In the world of cyber crime, there are two types of criminals. There are the ones who are actually skilled to commit a high level fraud and then there are those low life spammers who target on the gullibility of their victims to execute their little scam. Bitcoin, due to its untraceable nature like cash have attained the curiosity of outlaws from all around.
Several Bitcoin users on Reddit have reported to receive a phishing email from CoinBase which was intended to steal login credentials of the online bitcoin wallet.
Here’s a screenshot of the email with a fake email address associated with CoinBase.
Here’s an image of outbound link with a highlighted address bar:
Who Falls For This?
So, here’s my question. Who is gullible enough not to notice these apparent red flags? Sure, one could argue that there are people in the world who aren’t very cautious by nature. Or maybe, someone could be under the influence of alcohol on an occasion and may fall for this trap. For instance, like this reddit user:
“I fell for it…Hung over from NYE. Oh well…2-form authentication. And now resetting my passwords.”
An Industry Standard
Anyone who have been using email technology is certainly aware of these ‘junk’ emails. After a while, it doesn’t take much to detect an obvious phishing attack. A redditor states:
“I have never ever seen a phishing email that didn’t have at least a couple spelling errors, grammar mistakes, or punctuation flukes. Is crafting a 50 word email in perfect English really that hard? It’s as if they aren’t even trying.”
The obvious grammatical mistakes and spelling errors in the email is a common practice among these phishing attempts. There is enough evidence in the content of the email to believe that this piece of work is not carried out by someone who is very articulate in English. Over recent years, Nigerian scams have gotten a lot of public scrutiny and there have been many attempts to educate the majority of Internet users to verify the address bar of their browser before entering any personal information.
A Community Driven Effort
Bitcoin users are generally more tech-savvy than majority of the Internet users. This becomes conspicuous when there’s a community driven effort to minimize such phishing attacks gaining any fruition. Within few hours after the email, active Bitcoin users on reddit took actions to report this hoax website to Google as spam which resulted in the page being taken down.
Bitcoin’s advocates have been promoting the idea of storing Bitcoins on an offline wallet ever since the beginning. Because the technology allows anyone to be their own bank, it’s recommended not to store large amounts of Bitcoin on third party websites like CoinBase. To this date, there have been massive successful phishing scams using BlockChain.info wallets as a cover. It seems like CoinBase might be the next likely target.