14 DAY TRIAL // Many cybercriminals are focusing their efforts on digital currency accounts because such operations are less risky, and they could be highly profitable. The best way for cybercrooks to empty digital currency accounts is by phishing out the details of their owners.
Last month, Symantec spotted a scheme in which phishers attempted to convince digital currency users to hand over their credentials by telling them that an account security update was being performed.
“To ensure the integrity of our online transaction system, we periodically review accounts. Your account might be restricted due to numerous login attempts into your online account. […] To lift up this restriction, you need to confirm your online details,” the bogus notice read.
Those who agreed to “update” the security of their accounts were instructed to hand over their name, password, email, and their country of origin currency.
All this information ultimately ends up on a server controlled by the phishers. They can either sell the information on underground forums or use it themselves.
Symantec has not named the company whose users have been targeted. However, it’s important for all digital currency users to beware of such schemes.
Always make sure that you’re on the legitimate website before handing over information or logging in to your account.
Last month, Mt.Gox – the largest Bitcoin exchange in the world – announced that it will be requiring all account owners to verify their identities in an effort to make services more secure, and to prevent the use of the currency for illegal activities.
Following the announcement, experts started spotting several Mt.Gox phishing websites designed to trick users into handing over their information. Some cybercriminals even poisoned search engine results in an attempt to lure internauts to their malicious sites.