Cryptocurrency Phishing
Now everyone has probably heard about such a concept as cryptocurrency or Bitcoin. This topic is one of the most popular and discussed today. About “crypt” they say everywhere: on the Internet, on television, on the radio, with family and friends, etc. Naturally, the attackers also laid eyes on this area, and again we have to talk about the methods of hacker attacks. One of these methods is phishing cryptocurrency.
Phishing itself is an Internet attack, the essence of which is deceiving the recipient with the goal of acquiring personal data such as usernames, passwords, bank details, etc. The organizer of such an attack constitutes a believable letter, which should convince the target that the sender is a reliable organization or person, and sends it via Internet mail or social networks.
For the most successful and effective phishing, cybercriminals follow these steps:
Less suspicion will cause the user who confidently and correctly uses the terminology of society than the one who has no idea what he is talking about. Or a member of the forum whose account was created long ago and has a large number of "correct" posts will be easier to trust than the one who created the profile on the portal a couple of days ago.
')
Taking into account the above steps, you can imagine how much effort can be invested in a quality operation for the acquisition of other people's personal data. What makes you think that even now phishing can be a real threat.
In 2014, more than 120,000 unique phishing attacks around the world were carried out, posing as any brand or organization. All this has resulted in billions of emails. In January 2015, PhishTank, a public anti-phishing reporting service managed by OpenDNS, received more than 35,000 verified domains used for phishing. Estimates by Symantec showed that each of the 392 emails distributed throughout the world during 2013 were phishing emails, the purpose of which was to obtain data for access to accounts in different forums and social networks. networks on the Internet.
There are several possible methods of phishing attacks on cryptocurrency.
This method, according to statistics, is the most common. The attackers on behalf of various websites and exchanges associated with cryptocurrency, send alleged letters to the victims, which contain links, when you go to which trusting users enter the account data of their wallets. These letters may be in the form of security alerts, in which you are invited to change the password to a new one; in the form of surveys, one way or another connected with the world of cryptocurrencies. In addition, for the passage of these surveys are often offered a monetary reward, which further attracts the attention of account holders.
These messages outwardly look neat, do not contain grammatical or spelling errors because of this can be perceived as "correct", that is, addressed to reliable sources.
Not so long ago, the attackers came up with a new scheme of cheating the owners of cryptocurrency. It is structured approximately as follows. Scammers find active and growing popularity of communities on various exchanges, supposedly create its official Facebook page, then customize the design to most closely resemble this forum. The address of a fake page is usually similar to the main one; one letter or sign can be changed.
Due to the fact that the function of sending messages to users on behalf of the group is limited on Facebook, the attackers use a clever trick. On the page of the created group, the owners create a post with the indication of the names of the participants and the attachment of their photo, while indicating links to these users. Also attached is a link with a site similar to the original one, on entering which you allegedly can take the winnings. Delighted "winners" go to the site and enter their data.
Also, the thieves of the "crypt" can carry out more sophisticated frauds: the text contains information that the user is among, for example, 100 lucky people who for their loyalty to this cryptoplatform receive an award of 20.72327239 (yes, that’s the exact number) of units cryptocurrency. And, of course, a link where you can get a reward.
The message also contains the painted terms for obtaining coins (a certain number of transactions on this platform), which is impressively accurate, not an excessively high, but quite an attractive amount (20.72327239 coins from the current exchange rate example is about $ 100-200) and generally looks quite plausible.
Another way to cheat are scammers' schemes with proposals to transfer Bitcoins or their part to a separate wallet with the further possibility of allegedly receiving a percentage of this amount. It may seem that this method has already been “banned” and no one will seriously accept such a proposal, but as practice shows, people remain deceived even in such seemingly ridiculous ways.
In connection with the popularization of social network applications (such as Telegram, Viber, WhatsApp, etc.), the attackers send their forces to them. In these sources, cases of fraud and embezzlement of accounts of cryptocurrency holders have been increasingly recorded. Separate groups or chats are created with owners of cryptocats, in which communication takes place, discussion of various information related to the activity of crypto-lovers. At one point, the creators of this group themselves throw off the false pages of cryptocurrency exchanges, in which gullible users leave their data.
According to experts, the activity of phishers cryptocurrency for the last quarter increased by 29% compared to the previous one. This once again confirms the need for a responsible attitude to the security of their accounts.
It is necessary to understand that cryptocurrency exchanges are not any charitable foundation and simply do not give out money to everyone in a row and the winner, thanks to the phishing attacks, becomes the loser.
You should always check the correctness of the specified links and in no case pass on suspicious ones. It would be much safer to manually enter a link to an already verified website in the browser’s line.
Also, Facebook users need to be responsive to the privacy settings of their accounts in order not to be hooked by scammers.
Phishing itself is an Internet attack, the essence of which is deceiving the recipient with the goal of acquiring personal data such as usernames, passwords, bank details, etc. The organizer of such an attack constitutes a believable letter, which should convince the target that the sender is a reliable organization or person, and sends it via Internet mail or social networks.
