Bitcoin Phishing Campaign Hits Trusted Search Engines

Sometimes it pays to wait to see how new technologies play out. Such is the case with Bitcoin — a virtual currency which allows users to purchase goods over the Internet. While the nascent currency is gaining a strong following of legitimate users, it still suffers from some key weaknesses.

The most recent example comes in the form of a phishing operation — an operation where a hacker spreads a malicious link to a website asking for the personal information, like login details, account numbers, etc.— using both Yahoo! and Bing search engines.

Those two engines blend their paid advertisement links with their search links, easily leading to a situation where a user is taken to a site they weren’t intending to go. In this case, instead of going to “mtgox.com,” the URL address for the world’s largest Bitcoin exchange, it went to “mtpox.com,” the URL address for what might be the world’s most accurate phishing website.

And, as Krebs on Security, which originally reported on the phishing attack, notes, all the hackers did was copy and paste the code from mtgox.com and applied it to their own website. Their malicious website looks exactly the same as the actual website. The only difference is in the URL address. This attack is particularly troublesome as a Bitcoin compromise can affect both a Bitcoin and a bank account.

It may help to think of Bitcoins as Internet version of Chuck-E-Cheese: you go in and buy tokens which you can then use to play games and (depending on the value of the Bitcoin) exchange your Bitcoins for trinkets and goods. I covered the history and inner workings of the Bitcoin as a “currency” in an earlier post here.

Whether or not you use Bitcoins, there are a few ways you can avoid going to a malicious website:

  • As Krebs notes, know the URL of your favorite website or simply bookmark them. If you’re going through a search engine, consider using a safe search tool, like McAfee SiteAdvisor, which provides safety ratings for links in your search results and comes with McAfee LiveSafe
  • Be suspicious of emails, texts, chat messages, and social networking links that ask for personal or financial information. Most banks and legitimate businesses will not send you an email asking you to provide this type of information.
  • Check your bank, credit and debit account statements regularly for any unauthorized transactions. If you notice any suspicious or unfamiliar transactions, contact your bank and/or card issuer immediately.
  • Make sure to keep your browser and operating system up to date and install any necessary security patches.
  • Use comprehensive security software, like McAfee® LiveSafe™, that protects all your devices, your identity and your data.

 

Leave a Reply