Those phishing emails that we receive every day in our mailboxes are often related to key players in different fields:
|Internet actors||Google, Yahoo!, Facebook, …|
|Software or manufacturers||Apple, Microsoft, Adobe, …|
|Financial Services||Paypal, BoA, name your preferred bank, …|
|Services||DHL, eBay, …|
But the landscape of online services is ever changing and new actors (and more precisely their customers) become new interesting targets. Yesterday, while hunting, I found for the first time aphishing page trying to lure the Bitcoinoperator: BlockChain. Blockchain is a key player in the management of width:600px” />
Hopefully, the webshellisn padding:5px 10px”>
$from = From: b email@example.com
$from .= MIME-Version: 1.0rn
$from .= charset=ISO-8859-1rn
header( Location: richiesta_otp.html
Note that the login procedure on BlockChain is extremely strong: 2FA authentication and one-time link is sent via email to approve all login attempts. Be sure that activate them if youre a BlockChain customer.
The fact that Bitcoins, the digital currency, is getting more and more popular makes it a new interesting target for attackers. And this is also the case in corporate environments: There is a trend in companies that make a reserve of Bitcoins to prevent possible Ransomware attacks!
Xavier Mertens (@xme)
ISC Handler – Freelance Security Consultant
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.