iGot Impostors Launch Phishing Attack to Access Google Accounts

Recently I got an email from Rick Day, Igot’s founder, or at least I thought it was him.

The “From” email address was from Rick Day’s actual email address and the message only had one sentence in it – it was a link to a YouTube Video.

(Due to RIck’s request after initially publishing this post I have blocked any reference to his actual)

igot fake email

The thumbnail which is derived from the email address also matched the actual appearance of Rick Day.

rick day thumbnail

 

Once I clicked the link I was transferred to what looked like YouTube’s log-in page. Of course it seemed odd that I’d need to log in in order to watch a video so I decided to take a deeper look into this before going any further.

I checked the URL at the top of the page and saw that I actually landed on a domain called “Sumterbiz.com” and not on YouTube. This was all done from my mobile and I didn’t get any phishing warning from my browser.

phishing homepage

When I looked at the “reply to” address I saw it was addressed to some weird variation of the original email. Of course all of these are clear indicators of a phishing attempt. I’ve dealt with similar attempts by scammers who pretended to be from Coindesk in the past as well.

If you enter the website from your desktop on a Chrome browser you’ll immediately get a clear warning about the site. Since I clicked on the link from my mobile I didn’t get this warning.
phishing warning chrome

These types of attacks happen everyday, and I have no idea why scammers would choose to use iGot’s reputation in order to carry them out. My only guess would be that they are targeting Bitcoin websites using a known figure in the community in order to boost their success rates.

Just the other day we covered how malicious programs that start from similar email attacks can hijack your computer files in exchange for Bitcoin. So take this post as a warning and hopefully it may manage to prevent some of these attacks in the future.

Stay safe..

Bitcoin Video Crash Course 

Join over 94,000 students and know all you need to know about Bitcoin. One email a day for 7 days, short and educational, guaranteed.

We hate spam as much as you do. You can unsubscribe with one click.

2
Leave a Reply

avatar
 
1 Comment threads
1 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
2 Comment authors
Ofir BeigelPaul Walsh Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Paul Walsh
Guest
Paul Walsh

Now, open the link inside any productivity app on your mobile – an app that has a WebView to display webpages. You will see that this site amongst all other phishing sites, will not be blocked.