Attackers use certain web optimization methods to redirect customers to phishing websites for handheld apps like Metamask and exchanges like Coinbase and Kraken. According to Netskope, these websites, created on Google and Microsoft Azure websites, trick customers into providing their personal data, allowing attackers to withdraw money from these providers.
Cryptocurrency phishing program Uses web optimization, Google and Microsoft Azure websites, according to Netskope
Netskope, a web-based security company, has identified a brand new type of cryptocurrency phishing scam that offers web optimization methods and bogus pages. According to a report by the company, throughout 2022 attackers were found to use blogs as software to distribute links to phishing websites.
On these blogs, attackers post hyperlinks with web optimization content which leads them to get excessive ranking in search engine queries. For this reason, the hyperlinks may be scrutinized by many people, which may lead them to imagine that they are referring to genuine crypto websites. Nonetheless, the hyperlinks lead customers to phishing websites which may be similar to crypto-based websites, just like the Metamask website.
Different websites also emulate exchanges like Coinbase, Gemini, and Kraken.
These phishing websites hosted on Google websites or using Microsoft Azure are designed to cheat customers and get their private data in two other ways. The main one is to acquire the non-public seeds of clients’ wallets by instantly asking them to import this information. This is the tactic that the phishing website Metamask currently uses.
The second concerns the acquisition of customer account data on any phishing trade. When customers enter their data, the websites return an error and ask them to contact a support operator who will try to find out more about the customers in order to get their funds efficiently.
Netskope strongly recommends that customers never enter their credentials after clicking on a hyperlink. Instead, always go to where you’re trying to connect. For organizations, we also recommend using a secure network gateway that can detect and block phishing in real time.
Phishing scams are not new to the world of cryptocurrencies. Binance detected and warned of a serious phishing scam involving text messages in February.
What do you think of the brand new phishing scheme, which incorporates web optimization, Google websites and Microsoft Azure hosted web pages? Tell us in the remark part below.
Image credit score: Shutterstock, Pixabay, Wiki Commons