Phishing Attacks in Cryptocurrency

Phishing Attacks in Cryptocurrency (1)

Phishing Attacks in Cryptocurrency

Cryptocurrency-themed phishing emails

The goal of a phishing scam is to spoof a real organisation’s online identity like an email, a URL or even a social media account to trick and manipulate users. Cybercriminals capture personal details, either by asking them to reset their password, divulging personal information of just clicking on a link. The popular form of Phishing scams in Cryptocurrency will try to impersonate popular wallets (Such as My Ether Wallet), or a major ICO that has just launched (such as Distric0x or Bancor).1

Cryptocurrency-themed phishing emails

These attacks typically start with an email or a social media message which manipulate potential victims to send cryptocurrency to a wallet with the promise that more will be sent back. As scammers lay the social engineering groundwork, they will also develop fake Twitter accounts impersonating exchanges, developers, and celebrities to try to further prompt users to click.2

SANS revealed a cryptocurrency-themed phishing email spoofing  blockchain.info. It attempted to obtain login credentials for bitcoin or other cryptocurrency wallets.  The content of the email was about “Ether Payment” asking users to view the details of the transaction on the blockchain, which has fake a URL.3

Cryptocurrency-themed phishing emails

Cryptocurrency-themed phishing email

 If the users click on the fake link, they visit the fake landing page shown below.4

Screenshot of the fake login page when it was still active

Screenshot of the fake login page when it was still active

Notice domain was blockpchain.info. There is the “p” letter between “block” and “chain”.

Nothing on the base page

Nothing on the base page

As the popularity around cryptocurrency has continued to increase in 2018, it has also been inviting scammers to launch cryptocurrency-themed phishing emails. Researchers at Proofpoint observed a sharp rise in these scams, which target users of Ethereum and Bitcoin and typically request that victims send a small amount of the currency in exchange for a much larger payout in the same cryptocurrency. 5

  1. http://hivergent.com/know-cryptocurrency-scams-phishing-scams/
  2. http://hivergent.com/know-cryptocurrency-scams-phishing-scams/
  3. https://isc.sans.edu/diary/Cryptocurrency-themed+phishing+emails/23747
  4. https://isc.sans.edu/diary/Cryptocurrency-themed+phishing+emails/23747
  5. https://threatpost.com/attackers-cashing-in-on-cryptocurrency-with-increased-scams/132275/

Share this post