Bitcoin has become the most valued financial instrument as it continues to put up a strong performance while other major currencies and markets are registering a slump following the Brexit results. As the value of the digital currency continues to increase, so are the number of phishing scams run by cybercriminals looking for ways to make a quick buck.
In a recent blog post, the OpenDNS Security Labs has reported an increase in the number of phishing attempts, targeted towards bitcoin wallet users. These phishing campaigns involve criminals hosting fake websites that are similar to the genuine ones with the intention of defrauding the users. By directing traffic to the fake website, they hope for unsuspecting users to leave their login credentials on the phishing site. The login credentials will then be used to gain control of their accounts at a later time.
The most recent target of phishing attacks is the leading bitcoin wallet service provider Blockchain.info. OpenDNS reports that the first case of phishing attempt was noticed by Cyren, a cloud-based internet security solutions company. Cyren (NASDAQ: CYRN) detected blocklchain.info mimicking the blockchain.info site and the phishing page was being promoted on Google AdWords to drive traffic to the page. Whenever somebody searched for ‘blockchain’ the sponsored result linking to blocklchain.info used to appear on the top. Any unsuspecting user would have blindly clicked on the top link to find themselves on a fake site.
The NLPRank model used by OpenDNS to detect phishing attacks is said to have detected other domains blockchain-wallet.top and blolkchain.com on the 9th and 13th of June 2016 respectively. Both the domains were found to be hosted on the same IP – 126.96.36.199 belonging to an offshore bulletproof hosting service provider formerly known as Ecatel. OpenDNS has published a list of domains hosted on the servers in the following IP range. The list includes numerous phishing URLs targeting blockchain.info and Local Bitcoins.
Ecatel, which was earlier registered in Netherlands has a history of hosting illegal content and launching DDoS attacks. It was also subject to investigation. The company has since then changed its location and name to operate as QuasiNetworks from Seychelles. QuasiNetworks being the host for these bitcoin phishing sites doesn’t come as a surprise. While most of these sites are currently inaccessible, it is still advisable for users to make sure they are on the right website by verifying the URL of the webpage and look for the “https” sign on the address bar denoting a secure page.
Phishing attacks are a common occurrence, but users can protect themselves by being on a lookout for tell-tale signs that scream out “Phishing” while using the internet.
Ref: OpenDNS | Image: Blockchain.info