CertiK Logo
CertiK Logo
Products
Blogs
Company
incident-response

Products & Technology

Featured Ecosystems

Company

English
Back to all stories
Technology
What Is a Phishing Attack? Tips on How to Protect Yourself
1/7/2022

Phishing attacks aren’t native to crypto and is a type of scam that is as old as the internet, but with crypto there are some new implications.

What Is a Phishing Attack? Tips on How to Protect Yourself

Phishing is a type of social engineering attack often used to steal user data, including login credentials and wallet info. The user is tricked into giving up their sensitive data, typically through a phishing website, in an attempt to trick a victim into disclosing sensitive information or connecting their wallet to a fake browser extension for example. The target of a phishing attack may be limited to an individual but in most cases the attacker’s broader goal is to compromise one or more systems the victim has access to. While the attacks have made their way to crypto, they affect the world outside of it as well. Studies show that 75% of organizations around the world experienced some kind of phishing attack in 2020, 96% of which came by email. 

Different Types of Phishing Attacks

1. Fake browser extensions

These days, especially in crypto, there are a ton of different browser extensions for various uses. One common and growing type of attack is scammers creating fake wallet extensions, similar to MetaMask, and stealing funds from users. Just because a web browser, such as Chrome, adds an extension does not make it legitimate! If downloading a crypto extension, be sure to check its profile page to ensure it has plenty of reviews and comes from a trusted developer. 

2. Fake Apps

Another common way scammers trick cryptocurrency investors is through fake apps available for download through Google Play and the Apple App Store. Thousands of people have already downloaded fake cryptocurrency apps, reports Bitcoin News. Just a few months ago there was a fake SaitaMask app on the Google Play Store after Saitama had grown rapidly and users were awaiting the real SaitaMask app. Some things to consider or watch out for when downloading such an app, are there obvious misspellings in the copy or even the name of the app, does the branding look inauthentic with strange coloring or an incorrect logo, and more. If so, take note and reconsider downloading.

3. DNS hijacking

Some phishing schemes are more sophisticated than others. Take DNS hijacking attacks for example. With this decades-old scam, cybercriminals hijack legitimate websites and replace them with a malicious interface, before phishing users into entering their private keys on the fraudulent domain. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards. 

Real-World Examples

In 2021 thousands of Coinbase users fell victim to this kind of attack. According to Bloomberg, over 6,000 Coinbase customers lost money to the scammers. The attackers sent Coinbase users emails, pretending to be from Coinbase and asking them to submit long-in credentials. The emails pretended that the user's account had been locked and another with a fake URL that captured user login information when clicked. One message contained an app that then gave the criminals access to people's email accounts. Once the attackers had stolen the Coinbase login details or accessed people's email accounts, they could then go on to steal their funds.

Many phishing emails and text messages also come from scammers pretending to be from hardware wallet providers such as Trezor, or even exchange platforms, in an attempt to induce the recipient to ‘update’ their seed phrase or change their password, after which the thief can steal log-in credentials and drain the wallet in question. 

BleepingComputer reported earlier in 2021 that threat actors hijacked Bitcoin.org, the authentic website of the Bitcoin project, and altered its parts to push a cryptocurrency giveaway scam that unfortunately some users fell for. Although the hack lasted for less than a day, hackers seem to have walked away with a little over $17,000.

How to Protect Yourself

  • Don't click on links in emails, even if they seem to come from a reputable source. Instead, bookmark URLs to sensitive sites, that way you'll always know you're going to a real site and not a fake one designed to steal your data.

  • Look carefully at the content of the messages. Be on the look out for obvious typos, errors in the logo, and suspicious email addresses that don't seem quite right. A crypto platform will not contact you from a Gmail address.

  • Use two-factor authentication (2FA). This extra layer of security adds an additional verification step, such as a code you receive by SMS or email. Many sites also use apps that generate authentication codes.

  • Don’t reuse passwords. As tempting as it may be, using the same password for multiple websites/logins makes you far more vulnerable if you become a victim. A study showed that 53% of people admitted to using the same password for multiple accounts. To help this, you can install a password manager on your computer or create your own system that helps you generate and remember them all.

Related Stories
Crime Incorporated: CryptoGrab's UK Business Registration
Blogs
Incident Analysis
A cryptocurrency scamming group, CryptoGrab, has taken the bold step of registering as a private company in the UK. CryptoGrab offers various phishing services targeting cryptocurrency users, including the Nova Drainer and more traditional seed phrase phishing techniques. It is not uncommon for malicious actors to register fraudulent entities in the UK due to the relative ease in which companies can be registered. The group has stated in Telegram that this gives them access to platforms such as Binance and eToro. We have reported this organization to Action Fraud and Companies House in the UK. This blog aims to highlight the activities of this threat group and suggest ways to protect your assets.
2/27/2024
Trap Phishing on Trusted Platforms: A New Phishing Trend in The Web3 World
Blogs
Case Study
We have identified a new active form of phishing in the Web3 ecosystem. It involves putting phishing traps in influential platforms like exchanges and marketplaces to broaden the reach and credibility of phishing sites. The phishing traps can be in the form of web3 project job advertisements, airdrops, and NFT sales from faked project sites.
1/10/2024
Uncovering and Resolving a Cross-Site Scripting Attack in a Popular Wallet Protocol
Blogs
Incident Analysis
We discovered an XSS vulnerability in WalletConnect's Verify API, which could have been manipulated to create a convincing phishing site.
12/17/2023
CertiK Logo
SOC
© 2024 by CertiK. All Rights Reserved.
Products & Technology
Smart Contract AuditSkynetSecurity ScoreKYCPenetration TestingBug BountyFormal VerificationAdvisory ServicesSkyHarborSkyInsights
Company
AboutVenturesBlogCareersDisclaimerPrivacy PolicyCookie PolicyTerms and ConditionsTrust and Security
Social Media
CertiKSecurity LeaderboardCertiK AlertTelegramYoutube
MediumLinkedIn
Wechat
Discord
MediumLinkedIn
Wechat
Discord
© 2024 by CertiK. All Rights Reserved.
;