As bitcoin and ether prices surged in recent months, interest in cryptocurrency has grown. From investors, speculators, entrepreneurs, libertarians, and curious newcomers — a large swath of people have decided to join in on the fun. However, not everyone that has involved themselves in the last few months have done so with good intentions in mind.
Phishing Attacks Increase Following Bitcoin Price Surge
It seems the recent success of digital currency has attracted the attention of the ill-intentioned and criminally-minded.
Apparently, malicious agents have been attempting to benefit from the increased interest in Bitcoin and Ether through phishing and typosquatting tactics. In essence, people have been setting up fake sites with typographically similar URLs to legitimate bitcoin wallet download websites.
These phony sites have not only shared typographically similar URLs to legit sites, but they have been made to look visually the same as the pages they are mimicking.
One such example is that of blocklchain[.]info, a site made to mirror Blockchain.info, a popular bitcoin wallet provider. This particular example was discovered by the cloud-based Israeli security-firm, Cyren, after observing the domain spreading through a pay-per-click advertising scam via Google AdWords.
Many attackers have followed this lead by setting up phishing sites of their own that function in the same way, creating domains that both cryptographically and visually mimic a legitimate site, which if visited bring users to replicas of the real-thing that can trick them into divulging their wallet credentials.
Indeed, quite a few deceptive sites have been discovered since the first one was found by Cyren in early June, including blolkchain[.]com, blockchain-wallet[.]top, blokchain-wallet[.]info, and localbitcons[.]com. Nearly all of them were imitating the Blockchain.info site, and all of them were tied to the same IP.
This same IP, along with similar IPs in range, were investigated by OpenDNS, and it was discovered that they all shared a provider that had three different names over the last year, and has been previously called out for hosting what OpenDNS refers to as “criminal and toxic content.”
The IP space was used to promote child pornography, child modeling, fake merchandise, and a series of phishing sites.
Over 100 different sites have been set-up so far, with most of them being registered on May 26th, 2016. The fact that these sites were registered on or after May 26th seems to suggest that these attacks were at least partially the result of people attempting to benefit from the renewed interest in Bitcoin by exploiting naive or new bitcoinists.
Google has begun tagging these websites as deceptive, warning users of the risks before entering.
What do you think of the recent uptick in phishing attempts? Let us know in the comments below!
Images Courtesy of Threatpost, Shutterstock.