Complex Bitcoin Phishing Scheme Leads Back to Rogue Web Hosting Firm

Researchers have discovered a complex phishing scheme aimed at collecting user credentials from various Bitcoin-related services which under a closer scrutiny led back to a known bulletproof hosting firm. IT Security Experts commented on this research below.

David Jevans, Vice President of Mobile Security at Proofpoint:

“Bitcoins are largely untraceable and can be transferred to any country and any currency without going through banks which is why hackers are going after them. Stealing bitcoin wallet or exchange passwords is equivalent to stealing cash. Once the bitcoins are sent from the wallet, there is no way to get them back.

Victims are sent a phishing email, that pretends to be their online wallet or bitcoin exchange service, to reset their password, receive a transaction or read an updated privacy policy. Once they log into the phishing site, the phishers then log into the actual online bitcoin wallet, change the password and send the victim’s bitcoins to the attacker. Anyone who uses online bitcoin wallets or exchanges such as Coinbase, Kraken and Bitstamp is a potential target.

Individuals and organisations can guard against such attacks by using two factor authentication (e.g. a text on your cellphone as well as your password) to log into your online bitcoin wallet or bitcoin exchange account. If the service you use does not offer two factor authentication, consider changing to a different service.”

Bryan Burns, Vice President of Threat Research at Proofpoint:

“The very characteristics of bitcoin that make it so popular (that it is largely anonymous and untraceable, and not controlled by any government or financial company) make it equally appealing to thieves. Unlike your bank account, which is actively monitored by your financial institution to guard against fraud, and has many checks and safeguards to keep your money safe, bitcoins really are much more like cash in a wallet. Much easier to steal, impossible to recover, and much less likely to be detected and prosecuted. Couple that with the fact that most underground services are paid for using bitcoin (meaning the threat actors are both savvy with bitcoins, and have lots of things to spend their bitcoins on) makes bitcoins a very tempting target for theft.”