Bitcoin’s Popularity Boosts Phishing Scam Success

phishing
22 August 2014

Bitcoin has fired the public imagination so intensely that even non-bitcoin users are falling for phishing scams that dangle the prospect of cryptocurrency riches in front of them, according to new research from digital security firm Proofpoint.

Proofpoint found that thousands of phishing messages disguised to look like emails from a Blockchain wallet were sent to addresses with no direct link to bitcoin. This is a departure from typical bitcoin phishing attacks that target known and active cryptocurrency users, according to the security firm.

The new attacks yielded a “staggeringly high” response rate of 2.7% from victims, suggesting that members of the general public were sufficiently attracted by a bitcoin lure to click on the malicious links.

Kevin Epstein, vice president for advanced security and governance at Proofpoint, said:

“Imagine a phish touting automobile insurance that was sent to non-car owners – the fact that anyone clicked, much less 2.7%, is startling testament to human weakness and the intrigue around bitcoin.”

Companies and organisations hit

The Proofpoint research found that 12,000 messages were sent to more than 400 large companies and organisations across a range of industries, including finance, media and manufacturing, in two “waves” of attacks on 13th and 14th August.

The firm declined to name any of the targeted organisations, citing confidentiality agreements, but said they included one of the world’s largest financial institutions, a Japanese automotive manufacturer, two major American universities and three of the biggest international healthcare organisations.

The malicious messages were made to look like an automated email from wallet provider Blockchain, alerting the recipient that there had been an unauthorised attempt to open the wallet.

The recipient is asked to reset their wallet password by clicking a link which brings the victim to a log-in screen that seems identical to the Blockchain wallet page. Any wallet details submitted through this fake log-in page are transmitted to the scammers, who can use them to access the victim’s wallet.

The malicious e-mail mimicking a Blockchain.info wallet security alert. The malicious email mimicking a Blockchain wallet security alert.

 

While the attack would only be profitable if it tricked an actual Blockchain wallet user, Epstein said that the high click-through rates, which have been better than for benchmark rates for marketing communications like email newsletters, suggest that even non-bitcoin users knew enough about cryptocurrency to be lured by the prospect of gaining access to some potentially lucrative bitcoins.

“It’s a staggeringly high click-through rate given the relative percentage of recipients who would have been bitcoin holders,” Epstein said.

‘Topical news’ approach

Proofpoint noted that the phishing attack’s employed a straightforward ‘account warning’ template that is simple yet highly effective.

The phishers also played on current fears over hackers from China by framing their initial message as a security alert over an unauthorised log-in attempt originating from Sichuan province in western China. That province’s technical university has made headlines as a possible proving ground for state-sponsored elite hackers.

Epstein said this was the “topical news” approach to phishing, which had been recently deployed in other attacks that used this summer’s World Cup as cover.

“Topical news is always effective. We have seen and will likely continue to see ‘Chinese hackers’ as an element,” Epstein said.

The research did not uncover the attacker’s identity, although Epstein said that the attacks appeared to be purely profit driven, which ruled out organised crime or industrial espionage.

He warned that the method of attack held rich potential to inflict greater damage in future, particularly if they were used to deploy trojan horses, which is software that performs unauthorised actions on your computer, or ransomware, which blocks a victim’s access to a computer until a ransom is paid.

Phishing Image via Shutterstock