Users of cryptocurrency wallets Electrum and MyEtherWallet have been receiving phishing emails, that attempt to obtain sensitive data like users’ personal or banking information by illicit means.
Under a phishing attack, the attacker disguised as a trusted entity and sends the user a message or an email that contains a malicious link. As and when the user clicks on the link, they either asked to enter their personal data or new window initiates the installation of malware.
When a Reddit user, exa61 discovered that a phishing scam was posing as a security update in an attempt to steal sensitive data from Electrum customers. The user brought the matter into the forefront by posting the picture of a system message, allegedly from Electrum wallet.
The system message asks the user to make a security update to Electrum 4.0.0. However, the platform does not have any 4.0.0 version, its latest and current version of the wallet is Electrum 3.3.3. The platform took to Twitter, informing its users about the scam.
The latest version of Electrum (version 3.3.3) will notify users when a new release of Electrum is available. Release announcements are signed by us, and verified by Electrum using a hardcoded Bitcoin address. This feature is optional and can be disabled. https://t.co/Y2DXoUyOgk
— Electrum (@ElectrumWallet) January 26, 2019
MyEtherWallet took also their Twitter account and warned their followers about a phishing email that was sent to users.
There's another phishy email going around asking users to give up personal information. Don't believe the hype!
#1. We will never email you first (only reply to support).
#2. We will never ask for your private key (or other sensitive info).
#3. Be skeptical! pic.twitter.com/654TLIt5ar
— MyEtherWallet.com (@myetherwallet) February 4, 2019
“That’s interesting, because this is the second cluster of reports of the same phishing, and the first one was at the end of December 2018. The thief might have 100 GitHub accounts”
“versions of Electrum older than 3.3.3 are vulnerable to a phishing attack, where malicious servers are able to display a message asking users to download a fake version of Electrum.”