Cybercriminals are reportedly using fake versions of popular websites such as Coinbase, Gemini, Kraken, and MetaMask in an attempt to drain the bitcoin wallets of victims dry.
According to Netskope, criminal groups are using search engine optimization (SEO) techniques, that involve an extensive network of bots posting links to phishing pages on other websites (mainly blogs) to boost their rankings in search engines such as Google.
In some instances, the researchers claim these fake websites are ranking better than the legitimate sites being copied.
How does the campaign work?
When the victim clicks on a malicious link, they will be greeted by relatively realistic-looking imitation websites hosted on either Google Sites or Microsoft Azure, which will often include a detailed FAQ.
Using the popular Crypto wallet MetaMask as an example, Netskope researchers said users would be directed to either “Download now” or “Login”, where the site will try and dupe users out of their crypto wallet or their username and password.
How can I avoid getting compromised?
Netskope had some advice for those who don't want to end up as the latest phishing attack victims.
This includes never entering credentials after clicking on a link, and instead, always navigating directly to the site you are trying to log in to.
For organizations, Netskope also recommends using a secure web gateway to detect and block phishing.
This unfortunately isn't the first time that crypto exchanges have been used as part of a ploy by cybercriminals, in fact, these seem to be getting more inventive.
A group of cybercriminals recenty created a deep fake of Binance chief communications officer (CCO) Patrick Hillmann to extort money out of firms, attempting to convince them they were in the running for a listing on the crypto exchange.
- Want to avoid your organization becoming compromised? Check out our guide to the best endpoint protection