As somebody who works closely with cryptocurrencies, it’s very common for me to receive phishing emails. Of course, we have been accustomed to checking the domain names attached to the email address to check the authenticity of the sender. However, I’m afraid much of the populace still hasn’t adopted this habit. As a result, they fall victim to phishing emails which collect their login details. And the clincher, the email is formatted so that it would look like the two-factor authentication mail we use to protect ourselves. Does this mean this feature has actually backfired?
In the guise of a legitimate authentication email, this method proves to be much more effective in terms of collecting private data than your usual phishing email which use your basic brute force method or alphabet method in illegally gathering your data to be used for malicious and financial purposes. These methods fail because people seem smarter online, and we have been briefed with the dangers of clicking links with questionable landing pages. However, now that these kinds of mail are coated with the idea of security, the concept of data authentication has been tampered with and utilized for the exactly opposite purpose it was conceptualized.
In line with cryptocurrencies, Bitcoin in particular, all the transactions are recorded in a public ledger called the Blockchain, which works as a transparent record of all the transfer of digital coins, coins of which have a highly volatile and fluctuating value, but nevertheless, still an asset. Hence, Bitcoin wallets (or a platform used to digitally store your coins) use the two-factor authentication system in order for the wallet holders to access their coins, send and receive payments, or even purchase goods instantly depending on the accredited partners and merchants the platform provides. This two-factor authentication used to secure the coins is now the projected opening for hackers to acquire login details.
Of course, cryptocurrencies are already a very sensitive subject with its potential innovation that helps both sides of the paradigm – the good and the bad, the merchants and the hackers. Gaining mainstream adoption is already a challenge for them, and if we add the potential security risks with them, not only do we hinder much needed technological advancements; we also alienate ourselves to the true potential that cryptography can offer and influence in our daily lives.
Howbeit, there are a few ways for us to make sure that our authentication mail isn’t phishing at all :
- Make sure to routinely check the sender’s email address to cross-reference the domain name and investigate. This is the most basic and significant way.
- Check the format of the mail. Most of these types of mail copy the formatting of the original with glaring lapses on margins, syntax, and overall UX.
- When using a Blockchain wallet, take note that no authentication emails would be sent unless you’ve entered the ID prior to accessing your wallet directly from the website.
There are many alternatives in keeping track of the two-factor authentication process which varies per platform. As always, it’s still highly advisable to make sure that you are familiar with all the security features offered by your platform, and to make the most out of these features.[su_box title=”About Jay-R Gatdula” style=”noise” box_color=”#336588″]
Jay-R Gatdula is the Marketing Manager at an information security firm, 360CyberSecure, aiming to protect digital assets through risk assessment, data security, mobile security, business continuity, managed security operations, application security, etc. It has industry depth in oil & gas, financial, and healthcare products with certified CISSP, HCISSP, CRISC, CISM, CISA, CIPP. Mr. Gatdula is currently involved with a number of projects in the Bitcoin ecosystem and cyber security.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.