Popular NFT Marketplace Rarible Impersonated By Typosquatters

Typosquatters Impersonate Popular NFT Marketplace Rarible

The recent craze with NFT not only generates large sums but the interest amidst threat actors who are trying to capitalize on it. A fraud protection company Bolster alert about the proliferation of typosquatting campaigns targeting NTF buyers.

An NFT, short for Non-Fungible Token, is a piece of digital work recorded on the cryptocurrency blockchain that contains a digital certificate signed to prove that it is unique and cannot be copied.

NFTs is now getting mainstream attention as artists sell their digital art for large sums of cryptocurrency at popular auctions like Rarible or OpenSea. Recently, an NFT digital picture sold for over $60 million at Christie’s auction.

A cybersecurity and fraud protection company Bolster describes how cybercriminals use typosquatted domain names (with a typo) that impersonate the popular auction’s site, Rarible.com. Victims are targeted with scams, malware, and other unwanted content when they followed rogue links.

“Typosquatting domains: Typosquatting domains are lookalike domains targeting a brand. They look very similar to the brand’s legitimate domain and are hard to tell apart,” explains Bolster in their report.

In one example, online users who want to visit rarible[.]com, the legitimate website of the famous NFT marketplace Rarible, instead click on a rarbile[.]com link which is a typosquatting domain targeting Rarible. In another Rarible impersonation case, Bolster saw a domain wwwrarible[.]com that is missing the period [.] between the www and rarible. 

Search engines mostly are trying not to show these typosquatted domains in search results. However, scammers often use WhatsApp and Telegram, social media networks, direct messages on social media, or even ads to spread the typosquatted domain and try to trick victims.

When victims click on a faked URL, they are redirected to a website that targets them with a fake Firefox update notice. 

Fake Mozilla Firefox update

Image: Fake Mozilla Firefox update (BeepingComputer)

Other typosquatting domains reported by Bolster are rarbile[.]com, rareble[.]com, and rareible[.]com.

These links target victims with various scamming and phishing websites, such as fake dating sites, spin-the-wheel games, tech support offers, fake giveaways, or adware downloads, including with cryptocurrency miners.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.