A fresh phishing campaign targets CoinSpot cryptocurrency exchange users. The campaign relies on a theme revolving around withdrawal confirmations. The goal of the campaign is to steal 2FA codes.

How it works

The criminals distribute emails from Yahoo addresses, imitating authentic emails from CoinSpot. The emails ask recipients to confirm or deny a withdrawal transaction.

Corresponding phishing content includes information about transaction amounts and Bitcoin wallet addresses; components designed to enhance the seeming legitimacy of the attack.

Any clicks on links in the email direct victims to a phishing landing page. The page clones the CoinSpot login page and uses a spoofed domain name.

Why it matters

Experts report that the email style comes across as authentic. A Bitcoin address was cleverly included to add a sense of legitimacy. However, users can potentially identify the scam by hovering over the in-text email links ahead of clicking. Both links direct users to the same SendGrid hyperlink.

Other tactics used

To increase the authentic appearance of the phishing page, hackers added a digital certificate -complete with a lock symbol- to the page’s URL bar. This was intended to help fool users into believing that they had reached the CoinSpot site.

The malicious landing page prompted users to enter account details. Once victims enter account details, they receive a two-factor authentication screen. Upon inputting a 2FA code, victims see redirects to the official CoinSpot website, which helps hackers limit suspicion.

Afterwards, attackers can apply the account credentials to a legitimate login page and can take control over a victim’s account. Attackers have been observed taking over accounts in real-time.

Keeping crypto secure

The excitement around the cryptocurrency space has led to an influx of inexperienced and uber-trusting users. Hackers see this as an opportunity. Cryptocurrency exchanges recommend that users take the following steps to keep accounts secure.

  • Consider using a separate email address for your cryptocurrency account.
  • Avoid clicking on any links or attachments that you have not specifically asked for.
  • Delete suspicious emails.
  • Use complex passwords to secure your account. Consider using a password generator.
  • Activate 2FA wherever possible and do not share 2FA information with other users.

To secure the coins themselves

  • Consider storing coins and tokens on your own private cold storage device.
  • Do not send coins or tokens to unknown, suspicious, or non-verified persons, as transfers typically cannot be undone.
  • Anyone who promises exceptional returns on investments is likely going to steal your money. Avoid these persons.

To secure devices

  • Do not provide others with remote access to your devices.
  • Ensure that apps and software are up-to-date by seeing to it that they are updated to the latest versions.

In conclusion

Cryptocurrency investors should exercise caution around unsolicited communications, taking care to securing accounts, coins and devices.

For more information about protecting cryptocurrency investments, see this article. Also, be sure to see CyberTalk.org’s past cryptocurrency coverage pertaining to Google Ads.

Lastly, to learn more about managing cyber risk in a rapidly changing world, please join us at the premiere cyber security event of the year – CPX 360 2022. Register here.