Phishing attacks are nothing new on the net. While most are relatively non-expert (the African Princess) some are quite well put together and volition fool most people if you are non paying attention. Phishing incidents accept been happening more and more oft in the virtual coin industry and the latest group targeted seems to be customers of BitPay, ane of the largest cryptocurrency payment platforms in the world.

BitPay: Beware Phishing Attempt

prototype: Bitpay via Imgur

Different companies react differently to events like this, but BitPay is already stepping upwardly to the plate with a public statement to Cointelegraph about what happened and where the attack was coming from. BitPay's public statement is as follows:


There has been an email phishing try spoofing BitPay'due south tardily payment notification email. Equally always, BitPay's security is the main priority.  There has not been a breach to our system.  It'south very unfortunate that these malicious attacks have been made on the bitcoin community.
These emails came from no_reply@bitpay.com - any link in an electronic mail from this address should non be clicked.  This email address is not a legitimate BitPay email address. Many of BitPay'southward organization emails do come from noreply@bitpay.com (delight note the lack of an underscore in the correct address).
The phishing attempt was mimicking a tardily payment notification from BitPay. A screenshot of the attempt can be found here: imgur.com/SHOEqpO. The attack prompts the receiver to click a link to invoice-bitpay.com - this is not a BitPay site.
Equally before long every bit the phishing attempt was identified, BitPay reported the fraud attempt to the domain company and were successfully able to take the site taken down (invoice-bitpay.com).
If a BitPay client has already clicked on the phishing link and entered a username and password, PLEASE go to https://bitpay.com/merchant-login and click on the Forgot Countersign button to reset the password immediately!
To stay vigilant and avert whatever breaches, e'er expect for the green BitPay, Inc SSL certificate indicator in the browser window. Ever exist extra cautious about checking the domain name and EV SSL certificate when entering a password. If you use a personal figurer with good password protection, let your browser store and populate userids and passwords for you -  the browser will not mistakenly enter your password on a phishing site. BitPay besides strongly advises all of its merchants to enable Ii-Gene Hallmark on their accounts.
BitPay is continually working with its merchant base to educate them on the best security practices.  Please reach out to support@bitpay.com if you have whatever further questions.

Phishing attacks are very easy to avert if yous keep just a few rules in heed. Think that reputable websites never ask for passwords, usernames or personal data in emails. At that place are besides certain types of files frequently used in these attacks, such as .jar files, because filters are not designed to recognize them equally potentially hostile.