Bitcoin wallets under phishing attacks

Bitcoin wallets suffering phishing attacks

OpenDNS Labs has been tracking attacks on Bitcoin wallets over the last few weeks. The details of the attacks were released in a blog on the OpenDNS Labs website. Attacks on Bitcoin wallets are not new. OpenDNS Labs say they saw a similar surge in attacks during the June spike in price for Bitcoin. As of this morning, CoinDesk has the cryptocurrency trading at over $950. This is more than 50% above where many speculators thought it would be by the end of 2016.

OpenDNS Labs observing rise in phishing attacks

The attacks that OpenDNS Labs have spotted are being driven by a rise in phishing attacks. It says: “Although most of the phishing sites we detect are specifically setup for phishing purposes we are also seeing an increase in the compromise of legitimate sites in which they are modified to host Bitcoin wallet phishing along with other phishing content.”

The blog focuses on how the attacks are being carried out. One of the attack methods identified is the use of compromised Gmail accounts. OpenDNS Labs claims these are used: “to gain access to Google AdWords and improve SEO thereby percolating these phishes to the top of search results.” According to the blog, this emerging use of compromised sites is an indication that online wallet phishing is here to stay.

No relationship between ransomware and Bitcoin price

Over the last month some security vendors have been drawing parallels between Bitcoin prices and ransomware. OpenDNS Labs says this is not the case. It plots the rise in ransomware and Bitcoin pricing. This shows that while there is a rise in both, Bitcoin prices have fluctuated while ransomware has risen consistently.

What is happening is that this is the combination of two different types of attacks. The blog gives an example of how this happens. In brief the timeline is:

  • User infected with ransomware
  • Follow unlocking advice and told to buy Bitcoins
  • Search for Bitcoin sales and encounter forged AdWords
  • Buys Bitcoins to pay off ransomware but has personal information compromised by secondary attackers.

All of this could reasonably be done by the same team. However the OpenDNS Labs team say that this is two groups because the goals are different. They say: “Stolen credentials are a lot cheaper than most ransoms, so ransomware authors would not try to steal credentials, but rather get paid.” This double attack approach is something that has not surfaced before. Avoiding it may be hard for many victims.


Bitcoin has had a chequered past when it comes to security. The official Bitcoin Wiki contains its own warnings over wallet vulnerabilities. Bitcoins users need to keep a regular check on their own security. Using different credentials for their Bitcoin wallets compared to other services is a start. Another is to be careful about the use of third-party wallets. If Bitcoin is to gain widespread adoption there is a need to rethink its current level of security.

Bitcoin wallets under phishing attacks was last modified: by

Woman scammed of $4500 on Facebook

Police in Miami Township, Ohio, are warning residents of a phishing scam on social media that has robbed at least one victim of $4,500.

Investigators say criminals used Facebook to steal the $4,500 from a 75-year-old woman. The scam was in the form of a Facebook message from a friend that led the woman to believe she had just won a $200,000 lottery, except the person on the other end wasn’t her friend.

“This message said that she was eligible to win $200,000 as long as she sent $750,” said Sgt. Paul Nienhaus of the Miami Township Police Department.

After the victim sent money, she was prompted to send even more. 

“Each went to a different state one went to Pennsylvania one went to Florida,” Nienhaus said.

Police say the victim’s friend’s Facebook account had been hacked. 

“Oh it’s extremely frustrating; It’s as frustrating for us as it is the families,” Nienhaus said.

How to React to a Phishing Email

Recognising a phishing email isn’t always obvious. Sometimes, they look really genuine, and even carry the trademark and logo of the company they are trying to guise. Sometimes they also seem trustworthy, because of the way the text is written. However, hackers are becoming more intelligent about how they target customers. They will gain a company’s data such as details of their past customers, then contact them in a way that the customer wouldn’t question.

Here are some common signs of a phishing email:

  1. The email contains a link which they ask you to click. It might say something like, ‘Your account has been suspended because of suspicious activity! Please click here to open it again.’ The email may come with your bank’s logo and registered office and seem very genuine.
  2. The message contains a mismatched URL, or has poor spelling in the topic/body of the email.
  3. It seems too good to be true. It might offer a really good deal on something, asking for an upfront fee. This is exactly the case of a phishing attack in 2015, with fraudsters using the guide of online loan company Wonga SA, who sent texts and emails claiming to be from the loan provider and that they could get a great deal on a personal loan, so long as they paid an ‘upfront fee.’ Wonga have clarified they would never ask for an upfront fee like this, and reacted quickly by setting up a fraud hotline for customers to call if they seemed concerned.

When you think you may have opened a phishing email, some of us don’t know how to deal with it. Do we ignore it? Do we send it to our junk emails? Do we reply saying we know that it’s a hoax?

  1. One of the first things you might consider doing is reporting the phishing email. You might want to contact the company directly to tell them that you have received a suspicious email. Like with Wonga, there could be a dedicated hotline for you to call to discuss your concerns with them.
  2. Call the genuine company telephone number, not the one that was in the email. The email probably contains a phony line.
  3. You may want to seek advice if you think your details may be compromised. Websites like can help you out.
  4. It is important that you DO NOT respond to any email. Simply replying with an angry message only validates to the hackers that your email address is real and they could use this against you in the future.
  5. Remember you should also avoid downloading any attachments that the email has within it. These could contain viruses.
  6. After reporting the email, you may then want to block the sender from your email account. You can do this quite easily in the settings menu of your email account. Add them to your block list, and delete the email.
  7. Be cautious. Don’t think it won’t happen to you. There are thousands of phishing emails out there, some more easy to identify than others. Be vigilant and seek advice if you’re unsure.