A sophisticated phishing campaign is targeting Bitpanda cryptocurrency users by impersonating security update alerts. The attack utilizes a deceptively similar lookalike domain to harvest not only login credentials but also sensitive personally identifiable information (PII) such as addresses and dates of birth, which can be leveraged for identity theft or further account takeovers.