Criminals will set up a fake URL/website which looks and acts like a legitimate website, but is actually set up to steal sensitive information.

In our investigation above, a well-known online cryptocurrency exchange was 'spoofed' - or recreated to imitate the genuine site - to gain access to victims' bitcoin wallets, stealing their funds and login details.

Criminals can rely on people mistyping certain URLs, or link to the fake domains through email/text/social media etc.


Be sure that you're on the correct website
- Check the URL of the website (e.g. misspellings or variations of phrasing, and misleading domain endings like 'orguk.com')
- Consider bookmarking important websites

- Hyper Text Transfer Protocol Secure (HTTPS) indicates that a site uses encryption to prevent attackers from intercepting data. However, be aware it does not always mean that a site is 100% genuine. As you browse, ensure that the 'S' on HTTPS persists across pages.

Two-Factor Authentication (2FA)
- 2FA offers an extra layer of protection when logging into accounts by generating an additional code to use when logging in. Enable 2FA on all online accounts to increase security.

Educate your staff to defend against common cyber threats/exploits, for example: 
- Phishing - see the NCSC's guide on this at https://www.ncsc.gov.uk/phishing.
- Social engineering - the Take Five campaign / CyberAware

If you think you have been a victim of this or any other type of cyber crime, please report it
All reports help to build vital intelligence which can be shared and acted upon across law enforcement. It also helps inform awareness campaigns to be as accurate and effective as possible. We always encourage victims to report the crime to ActionFraud via phone (0300 123 2040) or website (https://www.actionfraud.police.uk).

By using this website you agree to our use of cookies to enhance your experience. I understand