A security firm found that hackers were sending emails purportedly from BTC Era, encouraging Bitcoin users to give money for an alleged investment.
The automated email is addressed to the recipient by name and says a Bitcoin transaction has been approved, requiring a minimum deposit of $250 to start.
The message includes a hidden URL with text that says “create an account” and once this link is clicked, multiple redirects are made and the user is eventually directed to the theverifycheck.com. Once the user arrives on the page, a pop-up appears that asks permission to display notifications from the site.
If the user clicks to allow notifications, he or she gives permission to run an Adware on his device. Users don’t understand anything, but the site allows you to track their activities and show ads and spam.
Abnormal Security added that the scammers used email marketing provider Constant Contact, which allowed them to hand over malicious emails to multiple recipients at the same time.
Ken Liao, chief executive of Abnormal Security, said: “We have seen that in recent months the weekly volume of attacks posing as Bitcoin platforms have remained relatively stable. But we have seen an increased proportion of these impersonations between the end of March and the beginning of May.”
He added: “We would advise organisations and their employees to check senders and email addresses well to ensure they come from legitimate sources. Don’t just trust the name it looks like. In addition, we recommend that everyone always check the URL of the Web page before logging in. Hackers often hide malicious links or host them on separate sites that you can reach with secure links. This allows them to bypass the link scanning offered by traditional email security solutions. If the URL looks suspicious, don’t put your credentials on and always verify with the IT part of your organization.”