Bitcoin's Popularity Boosts Phishing Scam Success

Phishing scams using bitcoin as cover are the latest indicator of the digital currency's popularity.

AccessTimeIconAug 22, 2014 at 2:06 p.m. UTC
Updated Aug 13, 2021 at 10:16 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Bitcoin has fired the public imagination so intensely that even non-bitcoin users are falling for phishing scams that dangle the prospect of cryptocurrency riches in front of them, according to new research from digital security firm Proofpoint.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • found that thousands of phishing messages disguised to look like emails from a Blockchain wallet were sent to addresses with no direct link to bitcoin. This is a departure from typical bitcoin phishing attacks that target known and active cryptocurrency users, according to the security firm.

    The new attacks yielded a "staggeringly high" response rate of 2.7% from victims, suggesting that members of the general public were sufficiently attracted by a bitcoin lure to click on the malicious links.

    Kevin Epstein, vice president for advanced security and governance at Proofpoint, said:

    "Imagine a phish touting automobile insurance that was sent to non-car owners – the fact that anyone clicked, much less 2.7%, is startling testament to human weakness and the intrigue around bitcoin."

    Companies and organisations hit

    The Proofpoint research found that 12,000 messages were sent to more than 400 large companies and organisations across a range of industries, including finance, media and manufacturing, in two "waves" of attacks on 13th and 14th August.

    The firm declined to name any of the targeted organisations, citing confidentiality agreements, but said they included one of the world's largest financial institutions, a Japanese automotive manufacturer, two major American universities and three of the biggest international healthcare organisations.

    The malicious messages were made to look like an automated email from wallet provider Blockchain, alerting the recipient that there had been an unauthorised attempt to open the wallet.

    The recipient is asked to reset their wallet password by clicking a link which brings the victim to a log-in screen that seems identical to the Blockchain wallet page. Any wallet details submitted through this fake log-in page are transmitted to the scammers, who can use them to access the victim's wallet.

     The malicious email mimicking a Blockchain wallet security alert.
    The malicious email mimicking a Blockchain wallet security alert.

    While the attack would only be profitable if it tricked an actual Blockchain wallet user, Epstein said that the high click-through rates, which have been better than for benchmark rates for marketing communications like email newsletters, suggest that even non-bitcoin users knew enough about cryptocurrency to be lured by the prospect of gaining access to some potentially lucrative bitcoins.

    "It's a staggeringly high click-through rate given the relative percentage of recipients who would have been bitcoin holders," Epstein said.

    'Topical news' approach

    Proofpoint noted that the phishing attack's employed a straightforward 'account warning' template that is simple yet highly effective.

    The phishers also played on current fears over hackers from China by framing their initial message as a security alert over an unauthorised log-in attempt originating from Sichuan province in western China. That province's technical university has made headlines as a possible proving ground for state-sponsored elite hackers.

    Epstein said this was the "topical news" approach to phishing, which had been recently deployed in other attacks that used this summer's World Cup as cover.

    "Topical news is always effective. We have seen and will likely continue to see 'Chinese hackers' as an element," Epstein said.

    The research did not uncover the attacker's identity, although Epstein said that the attacks appeared to be purely profit driven, which ruled out organised crime or industrial espionage.

    He warned that the method of attack held rich potential to inflict greater damage in future, particularly if they were used to deploy trojan horses, which is software that performs unauthorised actions on your computer, or ransomware, which blocks a victim's access to a computer until a ransom is paid.

    Phishing Image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.



    Read more about