LocalBitcoins email scam tries to trick users into handing over thousands in cryptocurrency
Tuesday, February 12, 2019/
Emails purporting to be from international Bitcoin trading service LocalBitcoins have hit email inboxes across the world, attempting to trick users into handing over their login credentials and give hackers access to their Bitcoin wallets.
The scam, picked up by email security company MailGuard, spoofs an email from LocalBitcoins, using the exchange’s branding and compromised email accounts to give the message a sense of legitimacy.
The email tells users the site is currently undergoing maintenance in order to improve the quality of its service and, ironically, to “reduce the rate of spam virus” on the service. Users are urged to verify and update their accounts via a provided link.
“Failure to do so may result in the cancellation of your local bitcoins wallet account,” the scam claims.
When the link is followed, users are taken to a well-designed fake login page for LocalBitcoins, which not only asks for the user’s login for the Bitcoin trading site, but also for their email, providing cyber crims with the elusive double whammy of credential pilfering.
The site also includes a fake Google ‘reCaptcha’ verification tool, likely to give the fake site further legitimacy.
“Through this phishing email scam, cybercriminals are not only exploiting the well-established reputation and huge database of LocalBitcoins users, but also the soaring value of Bitcoin currency,” MailGuard writes.
“At current valuation, 1 Bitcoin is currently worth AUD$5,096 — making the stakes huge for someone who is informed that their entire Bitcoin wallet might just be cancelled. It is this exact fear of losing vast amounts of money that cyber criminals prey on in order to trick recipients to submit their confidential details online.”
For users worried about falling prey to this, or similar email phishing scams, the easiest thing to do is to enable two-factor authentication on any accounts holding sensitive information, or thousands of dollars in cryptocurrency.
Two-factor authentication, or 2FA, requires a second level of authentication when logging into accounts, requiring users to input a unique code from their mobile phone in order to gain access to their account. This means even if your credentials are taken, criminals would be unable to access your accounts without your unique code.
The art of business drinking: How to make deals, networks and friends Ian Whitworth Scene Change co-founder
Bridging the gap: Why regular customer surveys are key to good business Sonia Majkic 3 Phase Marketing co-founder
Six reasons every workplace should have a resident dog Michael Tiyce Tiyce & Lawyers principal
How we created an engaging online course with a 91% completion rate Emma Green Your CEO Mentor co-founder
Five things to consider before you launch a family business Monique Bolland Nuzest co-founder
Why Australian businesses are the new owned media moguls Jonathan Hopkins Marketing