In a blatant blockchain phishing attempt, I just got sent 3 BTC (BTC fo Bitcoin) this morning and I want to share with you how it happened and how the phishers attempted to grab my blockchain account. I’m sure you will be excited reading this post so follow this carefully. Right now, as listed on Coinmarketcap, a BTC stands at $4340. That makes a cool $12,780 (3BTC) just coming in.
But what is Phishing?
According to , Wikipedia, Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
This is what’s happening now on Blockchain.info as cryptoccurency grows and Bitcoin dominance maintained. Holding to a BTC now could mean a fortune in a couple of years. So people are devising means to get the coins by hook or by crook.
Blockchain payment notification
Blockchain.info is one of the most used Bitcoin wallet. Recently, there was an Ethererum addition to it. That means you can store both BTC and ETH in the same wallet. Blockchain’s recent updates also gives you the facility to swap coins.
Each time you have an incoming transaction, you are going to be sent an email alert to your blockchain registered email address (depending on your settings I think). That’s not news however for many blockchain users. This morning, I got one pretty nice and exciting email alert.
Blockchain Phishing
I was really excited to see where this payment was coming from and why I was being paid. But a simple look at the email subject, I became suspicious. Just look at it below:
blockchain fishing
Simply looking at the subject line of this message, I knew something was deadly wrong. Now this drew my attention to other areas of the message.
First, Blockchain is not going to send you a mail requesting you accept a payment you’ve received. That may happen sometime in the future but right now, that’s not how it functions.
Here is a typical blockchain payment email subject:Do you now see the difference?
Ok.
The second thing that stroke my attention was the From email address. Messages from Blockchain are clearly seen with the domain name in the From header line while the blockchain phishing idiots did theirs from support@dzdzdz.zendesk.com, which can be clearly noticed. That also happens to be their Reply-to address. Meaning if I hit the reply button and sent a reply, they would get the mail and proceed to stealing my identity
Next is the body of the mail
A typical mail from blockchain will just give you basic information and a link to view transaction details on blockchain. But there was something terribly wrong with the mail this morning.
blockchain phishing
Asking me to click to accept the incoming payment is the beginning of the blockchain phishing trap. I knew what was going to happen next before even clicking the link.
Now , take a closer look at where you are taken to once you click the link:
blockchain-phishing
In my case, I was taken to a domain that has nothing to do with blockchain: premiumaluminium.co.za Secondly, looking at the whole page, you see a big attempt to completely ruin your bitcoin business.
They ask for your Blockchain’s email and its password. Someone just has to be very dumb to fill this form. If you do this, you completely surrender your email account to them.
On the next window, the will ask for your blockchain wallet Id (which is the username you use to login) and wallet password.
blockchain login security
They are trying to get hold of two things that are very important:
Your email account access
Your blockchain account access
2 things to protect your Blockchain account from phishing
1 – The first thing to do is strengthen your account security. Don’t just allow your access dependent on email and password. Take steps to prevent unauthorized access to your wallet. Go to your account security center and follow the steps:
blockchain phising attempt
2 – Don’t fill any form that’s not on blockchain.info. Be sure to pay attention to the domain name of any page that requests for your login parameters. It has to be blockchain.info or nothing else.
blockchain authenticity
So that’s the blockchain phishing that’s going on now and people are losing their Bitcoins to some cowards who take advantage of lack of information and carefulness on the Internet.
Kindly share this post on social media to help protect the community. Drop a comment as well let me know what you think.
- Estate Muki