Crypto Shuttle News

Tag: phishing

  • Security PSA: Airdrop Phishing Campaign

    Security PSA: Airdrop Phishing Campaign

    [ad_1]

    By Coinbase Security Team

    As a part of our mission to build a safe and open financial system, we actively monitor for any security threats not only to Coinbase but to the crypto ecosystem as a whole. As we have discussed in our previous blog post on industry-wide crypto security threats, malicious threats against any crypto user or business are bad for the industry. With this community mindset, we do our best to inform and to defend our community from bad actors.

    Over the past month, Coinbase Threat Intelligence, Special Investigations, and Global Intelligence teams have been tracking an ongoing phishing campaign on Ethereum, Polygon, Binance Smart Chain, and other EVM-compatible platforms which has unfortunately resulted in the theft of more than $15M in various crypto assets to date. The phishing campaign does not affect customers who custody funds on Coinbase.com. However, anyone who uses self-custody wallets (e.g. Coinbase Wallet, Metamask, etc.) may be at risk.

    The campaign works by airdropping fictitious coins into victim wallets and enticing them to visit specially-crafted malicious websites. Below is an example of one such coin:

    Source: Polygonscan

    When users attempt to interact with the airdropped tokens such as transferring them to a Decentralized Exchange (DEX), they are presented with an error message encouraging them to visit a malicious phishing website:

    Source: Polygonscan

    The website presents users with a Decentralized Application (DApp) interface supposedly meant to connect their wallets and approve trading of the airdrop tokens. However, when users approve any transactions on the phishing website, in reality they are unknowingly approving a transfer of their personal tokens to the scammers.

    Source: Phishing Site

    The scammers change airdrop token names and phishing websites frequently to evade blocklists; however, they still use the same tactics to steal tokens using fake airdrops and malicious Dapps. Nevertheless, you can take the following security steps to defend your assets:

    • Be wary of airdrop tokens received from an unknown source. It is highly likely these unsolicited tokens are part of a phishing campaign.
    • Do not visit or connect self-custody wallets to any websites advertised by airdropped tokens through error messages, token names, or other methods.
    • Do not interact with airdropped tokens (e.g. approving, transferring, swapping, etc.). As annoying as it sounds, it’s best to just leave them sitting in your wallet.
    • Do not hold high value assets in the same wallet used to regularly interact with Dapps. Use cold storage or custodial solutions such freely available Coinbase Vault or Custody.

    Coinbase is working with industry partners to help limit the damage caused by the scam and we are planning to publish a more detailed analysis of the campaign in the near future.

    Security PSA: Airdrop Phishing Campaign was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

    [ad_2]

    Source link

  • What you need to know about SMS phishing attacks

    What you need to know about SMS phishing attacks

    [ad_1]

    Protect your account from one of the most commonly used cyber attacks

    By Coinbase Security team

    The Coinbase Security team observes cybercriminals employing a wide range of tactics and techniques to target the accounts of crypto holders. One of the most commonly used tactics is SMS phishing.

    If you believe you’ve received an SMS phishing attack, take these first three steps:

    1. Do not click the link!
    2. Copy the message and send it to 7726 (SPAM), a short-code service established by US-based cell phone carriers to help them detect and block malicious messages on their network
    3. Take a screenshot of the message and send it to security@coinbase.com

    What is SMS phishing?

    Phishing is a type of online attack in which a cybercriminal impersonates a legitimate entity or authority and attempts to deceive their target into clicking on a malicious link or attachment. This can enable hackers to steal their victim’s sensitive information or infect their device with malicious software.

    You may already privy to email-based phishing attacks, in which the attacker delivers a phishing message via email. However, in recent years, attackers have adopted a new type of delivery method — SMS, otherwise known as text messages.

    SMS phishing, also known as “smishing”, is a type of phishing attack in which an attacker will spam malicious messages and links to hundreds or even thousands of cell phone numbers to deceive the recipients into taking some action that is against their best interest.

    For crypto holders, the intent is to gain access to the recipient’s crypto wallet or account so that they can steal their funds. SMS phishing is largely problematic in crypto for two reasons:

    1. Cybercriminals have an ever-growing incentive to steal crypto assets due to their unprecedented growth in monetary value, and
    2. Crypto asset transactions are irreversible once the transaction has been confirmed and written onto the blockchain ledger.

    If you’re invested in crypto, or even considering it, we strongly encourage you to take the time to understand how to identify this common threat and what to do if you receive one of these messages.

    How to identify SMS phishing

    Phishing messages can be easily detected 99.9% of the time by completing three simple checks. Let’s use the Coinbase SMS phishing message below as an example for this lesson:

    1. The Sending Number. One of the first things to check is the phone number from where the message was sent. By doing a quick Google search, you will find that this phone number is likely associated with a scam — your first red flag.
    2. The Message. Grammar mistakes are often a red flag indicating the message is likely a scam. If there are no grammar issues, check the intent of the message. Phishing messages will often attempt to tap into your emotions by either creating fear or excitement. If you receive a message that is emotionally triggering, either good or bad, it may be a phishing message and should be a red flag.
    3. The Link. Lastly, always be sure to examine the link. Plain and simple, if the link does not contain the domain Coinbase.com, it is phishing.

    What to do if you receive an SMS phishing message

    Now that you’ve got the tools to detect SMS phishing messages, the question remains — what should you do if you receive an SMS phishing message?

    Luckily, the right response to protect yourself is easy: Do not click the link!

    You can also copy the message and send it to 7726 (SPAM). 7726 is a short-code service established by US-based cell phone carriers like AT&T, Verizon, Sprint, or T-Mobile. By sending a copy of the SMS phish to 7726, you can help mobile carriers detect and block malicious messages on their network.

    Lastly, take a screenshot of the message and send it to security@coinbase.com. You’ll be enabling our Security team to investigate the phishing link and submit abuse reports to organizations that can help have the phishing site taken down.

    As cryptocurrency grows in popularity, cybercriminals will continue to innovate and attempt to discover new ways to gain access to your investments. Coinbase Security continues to keep our customers abreast of new threats as they arise. However, it is also imperative that you take the security of your account into your own hands. If you’d like to learn more about account security best practices, review our guide on how to keep your crypto secure.

    Additional examples of SMS phishing

    • The phone number is largely unknown according to Google
    • The message has a grammar issue and is trying to invoke a fear response of unauthorized account access
    • The link is not Coinbase.com. The domain in this link is what’s known as an Internationalized Domain Name (IDN). Take note of the special character accent on the “b”. Attackers will often use IDNs in phishing attacks since the letters can so closely resemble the word Coinbase.
    • The phone number is abnormally long and suspicious
    • The message has many grammar issues and is trying to invoke excitement by indicating receipt of 21 BTC
    • The link is not Coinbase.com
    • The phone number is largely unknown according to Google
    • The message is trying to invoke excitement by indicating receipt of 0.59 BTC
    • The link is not Coinbase.com (notice the link actually goes to the domain ssl-coinbase[.]com)

    What you need to know about SMS phishing attacks was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

    [ad_2]

    Source link