Under a phishing attack, the attacker disguised as a trusted entity and sends the user a message or an email that contains a malicious link. As and when the user clicks on the link, they either asked to enter their personal data or new window initiates the installation of malware.
The system message asks the user to make a security update to Electrum 4.0.0. However, the platform does not have any 4.0.0 version, its latest and current version of the wallet is Electrum 3.3.3. The platform took to Twitter, informing its users about the scam.
The latest version of Electrum (version 3.3.3) will notify users when a new release of Electrum is available. Release announcements are signed by us, and verified by Electrum using a hardcoded Bitcoin address. This feature is optional and can be disabled. https://t.co/Y2DXoUyOgk
— Electrum (@ElectrumWallet) January 26, 2019
Interestingly, another Reddit user pointed out in the thread:
“That’s interesting, because this is the second cluster of reports of the same phishing, and the first one was at the end of December 2018. The thief might have 100 GitHub accounts”
“versions of Electrum older than 3.3.3 are vulnerable to a phishing attack, where malicious servers are able to display a message asking users to download a fake version of Electrum.”The cryptocurrency wallet went on to warn its users, to not to download software updates from other sources.