A new phishing campaign is targeting CoinSpot cryptocurrency exchange users in order to steal two-factor authentication (2FA) codes. The threat actors are sending emails from a Yahoo email address, which replicates CoinSpot emails, asking recipients to cancel or confirm a withdrawal transaction.
The researchers who discovered the campaign said “the threat actor observed here been meticulous in obtaining access to lucrative crypto accounts. By playing on the recipient’s fears with carefully crafted steps, it could be easy for targets to perceive this as legitimate.”