Scams that convince people to give away their bitcoins by entering information into a legitimate-seeming (but fake) website are on the rise. But a new phishing campaign that targets people worried about the aftermath of Hurricane Irma, which tore across parts of Caribbean and Florida this week, might just be a new low.
The scam, which appears to be an evolution of an existing phishing campaign, was publicized in a Reddit post on Tuesday by Chicago-based Bitcoin ATM company Athena Bitcoin. According to the company, it received a phishing email purporting to be from Blockchain, a popular blockchain explorer and digital wallet service, warning them that Hurricane Irma had damaged the company’s servers in Florida and that their bitcoins may be at risk of becoming irretrievable. As a result, the scam email instructs, the victim must transfer their bitcoins to a new address and server located in Ontario, Canada.
The address in the email is presumably controlled by the scammers, although it isn’t clear who they are, and sending bitcoins to it would result in the permanent loss of funds.
The scam address currently contains no funds, meaning that nobody took the bait. But it’s possible or even likely, given the personalized nature of the scam, that the address is single-use and intended for the email recipient only. According to Athena Bitcoin spokesperson Patrick Patton, who contacted me via email, the company believes it is just one of many organizations and individuals targeted by the scam.
“We understand that digital currency has a significant learning curve and losses to scams can be significant,” Patton wrote me in an email. “Unfortunately, major disasters often coincide with reprehensible attempts to defraud victims using any and all payment methods.”
This isn’t the first time that scammers have tried to turn Blockchain’s clout into a weapon in order to fleece unsuspecting victims. Last year, a similar phishing scam made the rounds, and there are stories of losing funds to such schemes going back three years on Reddit.
“We ask that users bookmark our link [www.blockchain.info/wallet/#/login] and alert us to any phishing emails or spam they receive,” a Blockchain spokesperson wrote me in an email. “We have a team that is extremely diligent, but it’s always helpful when the community gives us a heads up.”
If you’re out there on the wild web holding bitcoins, keep your head on a swivel.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.