If you’re an advocate for the Bitcoin digital currency be on your guard, because phishers are after your cash.
Just like fraudsters try to trick you into handing over your login passwords for your online bank, your eBay account, or your Apple iCloud credentials, it seems they’re not above trying to dupe you into opening the door to your Bitcoin accounts as well.
Check out this example of a phishing campaign that was spammed out this weekend, targeting users of Blockchain.info – which claims to be the world’s most visited Bitcoin website with over a million registered users and 200 million pageviews each month:
The social engineering in this example is pretty elementary, but I have no doubt it works.
After all, who wouldn’t want to receive an email out of the blue telling them that they’ve been unexpected given some Bitcoin?
So, no doubt, many people will click on the link without thinking.
And, at first glance, you may not realise that the site you are taken to is a phishing trap rather than real Blockchain website.
But take a closer look, and you (hopefully) should have alarm bells ringing.
This isn’t the real Blockchain.info website, but a domain suspiciously named blockchaiin.com (notice the double “i”) instead.
Take greater care about your online passwords and reduce the chances of your being phished by checking the link URLs you about to click on *before* you click on them.
Furthermore, when online services give you the option, enable two-factor authentication which means any raider of your account will need more than just a username and password to gain access (details of Blockchain’s two-factor authentiction system are available here).
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
4 comments on “Bitcoin phishing attack targets Blockchain users”
As you mentioned, two factor authentication is definitely something you want to setup, and most Bitcoin-related sites have the ability to enable two factor authentication. By enabling two factor authentication, you will (hopefully) have enough time to change your password before any unauthorized user gains access.
Bitcoin phishing e-mails will start to become common, although, I wonder if they will be as effective considering most people probably don't have an idea what a Bitcoin is.
Still there, now it's blockchaiin.tk.. last night it was a IP.. i can't believe google is propagating these links as a PAID ADVERTISEMENT
they are also using www.blockchain.onl
beware over $45,000 have been stolen in a few days