Phishing Attackers Imitate Popular Bitcoin Websites

Bitcoin news website CryptoCoinNews (CCN) was impersonated in a phishing attack on Thursday, August 14, marking the latest in a recent string of attacks impersonating bitcoin-related domain names.

Bitcoin
Photo: Flickr

The attacker registered a similar domain name (cryptocoinznews.com) and proceeded to send emails to potential advertisers while offering special discounted rates. The offer promised to share the target’s website link with CCN’s 56,400 subscribers for the price of one bitcoin (BTC). Upon reporting this attack, CCN compared it to a similar phishing attack imitating CoinDesk, another bitcoin news website.

Ofir Beigel of informative website 99Bitcoins described his encounter with CoinDesk impersonators on his own website. In this case, a fraudulent email offered two advertising options at what Beigel at the time considered to be a reasonably low price. The email provided legitimate CoinDesk information including advertisement timeframes that coincided with the information posted on their website.

Beigel points out in his report that the message was not sent to an existing email address:

As you can see from the recipient line it was sent to the admin address of 99Bitcoins ([email protected]). The thing is, we don’t have an admin address, it was just captured in our inbox since all email directed to 99bitcoins.com are captured.

According to Beigel, it was suspicious that CoinDesk founder Shakil Khan allegedly sent the email in lieu of a sales or marketing employee. Additionally, the attackers sent the message from a generic Gmail address rather than from the CoinDesk domain.

Beigel was nearly through completing a transaction before poor grammar in a final confirmation message tipped him off. He then emailed CoinDesk, who informed him that it was a known attack. They directed him to their webpage warning readers about the impersonation.

Shortly before publishing his account of the attack, Beigel was contacted in a similar fashion by another email imitating popular forum BitcoinTalk. This time Beigel immediately noticed that, while the message’s “From” field listed a legitimate BitcoinTalk domain name, the “Reply To” field was another generic Gmail address. Beigel posted his findings on the BitcoinTalk forum warning readers of the scam.

CCN’s report from August 14 also recalls an ongoing Blockchain.info impersonation. The Blockchain imitation takes advantage of users who enter website names into Google’s search engine rather than typing the full URL into their browser’s address bar.

In this case, the attackers created a sponsored advertisement imitating Blockchain, going so far as to mask their URL as the legitimate Blockchain.info (a feature Google provides all of its AdWords customers).

The misleading advertisement directs users to a separate domain name such as blockchain.info.gwyndara.com.

Multiple individuals alerted Google to the scam and spread news of the misleading advertisement among the Google Chrome community. A Reddit post discussing the false advertisements recommended users take action:

If you press it many times, it should drain their Ads balance. Do it and report the number of times you pressed it.

Unfortunately, the attacker has been repeating its attempts with a series of masked domain names. Blockchain.info has documented the attack and informed its users; information is often the best recourse against malicious phishing attacks that may repeat indefinitely.

Ofir Beigel of 99Bitcoins suggests his readers take certain precautions during bitcoin transactions, saying “I think what I personally take from this story is to make sure I can positively verify the person that I’m sending money to before actually sending it.” He suggests bitcoin buyers and sellers use PGP signatures that are embedded in email messages. These digital signatures provide a unique public key for each transaction that verifies the sender has a valid signature without exposing the individual’s private key.

In addition, Beigel referred to his own “five golden rules” for bitcoin transactions. According to Beigel, the untraceable nature of bitcoins is making them increasingly appealing to scammers. His number one rule is to always verify the credibility of a bitcoin seller. Other tips include comprehensive documentation, waiting for a predetermined number of confirmations before sending bitcoins, keeping money in escrow for large transactions, and never leaving bitcoins at the site of an exchange.