The security-as-a-service provider Proofpoint has uncovered a new Bitcoin phishing attack. Based on their research, Proofpoint detected 12,000 messages sent in two separate waves to more than 400 organisations across a variety of industries.
It seems that this phishing attack had non-Bitcoin users actually clicking on the link too as the campaign received a 2.7% click rate, much higher than the percentage of Bitcoin users in the general population. Blockchain.info, the most popular Bitcoin “wallet” web site, reports that since September 2013 the number of “My Wallet” users has grown over 500% to over 2 million users, and daily My Wallet transactions have nearly tripled to over 30,000 transactions per day.
Kevin Epstein, vice president of Advanced Security at Proofpoint commented “Cybercriminals are continuing to improve their odds of success by exploiting human psychology as well as technology. People who had no Bitcoin accounts – no reason to click on the email solicitation – were clicking anyway. It seems likely that attackers were taking advantage of Bitcoin’s recent popularity in the news to engage targeted users’ curiosity.
“This disproportionate click rate is particularly concerning in light of recent multi-variant campaigns – as attackers can rotate payloads, targeting clicking users with DDOS malware, remote access Trojans, corporate credential phish, or other threats. The implications for corporate security teams are significant. Security professionals cannot afford to ignore any phishing emails, even what initially appear to be consumer-oriented campaigns not relevant to professional end users, as such topical phish clearly compels clicks even from users who should have no reason to click.”
