Bitcoin phishing attack targets Blockchain users

BlockchainIf you're an advocate for the Bitcoin digital currency be on your guard, because phishers are after your cash.

Just like fraudsters try to trick you into handing over your login passwords for your online bank, your eBay account, or your Apple iCloud credentials, it seems they're not above trying to dupe you into opening the door to your Bitcoin accounts as well.

Check out this example of a phishing campaign that was spammed out this weekend, targeting users of Blockchain.info - which claims to be the world's most visited Bitcoin website with over a million registered users and 200 million pageviews each month:

Blockchain phishing email

The social engineering in this example is pretty elementary, but I have no doubt it works.

After all, who wouldn't want to receive an email out of the blue telling them that they've been unexpected given some Bitcoin?

So, no doubt, many people will click on the link without thinking.

And, at first glance, you may not realise that the site you are taken to is a phishing trap rather than real Blockchain website.

Blockchain phishing site

But take a closer look, and you (hopefully) should have alarm bells ringing.

Pay close attention to the URL

This isn't the real Blockchain.info website, but a domain suspiciously named blockchaiin.com (notice the double "i") instead.

Take greater care about your online passwords and reduce the chances of your being phished by checking the link URLs you about to click on *before* you click on them.

Furthermore, when online services give you the option, enable two-factor authentication which means any raider of your account will need more than just a username and password to gain access (details of Blockchain's two-factor authentiction system are available here).

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , ,

4 Responses

  1. Paul Salmon

    March 24, 2014 at 1:33 pm #

    As you mentioned, two factor authentication is definitely something you want to setup, and most Bitcoin-related sites have the ability to enable two factor authentication. By enabling two factor authentication, you will (hopefully) have enough time to change your password before any unauthorized user gains access.

    Bitcoin phishing e-mails will start to become common, although, I wonder if they will be as effective considering most people probably don't have an idea what a Bitcoin is.

  2. John Underwood

    March 24, 2014 at 2:28 pm #

    Thank you

  3. Eric Kennedy

    March 24, 2014 at 3:44 pm #

    Still there, now it's blockchaiin.tk.. last night it was a IP.. i can't believe google is propagating these links as a PAID ADVERTISEMENT

    • Jean Bergeron in reply to Eric Kennedy.

      May 21, 2014 at 2:47 am #

      they are also using www.blockchain.onl

      beware over $45,000 have been stolen in a few days

Leave a Reply