Cybersecurity experts have identified a campaign of phishing targeting some of cryptocurrency exchanges the most popular such as Coinbase, Kucoin, Crypto.comas well as the wallet MetaMask.
A phishing campaign is currently taking place among cryptocurrency users. That’s according to cybersecurity experts at PIXM, who spotted it in 2021 when it only targeted Coinbase, before recently expanding to several other high-profile industry players such as Kucoin, Crypto .com and MetaMask. In this context, the crooks have hijacked the services of Microsoft Azure Web Apps to set up phishing sites.
Scammers use a chatbox, and if necessary the TeamViewer remote access software
Victims first receive a fraudulent email in the colors of the exchange asking them to confirm a transaction or indicating suspicious activity. Once redirected to the phishing site, users are asked to fill in their login credentials, then in the next step type in the code obtained by multi-factor authentication. In the case of MetaMask, this is the recovery phrase (seed) that is requested. This information is directly retrieved by hackers, who can launch the next phase.
An error message is then displayed, followed by the appearance of a customer support chat window in which the scammers directly engage in discussion with the victim. The conversation started will give them time to empty the user’s account, but also to obtain any additional information necessary for the transfer of funds. If the authentication code expires, you will be asked to generate a new one.
And if despite everything the scammers are unable to open the crypto account of their prey, they go to an alternative stage. In order to make their terminal a “trusted device”, they must convince their victim to download the TeamViewer remote assistance software, which allows remote access to computers. They then ask the owner of the crypto account to type their login information again, while adding a character in the password box to generate an error there. Then, they ask for the password to be copied into the TeamViewer chat, which allows them to log into the account on their computer. Thanks to this same software, they will be able to directly seize the link sent by email intended to make a computer the trusted device of the account, and obtain access to it.
Pay close attention to the email and the site, the best way to protect yourself from phishing
Scams are not an inevitable scam. To protect yourself against this, there are several specific points to which you must pay attention:
- Check that the email address and the URL of the site correspond exactly to the URL of the exchange;
- always be suspicious of emails with an alarmist tone;
- in case of doubt, go directly to the exchange site instead of clicking on the link provided by the email;
- and above all, never give anyone your authentication codes.
Source : BleepingComputer
1