{"id":20765,"date":"2018-01-22T14:32:07","date_gmt":"2018-01-22T19:32:07","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=20765"},"modified":"2020-02-26T11:12:06","modified_gmt":"2020-02-26T16:12:06","slug":"crypto-phishing","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/crypto-phishing\/20765\/","title":{"rendered":"Phishing for cryptocurrencies: How bitcoins are stolen"},"content":{"rendered":"

The recent price rollercoaster of Bitcoin<\/a> and other cryptocurrencies have made this topic incredibly hot. Whereas only a year ago cryptocurrencies were the domain of geeks, now all online media are talking about them, and even TV and radio have joined in. Not a day goes by without fresh reports from the cryptomarkets.<\/p>\n

But scammers too have been quick to smell the opportunity. Indeed, cryptocurrencies have given phishing\u00a0\u2014 the creation of fake sites to steal credentials from unwary users\u00a0\u2014 a new purpose.<\/p>\n

Simple cryptophishing<\/h3>\n

The simplest version of cryptocurrency phishing, aka cryptophishing, involves good old-fashioned spam<\/a> mailings. In this case, such e-mails appear to originate with providers of cryptocurrency-related services \u2014 Web wallets, exchanges, and so on.<\/p>\n

The messages are markedly more detailed and sophisticated than the average phishing e-mail. For example, one might be a security alert saying that someone just tried to sign into your account from such and such address using such and such browser\u00a0\u2014 all you have to do is click the link to check that everything\u2019s OK. The potential victim might even have requested such messages on the cryptowallet site, in which case they will notice nothing untoward.<\/p>\n

\"\"<\/a><\/p>\n

Or it might be an invitation to take a survey about a cryptocurrency event, offering a fairly generous reward for your opinion (say, 0.005 bitcoin, which amounts to about $50\u2013$70 at the current rate). Click on the link, it says, to enter.<\/p>\n

\"\"<\/a><\/p>\n

The result is always the same: The victim is directed to a fake version of the expected cryptocurrency site and asked to enter their e-wallet credentials. Most popular Bitcoin Web wallet sites look quite simple, yet recognizable, which helps criminals to create convincing imitations.<\/p>\n

\"Three<\/a>

Three different<\/em> phishing sites that look like blockchain.info<\/p><\/div>\n

The stakes are pretty high: Hijacking an e-wallet that contains a few decibitcoin isn\u2019t like stealing a piffling e-mail account \u2014 those fetch some 20 cents per bucket on the black market. In e-wallets, criminals see a quick and direct route to some juicy pickings, so they are investing more in phishing messages and making them more plausible.<\/p>\n

Inventive cryptophishing<\/h3>\n

A more intricate cryptophishing scheme was discovered recently that uses some, shall we say, interesting features of Facebook. Here\u2019s how it works.<\/p>\n

    \n
  1. Scammers find a cryptocurrency community and create a Facebook page with the same title and design as the community\u2019s official page. They make the address of the fake page very similar to that of the real one, differing by as little as one letter. Spotting the difference is not so easy, because in Facebook you can set any name for your organization or yourself, and these names are always displayed far more prominently than real addresses.<\/li>\n<\/ol>\n
    \"The<\/a>

    The genuine Facebook page of a cryptoplatform \u2014 and a fake one<\/p><\/div>\n

      \n
    1. The scammers then send phishing messages to members of the real community from the fake page. Personal messages are not suitable for this purpose for various reasons (for example, they can\u2019t be sent to a user on behalf of a page).So the scammers employ an interesting trick: To target someone, they share the victim\u2019s profile photo on their page and tag them there.\n

      The cunning part is that the profile photo is always visible to everyone\u00a0\u2014 and it is not possible to stop someone from sharing it, or tagging you in Facebook \u2014 so the trick is effective even against people who are privacy savvy<\/a>. The only way to stay protected from such activity is to disable notifications<\/a> about tags created by unknown users, pages, and communities.<\/p><\/li>\n<\/ol>\n

      \"\"<\/a><\/p>\n

        \n
      1. The most interesting bit is in the text of the message scammers use to mark their prey. For example, the message might say that the user is one of 100 lucky recipients of 20.72327239 (yes, the figure is that precise) cryptocurrency units for their loyalty to the platform. And, of course, there is a link for getting hold of the coins.Note that the message contains detailed terms and conditions for receiving the reward (a minimum number of transactions on the platform, for example). Coupled with the appealingly exact and not excessively high but reasonable amount (about $100\u2013$200), it all seems plausible.<\/li>\n<\/ol>\n

        \"Some<\/a><\/p>\n

        How to guard against cryptophishing<\/h3>\n

        Lately, the cryptomarket may have resembled a magic money tree, but cryptocurrency services are not charities, and they do not give away money for the fun of it. If someone promises you free cryptocurrency, most likely it\u2019s on the end of a hook.<\/p>\n

          \n
        1. Always check every link very carefully. It\u2019s best not to click on links in messages from Internet services at all\u00a0\u2014\u00a0instead, type in the address of the service in the address bar of your browser.<\/li>\n
        2. Carefully configure your privacy settings to avoid fraudulent schemes in Facebook. See this post<\/a> for details of how to do that. It\u2019s also not a bad idea to configure Facebook notifications\u00a0\u2014\u00a0we have a post about that<\/a> too.<\/li>\n
        3. Use an antivirus solution with dedicated antiphishing protection. Kaspersky Internet Security<\/a> is one such solution.<\/li>\n<\/ol>\n\n","protected":false},"excerpt":{"rendered":"

          If someone offers cryptocurrency for nothing, remember the only free cheese is in a mousetrap. Here\u2019s what\u2019s really going on.<\/p>\n","protected":false},"author":421,"featured_media":20766,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2683],"tags":[374,1035,2640,20,76,240],"class_list":{"0":"post-20765","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-bitcoin","10":"tag-blockchain","11":"tag-cryptocurrencies","12":"tag-facebook","13":"tag-phishing","14":"tag-spam"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/crypto-phishing\/20765\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/crypto-phishing\/12258\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/crypto-phishing\/10179\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/crypto-phishing\/14449\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/crypto-phishing\/12678\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/crypto-phishing\/12355\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/crypto-phishing\/15164\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/crypto-phishing\/14938\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/crypto-phishing\/19495\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/crypto-phishing\/9959\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/crypto-phishing\/8816\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/crypto-phishing\/15732\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/crypto-phishing\/9210\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/crypto-phishing\/19300\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/crypto-phishing\/19400\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/bitcoin\/","name":"bitcoin"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/20765","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/421"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=20765"}],"version-history":[{"count":11,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/20765\/revisions"}],"predecessor-version":[{"id":33772,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/20765\/revisions\/33772"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/20766"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=20765"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=20765"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=20765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}