14 DAY TRIAL // The curiosity over crypto-currrency generated unexpected results in the case of a Bitcoin credential phishing campaign, with a click rate higher than the recorded amount of users working with this type of digital money.
Proofpoint, a company providing service-as-a service solutions, detected that the 12,000 messages part of this campaign received a 2.7% click rate, which is more than the percentage of Bitcoin users in the general population.
This means that in some cases the link pointing to the phishing website was accessed even by users with no Bitcoin accounts, probably out of curiosity about the digital currency.
The emails were sent in two separate waves, and reached individuals working in over 400 organizations, which included higher education, financial services, high tech, media and manufacturing.
“The broad nature of this campaign was surprising, since most other Bitcoin phishing attacks have targeted known Bitcoin users,” Proofpoint writes in a blog post.
The company says that in most cases attackers rely on lists of known Bitcoin users in order to increase the chances of success, but this time they seem to have extended their reach.
Emails used in the campaign follow the classic phishing recipe, alerting of a suspicious sign in attempt, from a user located in China. To make sure that the account stays secure, a password reset is recommended, and the link to doing this is provided at the end of the message.
The messages purport to come from Bitcoin exchange website Blockchain.info and even provide a case number for the recorded incident, to make the email believable.
If the potential victims access the password reset link, they will automatically land on a phishing site impersonating the Blockchain log-in page; any information entered in the fields is sent directly to the phishers. To mask the deceit, after the details are delivered to the crooks, the victim is displayed an error message.
“Once equipped with this information, the attackers can login to the user’s real Blockchain.info account and send bitcoin to any wallet they want. Because Bitcoin transactions are by design irreversible and difficult to trace, the victim has almost no recourse for their loss,” says Proofpoint.
This type of campaign is generally used for collecting banking credentials, but it appears that if the Bitcoin theme is applied, a higher rate of success is recorded.
It proves that malicious campaigns can have significant impact with little effort from cybercriminals. This can also be leveraged for delivering different types of malware, and considering the organizations this operation targeted, the risks could turn out to be costly from a company perspective.
