In 2021 alone, hackers stole almost $14 billion worth of crypto, nearly twice the amount stolen in 2020. A significant percentage of the stolen funds was related to phishing attacks.
In this article: What’s behind a phishing scam, what are their forms, and how can businesses protect themselves?
Spear phishing is an email or messenger attack targeted toward a specific individual, organization, or business. It is often intended to steal data for malicious purposes. Phishers may also plan to install malware on a targeted user’s computer.
Attackers may use a public email account because creating a fake email with a public domain is much easier than a corporate one. An “official” email that ends in “@gmail.com” instead of “@companyname.com” should immediately arouse suspicion.
This attack happens when the attacker creates a replica of a legitimate email sent to the user in the past. The attacker replaces the original attachment or link with a malicious one and sends it to the victim. Since the email looks identical to those that are previously received by the victim, they are more likely to click on the link.
Whaling attack also known as CEO fraud, is a method used by phishers to masquerade as a senior player at an organization and directly target senior or other influential individuals at an organization, with the aim of stealing sensitive data or gaining access to their computer systems for attack purposes. A whaling attack doubles down on targeting specific individuals and posing as a senior member of an organization. Even the most high-profile companies become victims of whaling attacks. For example, Ubiquiti Networks lost $33 million after a payment request by a fraudulent CEO, while a Snapchat employee shared confidential payroll data after a fake email. In another example, Titanium Blockchain CEO deceived investors for $21 million by faking a PayPal partnership.
Airdrops campaigns can also be leveraged to carry out phishing attacks. For example, users can receive an email or social media message that some coin has been added to their wallet via an airdrop. The victim is then directed to a malicious exchange where the coin can be sold.
The website asks victims to connect their wallets and sign malicious transactions which can drain your wallet. A recent example of an airdrop phishing scam worth $8 million with a fake Uniswap. By manipulating the trade log, the scammer disguised airdrop as a tx coming directly from Uniswap. The victim received a fake airdrop of an lp token from the attacker disguised as a transaction coming directly from Uniswap. “Uniswap” appeared as the sender of the transaction on blockscan. The victim then wanted to claim the airdrop on the fake website and gave approvals. The attacker now had access to the victims’ funds.
Crypto users use different types of browser extensions like MetaMask wallet or other crypto wallets. While the wallet browser extension serves flexibility for crypto users, it also can be a target for attackers. Cybercriminals are using fake browser extensions of crypto wallets to steal users’ funds. The fake browser extensions can help in capturing log-in credentials (seed phrase or private key) of your wallet. You should be even more cautious when such extensions are promoted via Google Ads.
DNS hijacking is one of the hardest recognizable scams which might take a keen eye for detail to notice. DNS hijacking or DNS spoofing attacks related to hijacking websites’ DNS. The attackers replace the authentic website with a fake interface. Unsuspecting users can use their log-in credentials and their private keys on the fake website for swapping and trading NFTs thereby compromising their crypto assets. Decentralized exchange Curve Finance lost $612k in stablecoins after their website was DNS hijacked.
Ice phishing is a Web3 clickjacking attack that tricks users into signing or delegating the approval of the user’s token to an attacker. The smart contract user interface does not make it obvious to the victim that the transaction has been tampered with. All the attacker needs to do is modify the sender’s address to the attacker’s address and then wait for the victim to authorize the transaction, approving the attacker’s account. It means the “spender” can spend on the owner’s behalf.
In this case, the attacker was able to modify the smart contract by injecting a malicious script into the smart contract front end. Such an attack happened on the BadgerDAO exchange late last year when attackers leveraged ice phishing to steal cryptocurrency worth $120 million.
An evil twin phishing attack related to public Wi-Fi networks. Attackers set up a fake Wi-Fi network using the same name as a legitimate network. When victims connect to the network, they may enter their login credentials on any service, which the phishers can then use to gain access to their accounts.
Search engine phishing, commonly known as SEO poisoning or SEO Trojans, is a method where hackers work to become the top hit on a search using search engine optimizations. Clicking on the link displayed within the search engine directs you to the malicious website, identical to the original one. From there, attackers can steal your information when you interact with the site and enter sensitive data.
Web3 businesses are recommended to conduct these steps themselves, or they can rely on the professional expertise of security companies like Hacken. We provide comprehensive anti-phishing services as part of our social engineering package for crypto projects. Hacken has already saved Jibrel Network’s ICO and Nucleus Vision from real phishing attacks.
Be the first to receive our latest company updates, Web3 security insights, and exclusive content curated for the blockchain enthusiasts.
14 min read
Discover
10 min read
Discover
13 min read
Discover