- Attackers have resorted to DNS manipulation to impersonate the original site intended for registering volunteers.
- The identical, false website has a similar domain name and structure.
Days after a website meant for volunteer registration was launched, attackers have created a mirror version of the site to pool sensitive user data. ‘Voluntarios por Venezuela’, a movement ideated by Venezuela’s interim president Juan Guaido to seek humanitarian aid for the country, had its official website impersonated.
First detected by security firm Kaspersky Labs, the false site was found to rely on similar domain name and website structure.
As part of signup process, the genuine website voluntariosxvenezuela[.]com asks volunteers to provide details such as full name, personal ID and phone number. Additionally, it also asks for their location as well as other information like possessions, degree, and more.
Same IP address & DNS Manipulation
According to Kaspersky’s analysis, the original site is said to be registered in the name of Sigerist Rodriguez on February 4th. On the other hand, the false site is registered on February 11 and the creator's identity is hidden using GoDaddy’s Privacy Protection feature. Additionally, voluntariosxvenezuela[.]com is hosted on AWS whereas the mirror is hosted on GoDaddy and later on Digital Ocean.
Kaspersky's blog indicated that, “..the scariest part is that these two different domains with different owners are resolved within Venezuela to the same IP address, which belongs to the fake domain owner. That means it does not matter if a volunteer opens a legitimate domain name or a fake one, in the end, will introduce their personal information into a fake website.”
The security firm has also advised using public DNS servers such as Google DNS servers (18.104.22.168 and 22.214.171.124) or CloudFlare and APNIC DNS servers (126.96.36.199 and 188.8.131.52). In addition, using VPN connections is also suggested.