Bad News for All: Bitcoin Phishing Is on the Rise

 

OpenDNS Security Labs has found over one hundred bogus blockchain and Bitcoin and websites that pretend to be reputable Bitcoin wallets, and that try to steal users’ credentials. 

The security experts discovered the malicious IPs shared a provider with three separate names that hosted harmful and unlawful content. Three offshore hosting companies employed the company’s IP range to sell fake goods, pornography, and phishing websites that relate to Blockchain and iCloud.

Security experts studied Whois registration data and domain names to identify six unique email addresses utilized register Blockchain.info fake websites. This made it clear how often crooks upgrade their infrastructure, making it noticeable how heavily they depend on offshore web hosts to spread malicious software and phishing campaigns.

The websites, the majority of which were registered on May 26, keep appearing, implying the campaign is in its active phase and goes on.

Experts track connections

Researchers could determine interrelations between IP addresses, name servers, and Whois data over the last couple of weeks to figure out the campaign’s scope.

A security company from Israel called Cyren, stumbled on the campaign at the beginning of June by noticing the Blockchain.info website distributing via a PPC promotion by Google AdWords. End users are fooled into coming to the site, logging in and passing their Blockchain credentials to the fraudsters.

OpenDNS discovered a phishing attack at Blockchain-wallet.top soon after Cyren published its investigation. They also found a website that appears to be much like the genuine Blockchain.info website.

The website that OpenDNS uncovered resembles the design of Blockchain’s one and is reported to be still online and active. Google has labeled it as a fraudulent website and informs visitors it still could be utilized to users to disclose their private information.

Even more dubious websites

Later on, experts discovered a masqueraded URL Blockchain.com related to the same IP. Experts analyzed its IP and other associated IPs. They found a large number of doubtful websites that mimic the design of localbitcoins.com and blockchain-wallet.info.

Bitcoin addresses should always be varified at Base58Check to be sure they are legitimate.

The phishing websites the experts discovered make use of typosquatting, which happens when online surfers put in a website address into their web browser, make typos and are redirected.

The cybercriminals illustrate a strong knowledge of Bitcoin defense technologies and are aiming to beat them.

OpenDNS blocked the dangerous IP ranges for its clients. Heading forward, wallet providers should enhance their protection to reduce typosquatting and phishing attacks.

The boost in ransomware infections, which always raise demands for Bitcoin transactions, might be related to the growing Bitcoin price.

Drive Retail Profitability
Winklevoss Bitcoin Trust Moves Filing to BATS Exch...

Related Posts

 

Comments

Already Registered? Login Here
No comments made yet. Be the first to submit a comment