A new tactic where waves of Bitcoin wallet phishing emails are targeted at corporations has proved a success for the criminals behind it - with nearly 2.7% of victims clicking on the malicious link embedded in the two waves of 12,000 emails. Previous Bitcoin wallet phishing campaigns usually targeted known lists of Bitcoin users.
Proofpoint, which monitored the attack, said people who did not use Bitcoin wallets clicked on the emails as well as users of the cryptocurrency, which were sent in two separate waves directed at organizations across various industries.
Proofpoint said that the high success rate proved how much the hype behind the Bitcoin wallet had caught the imagination of the general population.“Unregulated and designed for anonymity, Bitcoin represents an attractive, $6.8 billion target to cyber criminals," Proofpoint said.
Bitcoin Wallet: 'Attractive target'
The Register’s John Leyden reported, “This high click-through rate is a concern because crooks could easily switch from Bitcoin scams to targeting curious users with DDoS malware, remote access Trojans, corporate credential phish, or other threats.”
Anti-phishing firm Cloudmark commented on The Register’s report that the relatively low volume campaign had not been effective at avoiding spam filters - and thus was likely the work of “inexperienced spammers.”
The emails took the form of fake “account warning” emails, except using the Bitcoin wallet site Blockchain instead of banks or online payment services. The warning described a failed login attempt “originating in China”. As soon as victims clicked they were directed to a fake version of the Blockchain site, which includes a Bitcoin wallet.
Unlike with many banks and credit cards, there is little protection for Bitcoin users who have had their currency stolen - hence the many, many campaigns targeted at them.
Exploiting human psychology
The phishing campaign follows a fairly straightforward “account warning” template, using the Bitcoin site Blockchain.info instead of the usual bank or online payment service names. Prospective marks were falsely warned about a failed login attempt originating in China, attempting to create a sense of urgency by capitalising on popular fears over Chinese hacking.
Kevin Epstein, vice president of Advanced Security at Proofpoint said, “Cybercriminals are continuing to improve their odds of success by exploiting human psychology as well as technology. Proofpoint’s research team recently observed a startling example of these ‘human factor’ exploit tactics in a campaign nominally targeted at stealing Bitcoin access credentials”
“People who had no Bitcoin accounts – no reason to click on the email solicitation – were clicking anyway. It seems likely that attackers were taking advantage of Bitcoin’s recent popularity in the news to engage targeted users’ curiosity.
“The implications for corporate security teams are significant. Security professionals cannot afford to ignore any phishing emails, even what initially appear to be consumer-oriented campaigns not relevant to professional end users, as such topical phish clearly compels clicks even from users who should have no reason to click.”