Criminals search LinkedIn and social media profiles for cryptocurrency professionals
Exclusive: Hackers target Bitcoin traders and investors in new wave of cybercrime
Hackers are targeting traders and investors involved in cryptocurrencies like Bitcoin in a new wave of cybercrime, top Google security experts have said.
Criminals scour LinkedIn and other social media accounts to identify wealthy professionals involved in the industry.
They then use a more sophisticated form of phishing - known as spear phishing - to launch tailor made attacks and attempt to gain information to access their funds.
Senior Google security officials cast light on the trend during a briefing with The National at their headquarters in Munich on Safer Internet Day.
Phishing is the most common technique used to obtain sensitive personal information like user names, passwords, or banking and financial information that could expose people to financial fraud online.
It can take many forms, with hackers reaching out to vulnerable internet users via email, phone, text message or through bogus mobile apps posing as a legitimate person or trusted organisation.
“Online security breaches happen, they are a fact of life but we’ve found phishing to be far more dangerous,” said Mark Risher, director of product management at Google and account security leader of the phishing and identity services team.
“We are seeing an increasing volume in scams related to crypto-currencies. Bitcoin feels as though it was tailor made for phishing attacks.
“It is completely virtual, and tied to various online accounts. It is irrevocable, is not backed by governments or supported by insurance.
“We’ve found that within 24 hours of someone uploading their resume online to say they work for a cryptocurrency, or someone on social media putting pro cryptocurrency messages, they are getting more attacks from cyber criminals.
“It is scary, and something we are taking seriously to offer dynamic levels of protection.”
In late 2017, Bitcoin captured the imagination as its price soared to almost $20,000, turning early cryptocurrency investors into millionaires, or even billionaires.
The phenomenon attracted many new investors into the market, but those have since become the target of online criminals looking to exploit online security weak spots.
The value of Bitcoin has since plummeted to below $6,000, but many investors who have signed up to online trading platforms remain exposed.
Parisa Tabriz is director of engineering at Google, and currently responsible for ensuring Chrome remains one of the most stable tools for internet browsing.
“Bitcoin is something we are becoming increasingly concerned about at Google Chrome and the mining of information that is happening from many of the new crypto currency websites that have appeared,” she said.
“It is something we are worried about, and we are increasingly working to figure out how best to approach this recent trend that we are seeing.”
Google has spent $4.2 million on external security researchers to gain more understanding of the latest techniques used by hackers to help find and fix security bugs.
Phishing scams have progressed from random emails promising great wealth from African oil barons in exchange for personal bank details, to more personalised and sophisticated scams.
Those emails are now almost 100 per cent blocked by Google.
Security experts speaking from the Google office in Munich are working to combat the rise of ‘spear phishing’ – where cyber criminals access specific information from an individual to then target them with a more personal approach.
Hackers and cyber criminals are taking advantage of personal information that is available online to tailor a scam for specific individual.
It could be information taken from someone’s LinkedIn profile, or other social media account.
“Maybe they know the region they are in so they can tailor a scam relative to a local bank, or they even have some additional information to personalise the content of the message,” said Mr Risher, who has been working in cyber security for more than a decade.
“It could be naming a particular device that it recognises, such as saying someone’s MacBook Pro has been hacked.
“That is being taken further in a commercial sense in a trend we a calling ‘whaling’.
“This is where hackers have realised they shouldn’t blast out to everyone that they are a Nigerian oil minister, but go after specific individuals and those who have the greatest potential return on an online scam.
“They are usually the wealthiest among us.”