Bitcoin [BTC] owners at risk; Google’s email security lead says, our data is all over the place

Google’s email security lead Mark Risher, who oversees email fraud, abuse and identity issues, spoke about how people had to readdress the issue regarding threats to their email accounts, in a recent interview with CNBC.

He spoke about individuals bragging about holding a lot of Bitcoin [BTC]s on various public message boards and how that could make them a vulnerable target to scammers. Mark stated that many scammers research potential victims through social media and other sources before approaching them.

Mark oversees the company’s initiatives to protect Gmail and other Google properties against cyber attacks. He said:

“It could just be a case of mistaken identity or guilt by association. They could be using someone who seems to be low value to pivot toward somebody considered a higher value target, like somebody political in nature….. Or maybe they saw that you were discussing Bitcoin on a public message board.”

Risher stated that in such cases, the attackers would get access to social profiles or email accounts of individuals and use it to fish out valuable information. Attackers would also break into financial accounts or cryptocurrency wallets of individuals and reset their password.

The email security lead opined that people who hold cryptocurrencies in digital wallets had become a common target to attackers. Many of the victims are often those who have been actively posting on public message boards through which attackers attempt to get access to their email accounts. He further stated that many cryptocurrency wallet providers would allow users to reset their digital wallet through email to get access. Attackers used the email reset option and open the wallets to steal cryptocurrency.

According to Mark, scam messages are not like the decade-old email scams. Attackers do vigorous research on the victim, making the email attack indistinguishable from the personal messages we receive from friends or family. He added that people tend to contribute to this growth by forgetting about the email addresses, message board posts, and social media accounts created by them. Thus, the amount of data we share grows and scam messages would seem authentic. Criminals were also targeting executives at prominent businesses or political figures by finding the people who work with them or were connected to them.

Recently, the official MEGA chrome extension was compromised, allowing attackers to access saved passwords, usernames, and cryptocurrency wallet addresses of individuals from Amazon, GitHub, Google, and Microsoft portals.