A leaked list of people who had enquired about the auction for Bitcoins from the “dark market” Silk Road provided a target for phishing scammers – and at least one site fell for the scam emails.
A reported 100 Bitcoins ($63,300) were stolen from Bitcoin Reserve via a fake login page which harvested email credentials, according to TechCrunch’s report.
Coindesk reports that the scam targeted individuals on a list of people who had expressed interest in the auction for Bitcoins from Silk Road. The list was leaked after a member of the U.S. Marshals service used CC instead of BCC on an email.
The scam email – which the Wall Street Journal said had been forwarded to several people on the list, said, “I work for BitFilm Production. We are currently putting together some media for a client regarding the Silk Road seized Bitcoin auction by the USMS. I am hoping you could spare five minutes to review my interview questions and see if you would be willing to participate as a source. ”
While Bitfilm production is a real company, they had not sent the emails.
Interested parties who replied to the first email received a second email with what appeared to be a Google Document – instead, the link led to a scam site which required an email login.
A staff member at one firm, Bitcoin Reserve, logged in – and scammers then used his password and email to send a request to staff at the firm to forward Bitcoin to an online ‘wallet’.
Around 100 Bitcoin – worth $636 each at the time of writing, according to XE.com – were transferred before the scam was uncovered, according to the Wall Street Journal.
The U.S. Marshalls service said in a statement, “We encourage anyone believed to be a victim of a phishing scam to contact the appropriate law enforcement authorities. The FBI is the investigative agency for phishing scams in the United States. Go to www.ic3.gov/default.aspx for additional guidance.”
TechCrunch commented, “Given the irreversible nature of Bitcoin transactions I’d expect these scams to happen more and more often.”
Author Rob Waugh, We Live Security