Emails purporting to be from international Bitcoin trading service LocalBitcoins have hit email inboxes across the world, attempting to trick users into handing over their login credentials and give hackers access to their Bitcoin wallets.
The scam, picked up by email security company MailGuard, spoofs an email from LocalBitcoins, using the exchange’s branding and compromised email accounts to give the message a sense of legitimacy.
The email tells users the site is currently undergoing maintenance in order to improve the quality of its service and, ironically, to “reduce the rate of spam virus” on the service. Users are urged to verify and update their accounts via a provided link.
“Failure to do so may result in the cancellation of your local bitcoins wallet account,” the scam claims.
When the link is followed, users are taken to a well-designed fake login page for LocalBitcoins, which not only asks for the user’s login for the Bitcoin trading site, but also for their email, providing cyber crims with the elusive double whammy of credential pilfering.
The site also includes a fake Google ‘reCaptcha’ verification tool, likely to give the fake site further legitimacy.
“Through this phishing email scam, cybercriminals are not only exploiting the well-established reputation and huge database of LocalBitcoins users, but also the soaring value of Bitcoin currency,” MailGuard writes.
“At current valuation, 1 Bitcoin is currently worth AUD$5,096 — making the stakes huge for someone who is informed that their entire Bitcoin wallet might just be cancelled. It is this exact fear of losing vast amounts of money that cyber criminals prey on in order to trick recipients to submit their confidential details online.”
For users worried about falling prey to this, or similar email phishing scams, the easiest thing to do is to enable two-factor authentication on any accounts holding sensitive information, or thousands of dollars in cryptocurrency.
Two-factor authentication, or 2FA, requires a second level of authentication when logging into accounts, requiring users to input a unique code from their mobile phone in order to gain access to their account. This means even if your credentials are taken, criminals would be unable to access your accounts without your unique code.
You can help keep SmartCompany free for everyone to read
Small and medium businesses and startups have never needed credible, independent journalism and information more than now.
That’s our job at SmartCompany: to keep you informed with the news, interviews and analysis you need to manage your way through this unprecedented crisis.
Now, there’s a way you can help us keep doing this: by becoming a SmartCompany Supporter.
Even a small contribution will help us to keep doing the journalism that keeps Australia’s entrepreneurs informed.
And it’s not all one-way traffic either. SmartCompany Super Supporters get to dial into our monthly editor’s meeting and attend a monthly, invite-only webinar with a big-name entrepreneur.