Cybercriminals allegedly use fake versions of popular websites such as Coinbase, Gemini, Kraken, and MetaMask to attempt to empty victims’ bitcoin wallets.
According to Netskope, criminal groups use search engine optimization (SEO) techniques, which involve a large network of bots posting links to phishing pages on other websites (mainly blogs) to boost their rankings. in search engines such as Google.
In some cases, researchers claim that these fake websites are ranked higher than the copied legitimate sites.
How does the campaign work?
When the victim clicks on a malicious link, they are greeted by relatively realistic imitation websites hosted on Google Sites or Microsoft Azure, which often include detailed FAQs.
Using the popular MetaMask Crypto Wallet as an example, Netskope researchers said users would be directed to “Download Now” or “Login”, where the site will try to trick users out of their crypto wallet or username. user and password.
How can I avoid being compromised?
Netskope had some advice for those who don’t want to end up as the latest victims of phishing attacks.
This includes never entering credentials after clicking on a link, and instead always navigating directly to the site you are trying to connect to.
For organizations, Netskope also recommends using a secure web gateway to detect and block phishing.
This is unfortunately not the first time that crypto exchanges have been used as part of a scheme by cybercriminals, in fact, they seem to be getting more and more inventive.
A group of cybercriminals recently created a deep forgery of Binance’s Chief Communications Officer (CCO), Patrick Hillmann, to extort money from companies, attempting to convince them they were in the running for a listing on the crypto exchange .
- Want to prevent your organization from being compromised? Check out our guide to the best endpoint protection