Lily Newman at the Future Tense blog wrote this post for the slate site, after Slate's news editor Chad Lorenz received a new phishing email purportedly from coinbase, who happily informed him he had just received 0.0456703 BTC worth just under thirty bucks.
The bad guys are recycling a very old idea and put some modern lipstick on it. Instead of winning the lottery in Nigeria, you have now been given 30 bucks in Bitcoins. Just sign in to view the transaction and who your mystery benefactor is. Yeah, sure.
Turns out that some other Slate editors received the same targeted attack, so this may very well have been the Syrian Electronic Army trying to take over the Slate site. John OBrien, a spokesperson for Coinbase, wrote in an email that the phishing message had a few warning signs: "[T]here are a few red flags. ‘Hi,’ (not addressed to anyone) and ‘from an external account’ (not from anyone). Additionally the link will not take you to Coinbase.com."
Here are 22 Social Engineering Red Flags (PDF) related to email. Print it out, spread it to as many people as you can, stick it on the wall in your cubicle. STOP LOOK THINK before you click.
