Fascinating Phishing Attack On Bitcoin Auction Bidders



Bitcoin Phishing AttackEver hear of CoinDesk? They are a news site about pricing and other info about digital currencies. They reported a fascinating phishing attack on a list of auction participants.

A member of the US Marshals screwed up and sent information to everyone using CC instead of BCC. That revealed all the parties attempting to bid on the bitcoin seized during the raid on the Silk Road marketplace.

Scammers have been making hay with the list. At least one recipient fell for the scam. Bitcoin Reserve, an Australian bitcoin arbitrage fund, lost 100 bitcoins after co-founder Sam Lee did click on the fake link.

The hackers sent a very clever 4-stage phishing attack. 1) Lee received an email on 21st June from a certain ‘Linda Jackson’ claiming to represent BitFilm Production, a genuine company based in Germany. Jackson falsely claimed that the firm was assembling a series of interviews about the impending auction for a client.

2) "Jackson" then sent Lee a second email containing a link that directed to a file containing the questions for the interviews. This appeared to be a Google Drive document, but was actually a website controlled by the attacker.

3) The faked page then requested Lee’s email password to gain access to the document, and consequently, when the password was entered, the attacker gained access to Lee’s email accounts.

4) As the last step. the scammers sent an email, looking like it was from Lee, to various employees requesting funds be sent to an external bitcoin wallet address, and the Bitcoin Reserve CTO unsuspectingly complied. OUCH.

As we all know, bitcoin transaction cannot be reversed. That means you can expect this type of scam to happen more and more often. Another reminder to THINK BEFORE YOU CLICK! Here is the whole story:
http://www.coindesk.com/phishing-scam-targets-us-marshals-service-bitcoin-auction-list/




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews