A company providing service-as-a service solutions, detected that the 12,000 messages part of this campaign received a 2.7% click rate, which is more than the percentage of Bitcoin users in the general population.
“The broad nature of this campaign was surprising, since most other Bitcoin phishing attacks have targeted known Bitcoin users,” Proofpoint writes in a blog post
Emails used in the campaign follow the classic phishing recipe, alerting of a suspicious sign in attempt, from a user located in China. To make sure that the account stays secure, a password reset is recommended, and the link to doing this is provided at the end of the message.
If the victims access the password reset link, they will automatically land on a phishing site impersonating the Blockchain log-in page; any information entered in the fields is sent directly to the phishers. To mask the deceit, after the details are delivered to the crooks, the victim is displayed an error message.
“Once equipped with this information, the attackers can login to the user’s real Blockchain.info account and send bitcoin to any wallet they want. Because Bitcoin transactions are by design irreversible and difficult to trace, the victim has almost no recourse for their loss,” says Proofpoint.
This type of campaign is generally used for collecting banking credentials, but it appears that if the Bitcoin theme is applied for good success. It proves that malicious campaigns can have significant impact with little effort from cybercriminals.