A sophisticated phishing campaign impersonating cryptocurrency brokerage Bitpanda has been uncovered by cybersecurity researchers, according to Cofense Phishing Defense Center. The operation combines credential theft with extensive personal data harvesting, using a near-perfect replica of the legitimate platform to deceive users.
Analysts say the campaign goes beyond login harvesting by guiding victims through a staged, fake multi-factor authentication process designed to collect multiple forms of personally identifiable information. The attack begins with an email styled to resemble official Bitpanda communications, complete with familiar branding and layout, directing victims to a fraudulent website via a “Start Update” button.
After credentials are entered, victims are driven through additional verification screens requesting first and last name, telephone number, residential address and date of birth, with each step framed as part of an MFA process. The site then redirects users to the legitimate Bitpanda login page, and the malicious domain had reportedly been created only days before analysis.