Beware Phishing Attempts from Sites Claiming to be CoinDesk
As bitcoin becomes more popular and attracts mainstream users, scammers are resorting to tried-and-tested tricks like phishing emails and imitation websites to steal your funds. Read more about avoiding bitcoin phishing scams.
Known examples targeting CoinDesk are listed below:
CoinDesk Ebay/Paypal Email and Website Spoof – 31st August 2014
There is a false email circulating using a spoofed CoinDesk email address about a story involving ‘PayPal and eBay Bitcoin Integration’.
This links to a page which looks like our site, but it is in fact a copy of an old story and hosted on a different domain (http://www.coiindesk.com/).
Do NOT agree to install anything from this website. This will no-doubt try to install a form of bitcoin-stealing malware by pretending to be an Adobe flash player update, although this is still unclear at this time.
Be wary when you see the below on any website. Always go to Adobe to download any official updates if they are needed. Please report users posting links to this domain.
CoinDesk ‘Review’ Phishing Scam – 25th July 2014
This latest phishing attempt claims that we will review your site. Please report these attempts. We do NOT take payments for articles.
CoinDesk Advertising Phishing Update – 23rd July 2014
Phishing attempts can appear like they are from ‘email@example.com’, ‘firstname.lastname@example.org’ or ‘email@example.com’ etc. These addresses are spoofed. Usually they use a ‘reply-to’ Gmail address. Be careful of those sent through your support system, should you have one, as sometimes these systems make spotting the actual sender more difficult.
The scammers may also try to personalise the email towards you. They might also tempt you with ‘sponsored stories’ or advertising your event of business in some way. It goes without saying that this is a scam and you should report the email addresses in question.
An example of a recent phishing attempt is below, but remember, the one you receive may be personalised towards your business.
CoinDesk Advertising Phishing Update – 4th July 2014
Phishing attempts are now originating from colndesk.com. Please be aware this domain has an an L not an I.
This is clearly another phishing attempt, disguised by alerting those emailed to a previous phishing attempt.
If you were to respond you would soon be asked for payment in BTC. But you would not get any advertising on CoinDesk unfortunately.
Another tactic is to spoof a CoinDesk email address, but use the ‘reply-to’ so email replies get sent to the email address of the scammer.
Find out how to report these emails below.
CoinDesk Advertising Phishing – 17th June 2014
Several bitcoin companies have received unsolicited emails, which claim to offer advertising space on CoinDesk.com. This is a phishing attempt – they will soon ask for payment in BTC. Once paid, you will certainly not be able to login or receive any advertising.
- Do not trust emails from CoinBesk.com, CoinDesc.com and Colndesk.com.
- Often, these URLs forward to CoinDesk (using a meta-refresh or redirect)
- Emails from these kind of domains usually ARE phishing attempts.
- Always read email addresses carefully.
- If in doubt visit CoinDesk through the same methods, and contact us from the site.
- We do NOT send email from addresses which are not CoinDesk.com.
- Some attempts have used ‘firstname.lastname@example.org email address in the subject line.
- Do not trust emails from Gmail accounts sending email, which claim to be from CoinDesk.
- Please report suspicious Gmail accounts to Google.
- We recommend marking this kind of phishing attempt as spam (depending on your email service).
- We would appreciate it also if you would send us the headers of the email.
- We are VERY unlikely to approach anyone about advertising in this manner.
Please report these suspicious emails to Google.
‘CoinStatus App Phishing Attempt’ 21st May 2014
It has come to our attention that a site claiming to be CoinDesk is operating a phishing scam. Links to pages on this fake site are being shared on social media and forums.
If recipients click on the link, they are taken to CoinBesk.com and encouraged to download a “CoinStatus app” to read more. This is not an app, it is a phishing scam, so do not click the download button.
Key points to note:
- The CoinBesk.com and coiindesk.com URL is a copy of CoinDesk and a phishing attempt.
- We have NOT released any desktop applications that run on Microsoft Windows.
- Do not trust any ‘CoinStatus‘ downloads.
The only application CoinDesk has released at this time is an iPhone app, available on the App Store.
- Beware of compromised Twitter accounts, which you are not familiar with, sending you links.
- Check their Twitter feed: do they spam multiple users?
- CoinDesk has its own link shortener, which looks like this: http://coinde.sk/18fn4l9
- Beware of unusual stories from anonymous users in chatrooms, such as the ‘Trollbox”.
- Just visit CoinDesk.com. If there is a major new story, it will be featured on the homepage.
- Beware of malicious users on forums.
- Rightly or wrongly, user accounts on forums are often bought and sold.
- Be careful with users you do not know who use shortened links.
- User post count does not equal trustworthiness.
- If in doubt, check our site or Google the news story.
- Be careful with any software you download, and make sure your anti-virus software is up to date.
- Review the security of your bitcoin and other cryptocurrency wallets often.
- Report phishing URLs to Google.
- Firefox: Select Help/Report Web Forgery from the browser menu.
- You can also report to Symantec and netcraft.
- Twitter: Please report tweets and accounts to Twitter using the dropdown menu and selecting ‘Account May Be Compromised’.
- Please report any suspicious URLs or user accounts to email@example.com.