A company providing service-as-a service solutions, detected that the 12,000 messages part of this campaign received a 2.7% click rate, which is more than the percentage of Bitcoin users in the general population.
Emails used in the campaign follow the classic phishing recipe, alerting of a suspicious sign in attempt, from a user located in China. To make sure that the account stays secure, a password reset is recommended, and the link to doing this is provided at the end of the message.
If the victims access the password reset link, they will automatically land on a phishing site impersonating the Blockchain log-in page; any information entered in the fields is sent directly to the phishers. To mask the deceit, after the details are delivered to the crooks, the victim is displayed an error message.
This type of campaign is generally used for collecting banking credentials, but it appears that if the Bitcoin theme is applied for good success. It proves that malicious campaigns can have significant impact with little effort from cybercriminals.