A phishing attack is an attempt to obtain sensitive data like users’ personal or banking information by illicit means, wherein an attacker is disguised as a trusted entity and sends a user a message or an email containing a malicious link. Once clicked, the link asks the user to enter their personal data or initiates the installation of malware.
On Feb. 4, the team behind MyEtherWallet tweeted a warning about a phishing email that was sent to users, asking them to divulge personal information:
There’s another phishy email going around asking users to give up personal information. Don’t believe the hype!
#1. We will never email you first (only reply to support).
#2. We will never ask for your private key (or other sensitive info).
#3. Be skeptical! pic.twitter.com/654TLIt5ar
— MyEtherWallet.com (@myetherwallet) February 4, 2019
One user on Reddit found that a phishing scam attempting to steal sensitive data from Electrum customers was posing as a security update. Redditor exa61 posted a picture of a system message, allegedly from Electrum wallet, requiring a security update to Electrum 4.0.0, while the latest version of the wallet is currently Electrum 3.3.3.
The latest version of Electrum (version 3.3.3) will notify users when a new release of Electrum is available. Release announcements are signed by us, and verified by Electrum using a hardcoded Bitcoin address. This feature is optional and can be disabled. https://t.co/Y2DXoUyOgk
— Electrum (@ElectrumWallet) January 26, 2019
In the thread, one user pointed out that it was “the second cluster of reports of the same phishing, and the first one was at the end of December 2018,” adding that the would-be hacker could have “100 GitHub accounts.”
Electrum subsequently published a warning on their website, notifying that “versions of Electrum older than 3.3.3 are vulnerable to a phishing attack, where malicious servers are able to display a message asking users to download a fake version of Electrum.” The company warned its users to not download software updates from other sources.
Recently, an unidentified hacker or hacker group purportedly detected a security vulnerability in the LocalBitcoins forum and linked it to a phishing forum. In a Reddit post published by the community manager, LocalBitcoins claimed that the identified vulnerability had been contained in third-party software, and confirmed six known cases of users being affected.