A new phishing campaign that targets CoinSpot cryptocurrency exchange users employs a new theme revolving around withdrawal confirmations with the end goal of stealing two-factor authentication (2FA) codes.
More specifically, the threat actors send emails from a Yahoo address, replicating real emails from CoinSpot that ask the recipients to confirm or cancel a withdrawal transaction.
These phishing messages also include details such as the transaction amount and a Bitcoin wallet address to add legitimacy to the attack.
Clicking on either of the embedded buttons on the email takes the victim to a phishing landing page that clones the CoinSpot login page and uses a domain name sufficiently close to the spoofed one not to attract the target's attention.