Bitcoin Phish

Posted on

Here’s a type of phish I haven’t seen before. It intends to make the victim believe they opened some sort of a Bitcoin mining account a year ago that has since accumulated several thousand dollars, and uses that as bait to get information from the victim.

Here’s the email:

The link as shown is rewritten by Proofpoint to go to their URL Defense URL so they can keep victims from getting to the phishing site once Proofpoint discovers the fraudulent email. Clicking on an unprotected link gets you to this page:

The page shows what looks to be a large number of small transactions that have built up to the range of $30,000.
It also has a scrolling box of text, appearing to be other users chatting about how surprised they are about the money coming to them.
The victim can type a message in but in the time I watched, I never got a response.
Clicking on the link for support brings up a chat window.
The window is grayed out while support searches for your account.
They eventually find your account and you’re provided a button to fill out the form to receive your funds.
Clicking the button brings you to a page asking for your credit card or Bitcoin wallet number.

I didn’t go any further than this but I would imagine providing a credit card will result in your card being used fraudulently and likely sold on the dark web. Providing your Bitcoin wallet will likely lead to a prompt for your passphrase.

I would hope that anyone that has a Bitcoin wallet would know enough about this to not fall for this trick but someone that doesn’t have one might not know any better and provide a credit card to receive the funds.

–Matt

Leave a Reply

Your email address will not be published. Required fields are marked *