'Deposited into Your Bitcoin Portfolio' Email Scam

The fraudsters are sending out luring emails as part of a phishing operation. The goal of the misleading campaign is to trick users into revealing sensitive information, such as account passwords. The disseminated emails are presented as notifications about a significant sum of money being deposited to the recipient's Bitcoin portfolio. To be more specific, the lure emails carry a subject title of 'Transfer Successfull!!' and claim that $85.7777 worth of Bitcoins has been delivered.

Naturally, users would be curious to see where this alleged sum is being held. That is why the con artists include the address of a website they control. The emails also provide users with a specific Customer ID and password presented as the necessary credentials to enter their supposed portfolio. When they open the provided site and log in using the credentials, a pop-up window will inform them that the associated account currently has 85 Bitcoins in it, a sum that is over $1 million, even at the current exchange price of the cryptocurrency. To make sure that the funds are sufficiently protected, the dubious website will ask users to provide a more secure password and then enable OTP (One-Time Password) setting.

The fraudsters hope that users will enter a password that is already used for other accounts belonging to the victim. After all, password reuse is extremely common, as very few people can create and remember different passwords for each of their accounts. In addition, the phishing website will ask for users' phone numbers, under the pretense that it is required information for setting up the OTP reception. Having their passwords and phone numbers compromised could lead to severe privacy and security issues for users. The con artists could exploit the information to take control of the associated account, send smishing messages, spread malware threats or perform other fraudulent activities.