CAUTION: Bittrex users are at great risk
Cryptomaned users are often exposed to multiple shocks. Most of these come in the form of Piramide / Ponzi schemes, phishing sites and malware attacks. It seems that a new phishing site by Bittrex is making attacks these days, which attempts to lure users through a phishing email campaign. It is not difficult to detect the fake website, but some people may fall into this scam independently. Always be cautious when receiving allegedly exchanged emails that ask you to visit a website and confirm your identity.
What is Phishing?
Phishing is a dishonest way that cybercriminals use to trick you into revealing personal information such as passwords or credit card, CPF and number of bank accounts. They do this by sending fake emails or directing you to fake websites.
False Bittrex website, Watch out!
This is not the first time users of crypto-currency exchanges have been targeted by phishing emails and cloned websites. The most frequently segmented platform in this regard is Blockchain.info, as the company offers a very popular online wallet service for Bitcoin users. Users often receive fake emails from people who go through the company as a way to steer them to a fake website and steal their login data. Other exchanges and wallet services have experienced similar attacks, including the current phishing scheme on Bittrex.
This new fraud is quite interesting, although it is unlikely to be successful. Its success depends on how cryptomaniac users are informed. First, Bittrex never sends emails to its customers asking them to prevent their accounts from being designated as inactive. Even if you do not visit the exchange for a whole year, these emails will never be sent by the company. Whoever is behind this scam thinks people will fall into a phishing attempt, but the average cryptomaniac enthusiast should know a lot more than that.
A nearly perfect Plagiarism
In the email sent to Bittrex users, and possibly non-Bittrex users as well. The sender asks the recipient to click on a site link. This site redirects you to a copy of the official Bittrex website, which is hosted in a completely different domain. In this case, the site takes you to Bittrex.cam instead of Bittrex.com. It's only a small detail, however, if you do not perceive the fake URL. This can be expensive for the user.
✅ Bittrex.com
❌ Bittrex.cam
Fortunately, people who use a password manager to generate strong, unique passwords for each platform will immediately notice that something has not been added. After all, the password manager only works with the legitimate domain of Bittrex. Since this phishing site is a fake site, it will not be able to enter your passwords automatically.
The email sent to users also seems very fake. There are several spelling and grammatical errors in the message, indicating that this email is not necessarily composed of a native English speaker. The copyright message at the bottom also appears incomplete and the header images will not load automatically because the sender of the email is not trusted or verified. In fact, everything about the email seems to be false even if the site to which the users are redirected is identical. That is, until you pay close attention to the address bar in your browser.
Conclusion
Given the recent rise in popularity that Bittrex has seen recently, this would happen sooner or later. Criminals will always look for new ways to make money, and stealing user login data from exchanges can be a very lucrative venture for them. Anyone who uses Exchange Bittrex, and receives an email stating that their account is inactive, ignores the message. This is not the last time we will see fraud attempts like these.