LONDON (InsideBitcoins) — Internet jargon often takes time to spread from niche to popular culture and though the term phishing is not quite in the public domain as of yet, it’s certainly on its way to popular acceptance. Simply put, phishing is an attempt to acquire sensitive data such as passwords, credit cards — and nowadays bitcoin wallet data.
Blockchain.info, the most popular bitcoin wallet provider, now claims over 2 million users and more than 30,000 transactions daily. In an industry accounting for a combined value of close to $7 billion it was only a matter of time before concerted attacks on individual bitcoin wallet accounts escalated to a point where they became a genuine concern.
Proof Point, a company that specialises in the protection of sensitive business data, has produced some startling figures on the severity of attacks made upon two separate types of users, lists of known and therefore bitcoin savvy users, and people who might have heard of cryptocurrencies but have fallen into the trap of popular misconception.
Taking the bait
“While many people have heard of Bitcoin, few are using it and even fewer have any, which is why we were surprised to recently detect a Bitcoin credential phishing campaign that received a 2.7% click rate, much higher than the percentage of Bitcoin users in the general population,” Proof Point reports.
The ‘click rate Proof Point referred to was related to 12,000 messages that had been sent to over 400 organisations following an account warning; that is to say users were confronted with an email that “attempted to create a sense of urgency by capitalizing on popular fears over Chinese hacking,”
[See also: Is Bitcoin Safe? How to Keep Hackers from Stealing Your Bitcoins]
The 2.7% who clicked on the link were redirected to what looked like a realistic Blockchain page. Those unfortunate enough to enter their login details would, according to Proof Point, “be sent to a generic login error message. Once equipped with this information, the attackers can login to the user’s real Blockchain.info account and send bitcoin to any wallet they want.” Because Bitcoin transactions are by design irreversible and difficult to trace, the victim has almost no recourse for their loss.
An increasing threat
Recent developments surrounding the status of bitcoin as to whether it is or is not money has occupied the attention of tax authorities in Australia and federal judges in the USA.Notwithstanding, there is no question that bitcoin does indeed have intrinsic, monetary value. Such attacks highlight the need to raise awareness of bitcoin in order to avert potential financial misfortune. And whilst those without a Blockchain account had little to fear from this specific attack, Proof Point warned of more sophisticated variants to come.
“’A multi-variant’ version of this campaign could have a much greater impact, enabling attackers to target clicking users with malware, Trojans, corporate credential phish, spam or other threats.”