LocalBitcoins email scam tries to trick users into handing over thousands in cryptocurrency

cryptocurrency crypto

South Australian service stations join list of Aussie businesses accepting crypto payments.

Emails purporting to be from international Bitcoin trading service LocalBitcoins have hit email inboxes across the world, attempting to trick users into handing over their login credentials and give hackers access to their Bitcoin wallets.

The scam, picked up by email security company MailGuard, spoofs an email from LocalBitcoins, using the exchange’s branding and compromised email accounts to give the message a sense of legitimacy.

The email tells users the site is currently undergoing maintenance in order to improve the quality of its service and, ironically, to “reduce the rate of spam virus” on the service. Users are urged to verify and update their accounts via a provided link.

“Failure to do so may result in the cancellation of your local bitcoins wallet account,” the scam claims.

LocalBitcoins original

The scam email. Source: MailGuard.

When the link is followed, users are taken to a well-designed fake login page for LocalBitcoins, which not only asks for the user’s login for the Bitcoin trading site, but also for their email, providing cyber crims with the elusive double whammy of credential pilfering.

The site also includes a fake Google ‘reCaptcha’ verification tool, likely to give the fake site further legitimacy.

“Through this phishing email scam, cybercriminals are not only exploiting the well-established reputation and huge database of LocalBitcoins users, but also the soaring value of Bitcoin currency,” MailGuard writes.

“At current valuation, 1 Bitcoin is currently worth AUD$5,096 making the stakes huge for someone who is informed that their entire Bitcoin wallet might just be cancelled. It is this exact fear of losing vast amounts of money that cyber criminals prey on in order to trick recipients to submit their confidential details online.”

For users worried about falling prey to this, or similar email phishing scams, the easiest thing to do is to enable two-factor authentication on any accounts holding sensitive information, or thousands of dollars in cryptocurrency.

Two-factor authentication, or 2FA, requires a second level of authentication when logging into accounts, requiring users to input a unique code from their mobile phone in order to gain access to their account. This means even if your credentials are taken, criminals would be unable to access your accounts without your unique code.

NOW READ: Shark Tank judges Steve Baxter and Janine Allis targeted in fake Bitcoin trading advertisements

NOW READ: Five easy ways to bolster cyber security for your business


Notify of
Inline Feedbacks
View all comments
SmartCompany Plus

Sign in

To connect a sign in method the email must match the one on your SmartCompany Plus account.
Or use your email
Forgot your password?

Want some assistance?

Contact us on: support@smartcompany.com.au or call the hotline: +61 (03) 8623 9900.