Just like fraudsters try to trick you into handing over your login passwords for your online bank, your eBay account, or your Apple iCloud credentials, it seems they’re not above trying to dupe you into opening the door to your Bitcoin accounts as well.
Check out this example of a phishing campaign that was spammed out this weekend, targeting users of Blockchain.info – which claims to be the world’s most visited Bitcoin website with over a million registered users and 200 million pageviews each month:
The social engineering in this example is pretty elementary, but I have no doubt it works.
After all, who wouldn’t want to receive an email out of the blue telling them that they’ve been unexpected given some Bitcoin?
So, no doubt, many people will click on the link without thinking.
And, at first glance, you may not realise that the site you are taken to is a phishing trap rather than real Blockchain website.
But take a closer look, and you (hopefully) should have alarm bells ringing.
This isn’t the real Blockchain.info website, but a domain suspiciously named blockchaiin.com (notice the double “i”) instead.
Take greater care about your online passwords and reduce the chances of your being phished by checking the link URLs you about to click on *before* you click on them.
Furthermore, when online services give you the option, enable two-factor authentication which means any raider of your account will need more than just a username and password to gain access (details of Blockchain’s two-factor authentiction system are available here).
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.