Security News > 2021 > December > Phishing campaign targets CoinSpot cryptoexchange 2FA codes
A new phishing campaign that targets CoinSpot cryptocurrency exchange users employs a new theme revolving around withdrawal confirmations with the end goal of stealing two-factor authentication codes.
More specifically, the threat actors send emails from a Yahoo address, replicating real emails from CoinSpot that ask the recipients to confirm or cancel a withdrawal transaction.
Clicking on either of the embedded buttons on the email takes the victim to a phishing landing page that clones the CoinSpot login page and uses a domain name sufficiently close to the spoofed one not to attract the target's attention.
To further increase the "Authentic" look of the phishing page, the threat actors also use a digital certificate that adds a lock symbol to the URL address bar to trick the visitor into thinking they've reached CoinSpot's legitimate and secure login form.
After entering their 2FA code, the victims are redirected to the official CoinSpot website in a final attempt to reduce the chances of raising suspicion.
The attackers can then use the account credentials and the stolen 2FA codes to take over the victim's account.