For the most successful and effective phishing, cybercriminals follow these steps:
- firstly, the attack objectives are clearly defined. Most of the "phishers" aim at obtaining bank data, Internet accounts or more detailed information about the object;
- further, the target group in which the object of attack is located is determined;
- Obviously, the following is a search for information on this group and its analysis in order to obtain the necessary data that will help make the attack more reliable and less suspicious;
- fourthly, the organization of the contents of the letter is compiled, using the steps performed earlier. It is necessary not only to create the necessary conditions under which the target of phishing will provide all the necessary data, while not causing her suspicions;
- the last in order, but by far the most important, is getting a link to the victim of the attack. This step also includes creating in the messages the atmosphere of the group to which the goal belongs and tries to present itself as “their own” in this topic. What is logical.
Less suspicion will cause the user who confidently and correctly uses the terminology of society than the one who has no idea what he is talking about. Or a member of the forum whose account was created long ago and has a large number of "correct" posts will be easier to trust than the one who created the profile on the portal a couple of days ago.
')
Taking into account the above steps, you can imagine how much effort can be invested in a quality operation for the acquisition of other people's personal data. What makes you think that even now phishing can be a real threat.
In 2014, more than 120,000 unique phishing attacks around the world were carried out, posing as any brand or organization. All this has resulted in billions of emails. In January 2015, PhishTank, a public anti-phishing reporting service managed by OpenDNS, received more than 35,000 verified domains used for phishing. Estimates by Symantec showed that each of the 392 emails distributed throughout the world during 2013 were phishing emails, the purpose of which was to obtain data for access to accounts in different forums and social networks. networks on the Internet.
There are several possible methods of phishing attacks on cryptocurrency.
1. Spam mailing
This method, according to statistics, is the most common. The attackers on behalf of various websites and exchanges associated with cryptocurrency, send alleged letters to the victims, which contain links, when you go to which trusting users enter the account data of their wallets. These letters may be in the form of security alerts, in which you are invited to change the password to a new one; in the form of surveys, one way or another connected with the world of cryptocurrencies. In addition, for the passage of these surveys are often offered a monetary reward, which further attracts the attention of account holders.
These messages outwardly look neat, do not contain grammatical or spelling errors because of this can be perceived as "correct", that is, addressed to reliable sources.
2. Facebook as a way to deceive crypto owners
Not so long ago, the attackers came up with a new scheme of cheating the owners of cryptocurrency. It is structured approximately as follows. Scammers find active and growing popularity of communities on various exchanges, supposedly create its official Facebook page, then customize the design to most closely resemble this forum. The address of a fake page is usually similar to the main one; one letter or sign can be changed.
Due to the fact that the function of sending messages to users on behalf of the group is limited on Facebook, the attackers use a clever trick. On the page of the created group, the owners create a post with the indication of the names of the participants and the attachment of their photo, while indicating links to these users. Also attached is a link with a site similar to the original one, on entering which you allegedly can take the winnings. Delighted "winners" go to the site and enter their data.
Also, the thieves of the "crypt" can carry out more sophisticated frauds: the text contains information that the user is among, for example, 100 lucky people who for their loyalty to this cryptoplatform receive an award of 20.72327239 (yes, that’s the exact number) of units cryptocurrency. And, of course, a link where you can get a reward.
The message also contains the painted terms for obtaining coins (a certain number of transactions on this platform), which is impressively accurate, not an excessively high, but quite an attractive amount (20.72327239 coins from the current exchange rate example is about $ 100-200) and generally looks quite plausible.
3. The ability to exaggerate your balance
Another way to cheat are scammers' schemes with proposals to transfer Bitcoins or their part to a separate wallet with the further possibility of allegedly receiving a percentage of this amount. It may seem that this method has already been “banned” and no one will seriously accept such a proposal, but as practice shows, people remain deceived even in such seemingly ridiculous ways.
4. Messengers as ways to cheat
In connection with the popularization of social network applications (such as Telegram, Viber, WhatsApp, etc.), the attackers send their forces to them. In these sources, cases of fraud and embezzlement of accounts of cryptocurrency holders have been increasingly recorded. Separate groups or chats are created with owners of cryptocats, in which communication takes place, discussion of various information related to the activity of crypto-lovers. At one point, the creators of this group themselves throw off the false pages of cryptocurrency exchanges, in which gullible users leave their data.
According to experts, the activity of phishers cryptocurrency for the last quarter increased by 29% compared to the previous one. This once again confirms the need for a responsible attitude to the security of their accounts.
It is necessary to understand that cryptocurrency exchanges are not any charitable foundation and simply do not give out money to everyone in a row and the winner, thanks to the phishing attacks, becomes the loser.
You should always check the correctness of the specified links and in no case pass on suspicious ones. It would be much safer to manually enter a link to an already verified website in the browser’s line.
Also, Facebook users need to be responsive to the privacy settings of their accounts in order not to be hooked by scammers.
Source: https://habr.com/ru/post/348006/
All Articles