Threat Alert: Cryptomining-Themed Lures Steal Bitcoin Wallet Credentials

• A series of phishing messages purporting to be from a cryptocurrency mining platform.
• The emails allege the recipient must withdraw mined Bitcoin from the platform or risk having their account suspended. 
• The emails employ significant pressure on the recipient, claiming they only have 24 hours to act. 
• The lures contain a malicious URL that leads to a spoofed CryptoMining Panel page.
• Following the process to claim the purported Bitcoin leads to theft of login credentials and likely the balance of the user's Bitcoin wallet.

Key Action: Report Suspicious Emails 

• Beware of “too good to be true” offers. Emails claiming you have thousands of dollars worth of unclaimed Bitcoin are almost certainly a scam. 
• Remember cybercriminals take advantage of strong emotions. An email warning you to act quickly to collect a large sum of money can be extremely tempting. Keep in mind cybercriminals seek to capitalize on moments of anxiety and the difficulty in thinking clearly in such situations.
• Report ANY suspicious emails received in your UCSF email box using the Phish Alarm button.