Bitcoin a new frontier for phishing
There are plenty of new phishing campaigns in 2014. These mostly follow an established track of obtaining user credentials via bogus emails with a link to a phishing site. Alternatively, the emails contain a file that will (if opened and run) install malicious software on the victim PC. Recently, a new threat has started to emerge in the form of bitcoin phishing emails.
Giving a detailed description of bitcoin works is beyond the scope of this post. However, a potted explanation of bitcoin, block chain and bitcoin mining is available at bitcoin. Basically, users can access a publically available database known as a block chain. The block chain database is global; no country owns it. In return for offering processing power on their PC, a user can be paid a unit, commonly known as a bitcoin. Bitcoin is sometimes called a crypto currency.
Bitcoin users have an application called wallet software installed on their mobile devices (be it laptop, tablet or mobile) where they can store bitcoins. Use of bitcoin to pay for services and goods is admittedly small compared to conventional currency, but it is growing.
With the growth in bitcoin, it’s not surprising that phishing attempts are also starting up. In one particularly well publicised case this year, an employee of a Melbourne based bitcoin company lost around USD$60000 (the equivalent of 100 bitcoins). The attack followed the normal route; the scammers sent a phishing email. An unfortunate sequence of events then led to the criminals gaining access to the victim’s login credentials. The criminals were then able to transfer the money (in bitcoins) to themselves.
As bitcoin is still in its infancy, it’s likely that phishing emails designed to lure members of the public who aren’t familiar with bitcoin will rise in frequency. Even users who are familiar with bitcoin and use it regularly are still vulnerable. There is malware that, if installed on a victim PC, can steal bitcoins. Malware can steal bitcoins because it can steal the private keys used to access a bitcoin wallet.
Phishing emails for bitcoin in particular require the user to be vigilant. Don’t click on links, verify email attachments are genuine, and keep anti-virus software up to date. And, to complete the defence, use an email filtering solution that can screen out potential phishing emails.