Ethereum phishing attack that earns $15K in two hours

Wesley Neelen (security researcher) has received a phishing email that seems to be from the legal online Ethereum wallet site

Cybercriminals are trying to get the login credentials for all type of accounts through phishing emails. By tricking possible victims to enter their username and password on a fake website (legitimate-looking), the attackers are able to obtain to confidential data and/ or financials for their personal gain.

According to the phishing e-mail:
“We have pushed an update that allows smooth sailing for all the MyEtherWallet users in the process of the upcoming hard fork. To make use of this update we request all users to sign in to their MyEtherWallet accounts and synchronize their wallets for continuous undisturbed use of our services.”

This scam states that Myetherwallet implemented an update and that they want users to click on an embedded link, unlock their account, and confirm their balances.

If someone clicked on the link they would be taken to a website that seemed identical to the legitimate site. Users also may have seen something strange, which is a small comma underneath the letter “t” in the address bar. The attackers used a Unicode trick that enables them to register domains that contain Unicode characters that look very similar to Latin characters.

If someone wrote their wallet password, the attackers would use this password to access the victim’s wallet and send the coins to their own wallet.