Bitcoin Phishing : The Next Wave -Open Dns

[Patatas]

The OpenDNS research team conducted an investigation into the latest phishing campaign trends. Get into the details here

->  https://blog.opendns.com/2016/09/15/bitcoin-phishing-next-wave/

Quite detailed information about the recent phishing activities including the Bitfinex Hack!

[RodeoX]

This is a growing issue. 

I have been getting some attempts that look more like spearfishing than random mass emailing operations. Keep your coins tight brothers!

[Patatas]

This is a growing issue. 

I have been getting some attempts that look more like spearfishing than random mass emailing operations. Keep your coins tight brothers!

Correct.The reason I posted the topic is to make people aware of this chart.You can see how the sequences of events have taken a turn around in the same period of time.Security is a much ignored topic with rising bitcoins usage.I still see a lot of members having their wallets and savings stored on exchanges and third party websites.Social awareness is equally needed.

[BitcoinNewsMagazine]

Thanks for this. With hardware wallets so cheap now there is no excuse for leaving bitcoin on an exchange unless you are in a trade. Same goes for web wallets.

[mobnepal]

Have got several phising emails with blockchain in the name and also same webpage for login. Better to always check the domain and SSL certificate, recently i have also seen paxful phishing site but domain name was not identical. I have also seen some guy in this forum lossing bitcoin to bitmixer clone site. Phising bitcoin related sites is like trend now because it will be easy for them to withdraw bitcoin and run away being anonymous.

[unamis76]

Interesting article. Not much to add. I can only say that fortunately I haven't been the target of phishing attacks. Only once, for a website I don't even have an account in

[shovon234]

Have got several phising emails when blockchain in the make known and moreover connected webpage for login. Better to always check the domain and SSL endorse, recently i have moreover seen paxful phishing site but domain declare was not identical. I have along with seen some guy in this forum lossing bitcoin to bitmixer clone site. Phising bitcoin related sites is considering trend now because it will be easy for them to desist bitcoin and control away creature anonymous.

[eternalgloom]

From our previous investigations, we’ve seen that Bitcoin phishing campaigns are also delivered via legit google Adwords and Yandex ads redirecting to Bitcoin phishing. We searched for “buying Bitcoin” on google around August 18th, and we picked a few phishing sites in the returned results. One example is blockchln[.]info resolving to 143.95.239.55 which hosts a large number of other phishing sites targeting Paypal and Bitcoin wallets, Bitcoin mixers and sites selling fake European Union, Ukrainian, and Russian passports. - See more at: https://blog.opendns.com/2016/09/15/bitcoin-phishing-next-wave/#sthash.goJN6ml5.dpuf

I found this pretty interesting as well, not really something I would expect actually and it's something one might fall for if they were not aware of this.

I don't have a habit of searching on Google for the website I need to access, but it's something I've noticed my friends doing quite often.
For example by typing the name of a website in the address bar of their browser and just clicking a result on Google.

Doesn't Google check the websites that make use of Adwords? Are the malicious ones removed regularly at least?

[calkob]

thanks for the heads up i have had a few attempts at spoofing blockchain.info recently.   

[Milkduds]

The evolution of bitcoin is going to attract more hackers to the field as we go forward,especially knowing that very few users fully understand bitcoin. The room for exploitation is quite vast for some one that is looking to make money off the backs of others. Comparable to hackers shifting to Mac users now I would think.
Stay diligent and we should be alright and adapting as the borders shift around us.

[jhenfelipe]

Nowadays there are lots of phishing activities out there. We really need to be aware and extra careful of the sites we visited. Sometimes there is a one letter different in the URL that if we won't recognize we can be a victim. I encounter a phishing site before on a Bitcoin group at Facebook offering some free bits, and since I'm aware of it, I haven't been a victim. The site uses an unfamiliar domain (I search it and yes, it's a phishing site), I click it just out of curiosity. It requires me to log in to my gmail account, the interface is not as good as the original gmail log in form so it's really obvious. What I did was put a fake gmail username & password and after that, the site loads then nothing happened. I think the account details had been recorded on their database and they will try to hack the email. Afterwards, they can also hack all of the accounts verified with the email including online BTC Wallet.

[Wind_FURY]

Maybe the Brave browser should start black listing or start giving out warnings to unknown Bitcoin services by default to prevent these phishing attacks. They should start working with these services so that they could create a Bitcoin browser that is safe that will help prevent theft especially for the newbies who can be quite gullible.

[Shiroslullaby]

Its really smart to see Coinbase register domains like co-inbase.com
Tons of people get scammed by a simple typo, visiting a phishing site cloned to look like the real site.
This is a smart business strategy that any big website should be doing. Very easy to protect their customers for a few dollars a month by registering the domain and re-directing to the main website when someone makes a typo.

[marleybobthedog]

Phishing is very undetectable for kid user they might not be aware of the url and could post their username password and could become a victim of hacker. So user should first check the url before posting and sort of user authentication detail.

[ObscureBean]

Well since Bitcoin requires an internet connection to work, phishing will always be a concern. Not much that can be done about this other than being careful. Online wallets do provide an extra layer of protection though with 2FA. It's of course not bulletproof but it certainly makes it harder for people to gain control of your account and access your coins.

[Kakmakr]

I do not copy and paste my URL's and I store the majority of my coins in cold storage. Almost 80% of my coins are stored on paper wallets and the <mobile> coins, or that is what I named them, are stored on a hardware wallet. <Trezor> They can Phish away, but I am not biting on those hooks. ^smile^

My advice is simple, buy a Trezor and do not store large amounts of coins on exchanges or online wallets. ^smile^

[Patatas]

Its really smart to see Coinbase register domains like co-inbase.com
Tons of people get scammed by a simple typo, visiting a phishing site cloned to look like the real site.
This is a smart business strategy that any big website should be doing. Very easy to protect their customers for a few dollars a month by registering the domain and re-directing to the main website when someone makes a typo.

I agree.Sad part is,even though the phishing websites are reported everyday,the official businesses don't take them off the web.I've reported blockchain.info's phishing links like 10 times to their support,sadly nothing was done about it.Even after 3 months,the domains are still live.

[szpalata]

Its really smart to see Coinbase register domains like co-inbase.com
Tons of people get scammed by a simple typo, visiting a phishing site cloned to look like the real site.
This is a smart business strategy that any big website should be doing. Very easy to protect their customers for a few dollars a month by registering the domain and re-directing to the main website when someone makes a typo.

I agree.Sad part is,even though the phishing websites are reported everyday,the official businesses don't take them off the web.I've reported blockchain.info's phishing links like 10 times to their support,sadly nothing was done about it.Even after 3 months,the domains are still live.

I agree with you, phishing is gradually taking center stage in all Internet fraud activities. I have been phished before but luckily it was just at Facebook login and didn't hurt that much but until website hosting companies take down clone or forked sites their operations will continue and might get out of hand in afraid.