Phishing Scam Targets US Marshals Service Bitcoin Auction List

shutterstock_151954637
4 July 2014

Individuals on the recipients list of the leaked US Marshals Service email to Silk Road auction enquirers are being targeted in a phishing attack, and at least one individual has fallen for the scam.

The Wall Street Journal confirmed that several individuals on the list received phishing emails from the same source. However, not all the individuals on the leaked email recipients list were targeted.

The unfortunate victim of the attack was Sam Lee of bitcoin arbitrage fund Bitcoins Reserve, which lost 100 BTC as a result.

The funds were sent by the firm’s chief technology officer, Jim Chen, after he received what seemed like an email request to do so from Lee. In fact, the funds ended up being sent outside the company to the attacker’s wallet. The transaction can be seen here, according to Lee.

Operational oversight

Lee said that the funds he had been scammed out of were owned by Bitcoins Reserve and that he used personal funds to replace them. He informed Bitcoins Reserve investors about the situation in an email, saying:

“As this attack vector was only successful due to an oversight in operations, the founders of Bitcoins Reserve will compensate the company by injecting an additional 100 Bitcoins to ensure we’re still effectively performing arbitrage for our investors.”

How they did it

The complete procedure for the scam was complicated and extremely sophisticated, but the basic process was as follows.

Lee received an email on 21st June from a certain ‘Linda Jackson’ claiming to represent BitFilm Production, a genuine company based in Germany. Jackson falsely claimed that the firm was assembling a series of interviews about the impending auction for a client.

Jackson then sent Lee a second email containing a link that directed to a file containing the questions for the interviews. This appeared to be a Google Drive document, but was actually a website controlled by the attacker.

The faked page then requested Lee’s email password to gain access to the document, and consequently, when the password was entered, the attacker gained access to Lee’s email accounts.

The scammers finally sent an email, purporting to be from Lee, to various employees requesting funds be sent to an external bitcoin wallet address, and the CTO unsuspectingly complied.

Facts agree

Lee’s version of the story, and the emails from the attacker corroborating it (which CoinDesk has been given access to), mirror the phishing method described in the WSJ article.

The Journal also reported that while BitFilm Production is a real company, it had never attempted to contact the individuals on the leaked email.

The US Marshals Service has since issued a statement, saying that individuals affected by phishing scams should contact the appropriate law enforcement authorities, noting that the FBI dealt with phishing scams in the United States.