Application security, Malware, Phishing

Cybercriminals using phishing scams to steal cryptocurrencies

With the value of cryptocurrencies like bitcoin continuing to climb, cybercriminals are looking to expand the tricks they use to steal these virtual dollars.

The newest trick in their arsenal is to use the websites that support the various currencies as bait in phishing scams. A Proofpoint report pointed out several examples of cryptocurrency users being hit with phishing scams that attempt to steal wallet IDs and credentials that would allow them to withdraw money from the victim's digital currency wallet. Ironically, the anonymized nature of these currencies makes it almost impossible to track the thief or where the money went.

Not surprisingly bitcoin, as the most popular digital currency, is frequently found at the center of these attacks with cybercriminals using emails purportedly from bitcoin-wallet provider Blockhain.com as a lure. The emails match Blockchain's typical email format and use the correct branding and normally tell the target that a recent transaction was not successfully completed. It then asks for the victim to follow a link that will lead them to a “Blockchain” page where they are asked for their login credentials. To make certain the phishing emails and fake websites appear genuine the scammers keep an eye on any changes made by Blockchain or other digital currency company.

“We have observed regular updates to phishing templates keeping them in step with design changes to the legitimate blockchain.com website,” Proofpoint said.

Even though the majority of attacks do target bitcoin, the bad guys are not ignoring the lesser used varieties like Monero, Dash and Ethereum and also have their eyes on cryprocurrency exchanges like Poloniex.  In the case of going after the exchange the criminal is simply avoiding having to deal with the middle man, the customer.

“These templates attempt to steal wallet IDs and credentials that allow actors to conduct fraudulent transactions with third parties or withdraw funds directly,” Proofpoint reported.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.