On June 18, 2019, Facebook announced plans to release a cryptocurrency called Libra, as well as a complementing Calibra wallet. They won’t be available until 2020, but cybercriminals are already laying the groundwork for possible Libra and Calibra scams.
A substantial uptick in associated domains
A tech company called Digital Shadows assessed the number of newly registered domains that mentioned either Libra or Calibra. The research showed that registrations for domains containing either Libra or Calibra peaked on June 18. That suggests people wanted to capitalize on Facebook’s news and rapidly buy domains they could later use to make money.
Some parties that buy domains like that don’t have sinister intentions. They hope the companies behind such services — Facebook in this case — will eventually offer them large sums of money to purchase the domains.
One potentially positive finding from Digital Shadows is that the majority of those newly bought domains do not have content associated with them yet. They’re just parked for later use.
Malicious websites appearing as two types
The Digital Shadows investigation also showed that the domains with content feature two types of material intended to trick users. The first blatantly impersonates the genuine Libra/Calibra website. The other advertises scams that damage the Calibra and Libra brands.
Some of the websites do a bit of both. For example, the real Calibra website has a purple and white color scheme. A scam site, libra-ico.org, uses the same color scheme, as well as a similar font and graphics. Even worse, that particular domain and its content prompt users to supposedly buy Libra and get a 25% bonus now, although Facebook didn’t give a release date yet.
Scammers have also registered domains that use special characters, such as accented letters. They hope unsuspecting people won’t notice the difference, especially if viewing the site and address bar on their smartphones.
One recent example was calíbra.com (note the accent mark over the i). Less than a week after Facebook announced Libra and the Calibra wallet, a post at The Next Web warned people not to fall for a scam offered there that gave people access to a fake Libra token presale. As of now, the scam site no longer functions, and viewers see a page in Russian.
Google Translate shows that the content of that page indicates the entity behind it had their hosting account locked. That’s one successful shutdown of these sites, but more will crop up to follow it.
Libra will operate on the blockchain
Facebook envisions that Libra and the Calibra wallet app will collectively break down barriers for people who send or receive money. People will do so with apps like Messenger or WhatsApp from wherever they are in the world.
Facebook’s developers built an open-source blockchain for Libra. Tech analysts typically bring up several advantages when discussing the blockchain. For example, it allows for a trusted and verified transactional history. It goes all the way from the initial segment of a sale to the present. Plus, the blockchain’s visibility allows people to log in and check the transactions themselves.
That’s likely why a section on Facebook’s Calibra website mentions that if people get harmed by fraudulent transactions, they can receive full refunds. The blockchain’s transparency should let customer service agents log in and see what happened with a disputed transaction.
However, that benefit would not apply if individuals go to a website they believe is the correct destination for Libra or Calibra and get scammed.
How can users protect themselves from scams?
Analysts think there will be a rise in scammers who try to fool people who may be unfamiliar with cryptocurrencies. Some expect more confidence scams, where a cybercriminal appeals to people by asking them to wire money for urgent needs.
However, those will likely become more evident once Facebook offers Libra and Calibra. In any case, people should always be cautious when strangers reach out and urge them to transfer large sums of money.
The best way people can stay safe from imposter sites is to always use knowingly reputable sources to reach the Libra and Calibra pages. For example, the Facebook Newsroom published a press release containing the links for both official product websites. Moreover, internet users should avoid attempting to go to the Libra or Calibra sites by using a search engine and choosing the desired result from a list.
Get as informed as possible before acting
Facebook’s Calibra site features a signup form so people can provide their emails to get more details as they become available.
Besides taking advantage of that feature, individuals should always think carefully and learn about Facebook’s cryptocurrency services in detail before taking action that could result in getting scammed.