The development of cryptocurrency is not only attracting investors, but also cybercriminals seeking to boost their profits, according to the latest insights from cybersecurity firm Kaspersky Lab.
According to the firm, cryptocurrency phenomenon and the growth of a keen audience of cryptocurrency owners was never going to go unnoticed by cybercriminals.
During the first half of 2018, Kaspersky Lab products blocked more than a hundred thousand triggers related to cryptocurrencies on fake exchanges and other sources. With each attempt, criminals have been trying to involve more and more unsuspecting users in fraudulent schemes.
To achieve their nefarious goals, cybercriminals, typically use classical phishing techniques, however these often go beyond the ‘ordinary’ scenarios we have become familiar with. By drawing inspiration from ICO (initial coin offering) investments and the free distribution of crypto coins, cyber criminals have been able to profit from both avid cryptocurrency owners and rookies alike.
Some of the most popular targets are ICO investors, who seek to invest their money in start-ups in the hope of gaining a profit in the future. For this group of people, cybercriminals create fake web pages that simulate the sites of official ICO projects, or try to gain access to their contacts so they can send a phishing email with the number of an e-wallet for investors to send their cryptocurrency to. The most successful attacks use well-known ICO projects.
Another sought-after trend involves cryptocurrency giveaway scams. The method of choice involves requesting that victims send a small amount of cryptocurrency, in exchange for a much larger payout of the same currency in the future. Criminals have even used the social media accounts of well-known individuals, such as business magnate Elon Musk and the founder of Telegram messenger Pavel Durov. By creating fake accounts or replying to tweets from legitimate users through fake accounts, criminals are able to confuse Twitter users into falling for the scam by clicking on replies from fraudulent accounts.
According to Kaspersky Lab’s rather rough estimates, criminals managed to earn more than 21,000 ETH (The Ether cryptocurrency, which uses blockchain generated by the Ethereum platform) or over $10 million at the current exchange rate using the above described schemes over the past year. This sum doesn’t even take into account classic phishing attacks or examples involving the generation of individual addresses for each victim.
“The results of our research show that cybercriminals are adept at keeping up to date and developing their resources to achieve the best possible results in cryptocurrency phishing. These new fraud schemes are based on simple social engineering methods, but stand out from common phishing attacks because they help criminals make millions of dollars. The success criminals have enjoyed suggests that they know how to exploit the human factor, which has always been one of the weakest links in cybersecurity, to capitalise on user behaviours,” said Nadezhda Demidova, Lead web content analyst, Kaspersky Lab.
To protect their cryptocurrencies, Kaspersky Lab researchers advise users to follow a few simple rules:
- Remember that there is no such thing as a free lunch and treat offers that seem too tempting to be true with skepticism.
- Check official sources for information regarding the free distribution of cryptocurrencies. For example, if you see information about the distribution of coins on behalf of the recently hacked Binance blockchain ecosystem, go to the official source and clarify this information.
- Check if any third-parties are linked to the wallet transaction to which you plan to transfer your savings. One way of doing this is through block chain browsers such as etherscan.io or blockchain.info, which allow users to view detailed information about any cryptocurrency transaction and identify if the particular wallet may be dangerous.
- Always check the hyperlink addresses and data in the browser address bar. It should be, for example, “blockchain.info’, not “blackchaen.info”.
- Save the address of your e-wallet in a tab and access it from there – in order to avoid making a mistake in the address bar and accidentally going to the phishing site instead.