Recently I got an email from Rick Day, Igot’s founder, or at least I thought it was him.
The “From” email address was from Rick Day’s actual email address and the message only had one sentence in it – it was a link to a YouTube Video.
(Due to RIck’s request after initially publishing this post I have blocked any reference to his actual)
The thumbnail which is derived from the email address also matched the actual appearance of Rick Day.
Once I clicked the link I was transferred to what looked like YouTube’s log-in page. Of course it seemed odd that I’d need to log in in order to watch a video so I decided to take a deeper look into this before going any further.
I checked the URL at the top of the page and saw that I actually landed on a domain called “Sumterbiz.com” and not on YouTube. This was all done from my mobile and I didn’t get any phishing warning from my browser.
When I looked at the “reply to” address I saw it was addressed to some weird variation of the original email. Of course all of these are clear indicators of a phishing attempt. I’ve dealt with similar attempts by scammers who pretended to be from Coindesk in the past as well.
If you enter the website from your desktop on a Chrome browser you’ll immediately get a clear warning about the site. Since I clicked on the link from my mobile I didn’t get this warning.
These types of attacks happen everyday, and I have no idea why scammers would choose to use iGot’s reputation in order to carry them out. My only guess would be that they are targeting Bitcoin websites using a known figure in the community in order to boost their success rates.
Just the other day we covered how malicious programs that start from similar email attacks can hijack your computer files in exchange for Bitcoin. So take this post as a warning and hopefully it may manage to prevent some of these attacks in the future.
Now, open the link inside any productivity app on your mobile – an app that has a WebView to display webpages. You will see that this site amongst all other phishing sites, will not be blocked.
You mean this is why it wasn’t blocked up from my mobile ? I viewed it on a normal Safari mobile browser, not through a productivity app.