Wikipedia has been the victim of multiple cyber-attacks in recent times, particularly in the last five years.
A large percentage of the schemes aimed at the site have been phishing schemes.
In one of the latest phishing schemes, the cyber criminals posted a false AlphaBay URL to bait internet users into a fake dark web platform.
AlphaBay is the largest dark web platform today and one of the most successful, a predominant reason why this scheme was so profitable.
The operation is quite simple. Since Wikipedia can be edited by virtually anyone, the criminals keep inserting the fake AlphaBay URL into Wikipedia’s AlphaBay page.
A victim who clicks on the AlphaBay URL is promptly redirected to a fake version of the site.
This tricks them into entering his/her username and password.
Once this happens, the internet criminals have access to the victim’s credentials.
In many cases, the victim is redirected to the authentic AlphaBay market.
As such, they may never be aware that they just gave out their credentials to the fraudsters.
The criminals employ tools such as Scallion to hash out the fake AlphaBay URL making it look similar to the authentic one.
Revealed in a report, the fake AlphaBay URL was pwoah7p6o5e67qul.onion, while the genuine one is pwoah7foa6au2pul.onion.
The immediate visual similarity indicates that an ordinary internet user would not be able to spot the difference at a glance.
This is often the case for many onion URLs since they are randomized.
It is important to note that the fake URL was deleted immediately and the page was taken down permanently.
Unfortunately, for the affected victim in such cases, the internet criminals proceed to steal their accounts and the funds withheld therein.
The funds are typically in the form of digital cryptocurrencies, such as Bitcoin.
The internet criminals can stand to earn tens of thousands of dollars’ worth of Bitcoin with very little effort.
Dark web vendors are also liable to attacks through such phishing schemes.
Data breaches involving the vendor accounts are potentially more profitable as they often contain more funds as well as clients’ information.
Client information can be used for secondary attacks, making such incidences more notorious.
Some cyber criminals opt to hold the confidential data ransom in exchange for large sums of money.
Unfortunately, paying the demanded ransom does not always guarantee that the darknet vendors and clients will receive access to their accounts again.
Malicious cybercriminals sometimes put the data for sale even after the victims have paid the requested amounts.
For this reason, internet security experts strongly advise affected parties to avoid paying ransom for data and instead opt for mitigation procedures.
This puts dark web vendors with a reputation to uphold in a tight spot.
They almost always end up paying to avoid losing clients.
Doing so ends up making the schemes highly profitable and attracts even more hackers.
This is an incentive that has been influential in the increasing incidences of cybercrime in the last half-decade.
This latest AlphaBay URL phishing scheme on Wikipedia will definitely not be the last.
Wikipedia has a history with these kinds of phishing campaigns in various forms from 2010 through to 2016.
In some of the cases, the technique was used to spread malware.
In the wake of the AlphaBay URL scheme, Wikipedia’s editor Chris Monteiro was quick to reassure internet users of benefits of the site if it is used properly.
He noted that if the users were more aware of best cybersecurity practices and are vigilant, such hacking campaigns would not be as successful as they are currently.
AlphaBay’s operators also touched on this point, but seemed to be less sympathetic to the victims.
They pointed out the issue of user fallibility.
AlphaBay operators have always advised dark web users to cross-check URLs coming from purported official sources, as they may not always be legitimate.
Crosschecking could have easily saved many dark web users from the AlphaBay URL scheme.