Cory Klippsten, CEO of Swan Bitcoin, took to X, formerly known as Twitter, to alert followers about a new phishing scam targeting the platform’s users. The warning came after multiple reports surfaced of a spoofed “Data Breach Notice” email that was sent to recipients of Swan’s marketing emails, likely stemming from the 2022 Klaviyo and HubSpot data breaches.
Klippsten’s post read: “IT’S FAKE! Don’t send anyone your Bitcoin. @Swan will never ask you to send your sats to anyone.” He emphasized that Swan Bitcoin has not experienced a data breach and reiterated that any communication asking users to transfer their Bitcoin is fraudulent. Klippsten also advised caution, noting that many scams are successful because they target individuals when they are distracted or less vigilant.
He added, “It’s not very well done, but a good reminder to be careful out there. Most scamming succeeds when the target is drunk or high, and it is a US holiday…”
Phishing Scam Targets Swan Bitcoin Users
The Swan Bitcoin phishing email in question appears to have been crafted with the intent to trick users into sending Bitcoin to fraudulent addresses. The scam exploited previous data leaks from email marketing services Klaviyo and HubSpot in 2022, which affected numerous businesses, including Swan Bitcoin.
Several Twitter users quickly reported receiving the phishing emails. Alexander Meiklejohn (@zimmer0911) tweeted, “Yep- just got this phish. Better than some I’ve seen- the branding and grammar are better than most. Email was a dead giveaway though. Wondering if @swan can block transfers to the wallet they are giving to send to. F*** these scammers.”
Klippsten responded to this concern by explaining that each phishing email contained a unique Bitcoin address, making it impossible to block a single destination address and prevent further scams. “It’s a unique address for each email, unfortunately,” he replied, highlighting the sophisticated nature of the scam in adapting to each potential victim.
Mixed Reactions from the Community
The phishing attempt has stirred up mixed reactions among the Swan Bitcoin community. User @LtCrandog tweeted, “Just got it. Weird phishing email as not even really sure what they are trying to do. Gave the keys to a random wallet,” expressing confusion over the vague nature of the scam.
Others, like @BitcoinGrower, appreciated the quick action taken by Swan Bitcoin. He tweeted, “I just checked my email and saw this, came right here to make sure. You posted, and as always, you already taken care of your customers well done.”
Despite the alarm caused by the phishing attempt, the Swan Bitcoin team and its CEO have been proactive in addressing the issue and reassuring their users. Several followers praised Klippsten’s transparency and promptness in handling the situation.
An Important Reminder for Cybersecurity Vigilance
This incident serves as a crucial reminder for all cryptocurrency users to remain vigilant and skeptical of unsolicited communications, especially those requesting financial information or cryptocurrency transfers. Phishing attacks are a common tactic used by cybercriminals to steal sensitive information or cryptocurrency by masquerading as legitimate entities.
Users are advised to verify the authenticity of emails, particularly those that claim to be from financial institutions or digital asset companies like Swan Bitcoin. Simple steps such as checking the sender’s email address, looking for grammatical errors, and questioning any urgent requests for money can often reveal a phishing attempt.
Steps for Protecting Your Assets
To further protect themselves, users are encouraged to follow a few best practices:
- Enable Two-Factor Authentication (2FA): This adds an extra layer of security by requiring a second form of verification before accessing accounts.
- Be Skeptical of Urgent Requests: Scammers often create a sense of urgency to pressure victims into making quick decisions without verifying the source.
- Check Official Channels: Always cross-check with official websites or customer service to verify any suspicious emails or messages.
- Use Strong, Unique Passwords: Ensure all accounts are protected with strong, unique passwords that are changed regularly.