It was learned on July 1 that there has been a major wave of cyberattacks to steal cryptocurrency through phishing or fake emails to obtain personal information. At least 1,500 fake emails in Japanese have been sent for this purpose. It was found that the emails were made to appear as though they originated from cryptocurrency exchanges such as bitFlyer, a cryptocurrency exchange that was ordered by the Financial Services Agency to improve its business practices in late June, and contained very sophisticated contents. It is feared that the attackers are targeting Japan.
According to the Council of Anti-Phishing and computer security firm Trend Micro, the first phishing email targeting cyrptocurrency in Japanese was detected last November. As of May, up to 300 such emails were circulated.
All these emails used the names of real cryptocurrency exchanges. The council and Trend Micro were able to confirm at least 1,500 such emails. However, the council reckons that these were just the tip of the iceberg.
A phishing email claiming to be from bitFlyer found in late May said: “Suspicious activity has been detected in your account. For your safety and to prevent your account from being frozen against your will, please close your account.” This email asked for the user’s email address, password, and other information. The entered information was stolen by the attackers and used for unauthorized access to the users’ “wallet” accounts for cryptocurrency transactions and the exchanges themselves.
There were also emails asking the users to reset their passwords or replace old passwords with new ones. Since some users set similar passwords for their bank and other accounts, obtaining two passwords in this way increased the probability of the attackers’ unauthorized access to other accounts as well. (Slightly abridged)