The persistent rise of cryptocurrency is changing the Internet in a variety of ways, including the world of cybercrime. Bitcoin and cryptocurrency, in general, have become an attractive target for cybercriminals, because of their soaring value and the ease with which they can be laundered and sold.
The popular bitcoin startup company has been brandjacked by cybercriminals who are sending emails via compromised accounts. Both the sender and recipient fields contain details of the same compromised account used to send the message.
The body of the email advises the recipient that this "message is from local bitcoins" and is directed to “all users who have registered with local bitcoins Wallet.” The recipient is informed that LocalBitcoins is currently undergoing a maintenance exercise and as such, the recipient needs to verify and upgrade their user account via a provided link. They are also advised that failure to do so may result in the cancellation of their account.
Here is a screenshot of the email:
Unsuspecting recipients who click on the link are led to a legitimate-looking copy of the LocalBitcoins webpage. This page looks authentic, and also includes the logo and branding of the actual LocalBitcoins website. There are 4 fields provided on a form for the user to fill in. The first two are for users’ LocalBitcoins’ account ID or email and password. The second two are for the users’ email address and password. A picture of the Google ReCaptcha is included, not the actual ReCaptcha, showing as prefilled.
Here is a screenshot of the page:
Once the user submits this form, they are redirected to the actual LocalBitcoins login page.
Through this phishing email scam, cybercriminals are not only exploiting the well-established reputation and huge database of LocalBitcoins users, but also the soaring value of bitcoin currency. At current valuation, 1 bitcoin is currently worth AUD5,096 – making the stakes huge for someone who is informed that their entire bitcoin wallet might just be cancelled. It is this exact fear of losing vast amounts of money that cybercriminals prey on in order to trick recipients to submit their confidential details online.
It’s also worth noting that cybercriminals have incorporated several measures to convince users of the legitimacy of the LocalBitcoins page. A key example of this is the inclusion of the fake Google ReCaptcha – a safety feature normally expected to be employed by popular organisations and one that provides reassurance to users who may be wary of submitting their personal data.
Saying that however, the body of the email does contain several red flags for users who may be vigilant enough to identify them as tell-tale signs of an email scam. One is the fact that the email doesn’t address the recipient directly by name, and instead goes by ‘Dear Local bitcoin User’. Secondly, the body of the email contains several spacing and spelling errors that would normally not be present in a legitimate notification from LocalBitcoins. These include a mix of lowercase and uppercase letters in a sentence, such as ‘Thanks, And sorry for the inconvenience’.
Why phishing emails are bad for business
Although this fake LocalBitcoins phishing email is primarily targeted towards consumers, cybercriminals also use phishing emails to manipulate employees into surrendering access to a range of sensitive and valuable business information.
This can include access to your corporate usernames and passwords used to access and steal confidential data.
The financial, reputational and litigation costs associated with phishing can therefore be huge, and it’s important that your business takes steps to protect itself.
We recommend that you educate staff on how to spot phishing emails in the event that they infiltrate your email inbox – you can access a range of hints and tips here.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: firstname.lastname@example.org
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.