Marco Verch via flickr
At least 6,000 users of cryptocurrency exchange Coinbase lost money as a result of the phishing attack, Reuters wrote.
Coinbase reported about the attack, which took place in April and May, in a blog post. At the time, the exchange's security team noticed a strong increase in the flow of fake Coinbase-branded emails. The mailing was aimed at users of several popular email services. The attack was broad, but also more successful: it was able to get past the spam filters of the oldest email services, Coinbase noted.
The goal of such phishing emails is to fraudulently gain access to people's money or personal accounts in various services. In Coinbase's case, attackers used different sets of email subjects, senders and content. All of the variations involved different data-stealing techniques, the cryptocurrency exchange said. Judging by the screenshots on the exchange's blog, some people received a false message about their Coinbase account being blocked, while others received a link requesting permission to read the entire email, allegedly from Coinbase. Others were linked to a fake Coinbase website, through which the scammers collected logins and passwords.
Coinbase called the attack a "large-scale phishing campaign". The exchange stressed that its security systems were not breached, but it "immediately addressed the vulnerability" and took measures to prevent similar attacks in the future.
source: reuters.com
Coinbase reported about the attack, which took place in April and May, in a blog post. At the time, the exchange's security team noticed a strong increase in the flow of fake Coinbase-branded emails. The mailing was aimed at users of several popular email services. The attack was broad, but also more successful: it was able to get past the spam filters of the oldest email services, Coinbase noted.
The goal of such phishing emails is to fraudulently gain access to people's money or personal accounts in various services. In Coinbase's case, attackers used different sets of email subjects, senders and content. All of the variations involved different data-stealing techniques, the cryptocurrency exchange said. Judging by the screenshots on the exchange's blog, some people received a false message about their Coinbase account being blocked, while others received a link requesting permission to read the entire email, allegedly from Coinbase. Others were linked to a fake Coinbase website, through which the scammers collected logins and passwords.
Coinbase called the attack a "large-scale phishing campaign". The exchange stressed that its security systems were not breached, but it "immediately addressed the vulnerability" and took measures to prevent similar attacks in the future.
source: reuters.com