based Virtual Private Servers with access to the Libra blockchain. These are available to buy from $200, and purportedly allow anyone to create a wallet, send and receive Libra, and mint coins
David Emm, principal security researcher, Kaspersky, says: "Unfortunately, the reality is, many people are unsure about using cryptocurrency, or even what cryptocurrency is, enabling cybercriminals to take advantage of potential investors. The bottom line is, where there’s money to be made you’ll find cybercriminals looking to exploit innocent people."