Infosecurity Magazine reports that Austrian cryptocurrency brokerage Bitpanda had its customers subjected to a sophisticated phishing campaign that sought to pilfer credentials and personal data through a highly convincing replica of the cryptocurrency platform.Attacks involved the delivery of emails masquerading as official Bitpanda communications alerting of the brokerage's supposedly new security standards, which include a "Start Update" button that redirects to a seemingly legitimate Bitpanda login screen, according to an advisory from the Cofense Phishing Defense Center. Providing user credentials on the fake login page triggers multiple verification screens obtaining users' names, phone numbers, addresses, and birthdates under the guise of a multi-factor authentication process before redirecting to the crypto broker's legitimate login page.Such a threat should prompt increased vigilance among users, who have also been urged to thoroughly examine destination URLs and enter sites using bookmarked or manually provided addresses."Campaigns like these can be headed off with tools designed to detect and quarantine threats that slip through secure email gateways (SEGs)," said Cofense.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds