Phishing Scams Now Offer Bitcoins. Don't Be Fooled.

The Citizen's Guide to the Future
March 14 2014 11:58 AM

Phishing Scams Now Offer Bitcoins. Don't Be Fooled.

coinbasephish
This email isn't really from Coinbase. If you get an email promising you bitcoins, don't open it. And if you do, don't click any links.

Image from Chad Lorenz.

Phishing scams have tricked everyone from reporters at the Associated Press to Washington insiders, and what crook worth her stolen credentials would give up on such a successful strategy? So phishers are once again repurposing a classic con: Tell people they've won or been given a lot of money and that they just have to do XYZ—this is the identity- and/or money-stealing part—to claim what's owed to them. In this iteration, the phishers are dangling bitcoins as the lure.

Slate's news editor, Chad Lorenz, received the above email yesterday around 1 p.m. He quickly realized that something was wrong, even though the email looks pretty good: It's not trying too hard, it uses the Coinbase logo (Coinbase is a popular bitcoin wallet service), and it even has a copyright sign. But Lorenz wasn't expecting any money, and certainly not any cryptocurrency. Plus, assuming it was his lucky day, whose "external bitcoin account" was the bounty coming from? (Turns out that several other Slate staffers received the email as well.)

Advertisement

John OBrien, a spokesperson for Coinbase, wrote in an email that the phishing message had a few warning signs: "[T]here are a few red flags. ‘Hi,’ (not addressed to anyone) and ‘from an external account’ (not from anyone). Additionally the link will not take you to Coinbase.com."

Phishing scams promising bitcoins seem to have been percolating in January, and Coinbase published a blog post on the topic last month, noting that it had upped its security and encouraging "all customers to exercise caution when clicking links to financial institutions or payment services online."

The steps to identifying one of these scam emails are the same or very similar to what they would be if the phishers were promising U.S. dollars, or any currency. It seems probable that phishers are taking advantage of confusion about what bitcoin is and how it works in order to make people click the links. For example, according to a recent interview/check-in call, my 91-year-old grandma—who reads her email on an iPad—revealed that she thinks bitcoin works like a digital giftcard.

Protecting yourself just comes down to common sense, according to Chester Wisniewski, a senior security adviser at the data security firm Sophos. "Why are you randomly, unexpectedly being given money? How often does that happen?" he wrote in an email. "Even if you want to believe it is true (it never is), the correct course of action to verify the transaction is to go to the site claiming to have emailed you ... never click a link in an unsolicited message."

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.

TODAY IN SLATE

Politics

The Democrats’ War at Home

How can the president’s party defend itself from the president’s foreign policy blunders?

Congress’ Public Shaming of the Secret Service Was Political Grandstanding at Its Best

Michigan’s Tradition of Football “Toughness” Needs to Go—Starting With Coach Hoke

A Plentiful, Renewable Resource That America Keeps Overlooking

Animal manure.

Windows 8 Was So Bad That Microsoft Will Skip Straight to Windows 10

Politics

Cringing. Ducking. Mumbling.

How GOP candidates react whenever someone brings up reproductive rights or gay marriage.

Building a Better Workplace

You Deserve a Pre-cation

The smartest job perk you’ve never heard of.

Hasbro Is Cracking Down on Scrabble Players Who Turn Its Official Word List Into Popular Apps

Florida State’s New President Is Underqualified and Mistrusted. He Just Might Save the University.

  News & Politics
Politics
Sept. 30 2014 9:33 PM Political Theater With a Purpose Darrell Issa’s public shaming of the head of the Secret Service was congressional grandstanding at its best.
  Business
Moneybox
Sept. 30 2014 7:02 PM At Long Last, eBay Sets PayPal Free
  Life
Gaming
Sept. 30 2014 7:35 PM Who Owns Scrabble’s Word List? Hasbro says the list of playable words belongs to the company. Players beg to differ.
  Double X
The XX Factor
Sept. 30 2014 12:34 PM Parents, Get Your Teenage Daughters the IUD
  Slate Plus
Behind the Scenes
Sept. 30 2014 3:21 PM Meet Jordan Weissmann Five questions with Slate’s senior business and economics correspondent.
  Arts
Brow Beat
Sept. 30 2014 8:54 PM Bette Davis Talks Gender Roles in a Delightful, Animated Interview From 1963
  Technology
Future Tense
Sept. 30 2014 7:00 PM There’s Going to Be a Live-Action Tetris Movie for Some Reason
  Health & Science
Medical Examiner
Sept. 30 2014 11:51 PM Should You Freeze Your Eggs? An egg freezing party is not a great place to find answers to this or other questions.
  Sports
Sports Nut
Sept. 30 2014 5:54 PM Goodbye, Tough Guy It’s time for Michigan to fire its toughness-obsessed coach, Brady Hoke.