- Jan 24, 2011
- 9,379
You've probably heard of Bitcoin, the digital currency that has no central control.
Bitcoin relies on complex cryptographic calculations (or, more accurately, on deliberately time-consuming ones) and a globally, public database known as the blockchain that allows its digital "coins" to be owned by just one person at a time.
Bitcoin isn't strictly anonymous, because the blockchain contains a record of how the currency's coins have moved around over time.
But with no regulatory requirement for coin owners to register or to identify themselves, there is no official or reliable way to track coins to their owners.
So, for users who are cautious about their privacy, Bitcoins do work like cash.
And Bitcoins can be spent internationally over the internet without exchange rate calculations, exchange control paperwork, processing fees and other charges, so they are remarkably straightforward and egalitaran, too.
Better still, in the last year or so, Bitcoin has been an currency investment you could keep under your mattress at home yet watch its value appreciate:
Neverthless, the Bitcoin ecosystem has had its fair share of negative publicityover the past few months, for a number of rather turbulent reasons:
Phishing Bitcoin users
Unsurprising, then, to see the phishers getting in on the act.
Phishing, of course, is a cybercrime that involves tricking you into giving up personal information - most notably, usernames and passwords for online services - through visual deception.
Typically, phishing is conducted via email.
The crooks send out a messages, sometimes to a targeted list, at other times spammed as widely as possible, to lure you to a website.
They might urge, frighten, cajole or bribe you into action.
Examples include: presenting you with a free offer; warning you that your bank account has been hijacked; asking you to re-confirm your account; or giving you the happy news that you just got a tax refund.
The idea is to get you to click on a link, go to a website associated with a brand you know (and presumably trust), and feel comfortable there.
Then the phishers present you with a login screen that is believable enough that you put in your username, password, and possibly other details...
...before realising that you just submitted a web form full of PII (Personally Identifiable Information) to bunch of imposters!
Just like this:
Coinbase is a boutique Bitcoin exchange, based in downtown San Francisco, that despite its small size claims to service about 1,000,000 accounts.
That's more than enough active users for scammers to reach a reasonable number of potential victims even with a randomly-blasted-out, totally untargeted spam campaign.
In this case, the phishers have let themselves down a bit with typos and bad grammar (the word "agreement" spelled as "agreementy", for example), but the email passes muster at first glance.
Read more: http://nakedsecurity.sophos.com/201...oin-phish-dont-be-too-quick-before-you-click/
Bitcoin relies on complex cryptographic calculations (or, more accurately, on deliberately time-consuming ones) and a globally, public database known as the blockchain that allows its digital "coins" to be owned by just one person at a time.
Bitcoin isn't strictly anonymous, because the blockchain contains a record of how the currency's coins have moved around over time.
But with no regulatory requirement for coin owners to register or to identify themselves, there is no official or reliable way to track coins to their owners.
So, for users who are cautious about their privacy, Bitcoins do work like cash.
And Bitcoins can be spent internationally over the internet without exchange rate calculations, exchange control paperwork, processing fees and other charges, so they are remarkably straightforward and egalitaran, too.
Better still, in the last year or so, Bitcoin has been an currency investment you could keep under your mattress at home yet watch its value appreciate:
Neverthless, the Bitcoin ecosystem has had its fair share of negative publicityover the past few months, for a number of rather turbulent reasons:
- Bitcoin is one of the ways you can pay the extortion money to get your data back if your computer gets scrambled by the CryptoLocker ransomware. Good luck getting any money back, even if the blackmailers get caught.
- A number of boutique Bitcoin exchanges (where you can trade regular money into and out of Bitcoins) have quickly attracted millions of dollars of digital data, and then vanished in puffs of cybersmoke. Good luck getting any money back.
- The biggest Bitcoin exchange of all, Mt Gox, imploded into bankruptcy recently, with more than $500,000,000 worth of Bitcoins missing. Good luck getting any money back.
Phishing Bitcoin users
Unsurprising, then, to see the phishers getting in on the act.
Phishing, of course, is a cybercrime that involves tricking you into giving up personal information - most notably, usernames and passwords for online services - through visual deception.
Typically, phishing is conducted via email.
The crooks send out a messages, sometimes to a targeted list, at other times spammed as widely as possible, to lure you to a website.
They might urge, frighten, cajole or bribe you into action.
Examples include: presenting you with a free offer; warning you that your bank account has been hijacked; asking you to re-confirm your account; or giving you the happy news that you just got a tax refund.
The idea is to get you to click on a link, go to a website associated with a brand you know (and presumably trust), and feel comfortable there.
Then the phishers present you with a login screen that is believable enough that you put in your username, password, and possibly other details...
...before realising that you just submitted a web form full of PII (Personally Identifiable Information) to bunch of imposters!
Just like this:
Coinbase is a boutique Bitcoin exchange, based in downtown San Francisco, that despite its small size claims to service about 1,000,000 accounts.
That's more than enough active users for scammers to reach a reasonable number of potential victims even with a randomly-blasted-out, totally untargeted spam campaign.
In this case, the phishers have let themselves down a bit with typos and bad grammar (the word "agreement" spelled as "agreementy", for example), but the email passes muster at first glance.
Read more: http://nakedsecurity.sophos.com/201...oin-phish-dont-be-too-quick-before-you-click/
