LocalBitcoins email scam tries to trick users into handing over thousands in cryptocurrency
Tuesday, February 12, 2019/
Emails purporting to be from international Bitcoin trading service LocalBitcoins have hit email inboxes across the world, attempting to trick users into handing over their login credentials and give hackers access to their Bitcoin wallets.
The scam, picked up by email security company MailGuard, spoofs an email from LocalBitcoins, using the exchange’s branding and compromised email accounts to give the message a sense of legitimacy.
The email tells users the site is currently undergoing maintenance in order to improve the quality of its service and, ironically, to “reduce the rate of spam virus” on the service. Users are urged to verify and update their accounts via a provided link.
“Failure to do so may result in the cancellation of your local bitcoins wallet account,” the scam claims.
When the link is followed, users are taken to a well-designed fake login page for LocalBitcoins, which not only asks for the user’s login for the Bitcoin trading site, but also for their email, providing cyber crims with the elusive double whammy of credential pilfering.
The site also includes a fake Google ‘reCaptcha’ verification tool, likely to give the fake site further legitimacy.
“Through this phishing email scam, cybercriminals are not only exploiting the well-established reputation and huge database of LocalBitcoins users, but also the soaring value of Bitcoin currency,” MailGuard writes.
“At current valuation, 1 Bitcoin is currently worth AUD$5,096 — making the stakes huge for someone who is informed that their entire Bitcoin wallet might just be cancelled. It is this exact fear of losing vast amounts of money that cyber criminals prey on in order to trick recipients to submit their confidential details online.”
For users worried about falling prey to this, or similar email phishing scams, the easiest thing to do is to enable two-factor authentication on any accounts holding sensitive information, or thousands of dollars in cryptocurrency.
Two-factor authentication, or 2FA, requires a second level of authentication when logging into accounts, requiring users to input a unique code from their mobile phone in order to gain access to their account. This means even if your credentials are taken, criminals would be unable to access your accounts without your unique code.
Feel the churn: How to bounce back after losing staff and clients Sue Parker DARE Group founder
“Motivation is a feeling, commitment is a mindset”: Why you should start investing in yourself right now Lisa Stephenson Who Am I Projects founder
How to call your team into action with a winning presentation Emma Bannister Presentation Studio founder
The link between diet and mental health — and how to eat your way to wellbeing Kate Save Be Fit Food co-founder
From interactive videos to AI: The five marketing trends that will dominate 2019 Warwick Boulter Collaboro co-founder
Australia is leading the legaltech revolution, but what does this mean for lawyers, firms and clients? Jodie Baker Xakia founder
Why a video news release needs to be part of your PR strategy Leisa Goddard Adoni Media managing director
Want to catch more customers? Here's how to create a super sales funnel Jovana Vujnic Bumper Leads founder