Phishing Attacks Target Two-Factor Authentication Codes of Cryptocurrency Exchanges

news

A new phishing attack targeting users of cryptocurrency exchange CoinSpot, with the ultimate goal of stealing factor authentication (2FA) codes, has been found to be deployed.

With cryptocurrencies all the rage, it was only a matter of time before threat groups planted exploits that took advantage of this temptation, according to Cofense Phishing Defense Center (PDC) analysts. Analysts have seen a steady increase in crypto-themed phishing attacks.

These attacks replicate the domain of crypto exchanges and two-factor authentication (2FA) prompts. The attack groups are scamming by indicating that individual accounts may have been fraudulently withdrawn.

Specifically, it sends an email from a Yahoo address that mimics an actual email from CoinSpot asking the recipient to confirm or cancel a withdrawal transaction.

These phishing messages also contain details such as transaction amounts and bitcoin wallet addresses.

If you click on the button embedded in the email, you will be taken to a phishing landing page that replicates the CoinSpot login page and uses a domain name that the target is likely to mistake.

The phishing email sent to users of “CoinSpot” has a seemingly authentic template, and even includes a bitcoin address for added legitimacy.

The user is asked if he wants to confirm or cancel the withdrawal, but both links have the same SendGrid hyperlink

They also use digital certificates to increase the “authenticity” of the phishing page, adding a key symbol in the URL address bar as proof of a trusted site, leading the user to believe that they have reached CoinSpot’s legitimate and secure login form.

On the landing page, victims are prompted to enter their account credentials for the phishing site, supposedly to confirm or decline the transaction.

Entering this will take you to a page with two-factor authentication, a defense against account hijacking.

After entering the 2FA code, the victim will be redirected to the official CoinSpot website, which is a way to reduce the possibility of suspicion.

The attacker can then use the account credentials and the stolen 2FA code to take over the victim’s account.

Keeping your cryptocurrency safe

With the constant influx of inexperienced and gullible users investing in cryptocurrencies, the number of threat actors targeting the sector continues to grow.

This year we have seen a variety of methods and tricks by phishers and scammers including smishing scams, support scams, fake giveaways and malicious Google ads.

Even if the phishing email looks legitimate in this case, the fact that it is coming from a Yahoo email address is a clear sign of a phishing scam.

If you receive an email with a call to action, calmly check the sender’s address and other basic elements for anything unnatural.

Also, do not click on the button embedded in the email, even if it appears to be real. Instead, open a new tab in your browser, visit the official site manually, log in to your account, and check for any alerts or messages that need your attention.

Just a moment...

It is always important to exercise caution when trading on digital currency exchanges. Below are a few recommendations.

Prepare your email address

Instead of using your work or personal email address, prepare a separate email address dedicated to your CoinSpot account.

Communications with CoinSpot should be treated as confidential, especially if you have provided any personal or account information via email. Please consider permanently deleting correspondence from the inbox of your email account.

Do not store personal documents in email (e.g., driver’s license details, passport photos, etc.).

These could be used to steal your personal information.

If you are not sure about a link or file attached to an email, do not click on the link or download the file, simply delete the email.

Managing Passwords and 2FA (Two-Factor Authentication)

Use complex passwords for your email and accounts. You can use a random password generator (such as Lastpass) to save your passwords.

Don’t give out your 2FA code, username and password, or any sensitive information to anyone over the phone or via email; CoinSpot will never request this information over the phone or via email.

Please print out the recovery code and keep it safe in case you need to deploy 2FA on other devices.

Protecting your coins

Keep your coins and tokens on your own storage device.

Please do not send coins or tokens to anyone you do not trust 100%. Once a transaction is sent, it cannot be reversed.

Anyone who approaches you with the promise of a special return is likely to steal your funds. You would never give cash to a stranger, would you?

Keep your device secure

Under no circumstances should you allow others to remotely access your device. A common example of remote access is to install software such as Anydesk.

Keep your apps and installed software up to date, and make sure they are regularly updated to the latest versions.

Comments

タイトルとURLをコピーしました