Sometimes, sites get an influx of users, whether it was the mass exodus from What’s App when Facebook went down for 6 hours, phishing for credentials and being successful at it, or any other means that might have this happen to a site.
Today, we’re going to talk about a very interesting article that we’ve put in to our first item for news notes for Wednesday. It is a Krebs On Security article titled How Coinbase Phishers Steal One-Time Passwords.
A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.
Coinbase is the world’s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. The now-defunct phishing domain at issue — coinbase.com.password-reset[.]com — was targeting Italian Coinbase users (the site’s default language was Italian). And it was fairly successful, according to Alex Holden, founder of Milwaukee-based cybersecurity firm Hold Security.
After poking around the phishing site, there is a pannel that will notify the actors when their victims enter credentials on to the site. Also, according to the article, they can push a button in real time that asks the victim for more information. Sounds scary and something in a movie, but yet, its starting to happen.
Pressing the “Send Info” button prompted visitors to supply additional personal information, including their name, date of birth, and street address. Armed with the target’s mobile number, they could also click “Send verification SMS” with a text message prompting them to text back a one-time code.
That puts another meaning in to two-step verification, yet they’re taking advantage of this by pushing buttons real-time.
I took a look at coin base’s web site before writing up the notes for it, and I must say, It Offers a bunch of info about crypto currency and various types of it to boot. I had no idea there were hundreds of crypto. I knew about Bitcoin, Litecoin, and Etherium and possibly a few others, but I saw some that I’ve never heard of.
Luckily, this campaign is not targeting the United States as of yet, signing up several million Italians first, says the article.
There’s plenty more I can quote and talk about, but I think you should read through to see all of the details. This is one that people should at least glance at, in case their favorite site may have this problem. Its definitely new and clever.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.