Kaspersky has uncovered a phishing campaign targeting cryptocurrency users around the world. The schematic shows the ever-evolving tactics used by cybercriminals, reflecting the growing appeal of cryptocurrencies. During the spring of 2023 alone, Kaspersky solutions detected and disrupted more than 85,000 fraudulent emails, from both hot and cold wallets. Kaspersky provides a detailed report that reveals the complexities of these two different email attack techniques and clarifies the differences in hot and cold cryptocurrency storage methods.
With over 400,000,000 cryptocurrency wallet owners around the world, as reported by Crypto.com, the rise in popularity of hot wallets stems from their accessible nature. Online storage services such as cryptocurrency exchanges and dedicated apps have become prime targets for cybercriminals due to their constant internet connectivity.
Phishing attacks targeting hot wallet users generally employ relatively simple tactics, often exploiting non-technical individuals. Malicious actors impersonate known crypto exchanges via fraudulent emails, urging users to validate transactions or reconfirm the security of their wallets. Unsuspecting victims who click on the links are redirected to fake web pages that ask them to enter their seed phrase, an essential for wallet recovery. By gaining access to the seed phrase, scammers can take control of the victim's wallet and transfer funds to their own accounts.
By contrast, cold wallets are completely offline storage systems, like a dedicated device or even a private key written down on paper. Hardware wallets are a common type of cold wallet. They have gained favor with users who store significant cryptocurrency holdings due to their enhanced security measures. However, Kaspersky researchers recently uncovered a targeted phishing campaign specifically to exploit cold wallet owners. This campaign kicks off with an email disguised as a major cryptocurrency exchange, Ripple, luring recipients with the promise of entering a giveaway for XRP tokens.
Instead of directing victims to a phishing page, the scammers employ a more sophisticated technique by creating a deceptive blog post that imitates Ripple's website design.
This blog offers users the opportunity to participate in a draw for XRP tokens, the platform's internal cryptocurrency, by following the specified link. After following the link to a fake Ripple page using a domain name that closely resembles the official Ripple domain (a Punycode phishing attack), victims are prompted to connect their hardware wallets, such as Trezor or Ledger , to the scam website. This interaction allows scammers to gain access to victims' accounts and initiate fraudulent transactions.
As of spring 2023, Kaspersky's antispam solutions have successfully detected and blocked more than 85,000 fraudulent emails targeting cryptocurrency users. This nefarious campaign peaked in March, with more than 34,000 malicious messages intercepted. Kaspersky continued to protect cryptocurrency users in April and May, thwarting approximately 19,902 and 30,816 fraudulent emails in these months, respectively.
โWe are witnessing a continuous increase in the popularity of cryptocurrencies and with it the need for users to remain vigilant and implement strong security measures to protect their digital assets. It is crucial to verify the authenticity of the sender and to be careful before clicking on any link or providing sensitive information." comments Roman Dedenok, security expert at Kaspersky.
Read the full report on the cryptophishing campaign at Securelist.com.
To keep crypto assets safe, Kaspersky experts also recommend the following:
- Buy from official sources: Only buy hardware wallets from official and trusted sources, such as the manufacturer's website or authorized resellers.
- Inspect your wallet: Scan your new hardware wallet for signs of tampering before using it.
- Check Firmware โ Always check that the firmware in the hardware wallet is legitimate and up to date. This can be done by checking the manufacturer's website for the latest version.
- Secure Your Seed Phrase โ When setting up your hardware wallet, be sure to write down and securely store your seed phrase. A trusted security solution, such as Kaspersky Premium, will protect your cryptographic data stored on your mobile device or PC.
- Use a strong password โ If your hardware wallet allows a password, opt for a strong and unique one. Avoid using easily guessed passwords or reusing passwords from other accounts. To manage passwords effectively and securely, consider using Kaspersky Password Manager.
-Ends-
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky's deep threat intelligence and security expertise are constantly being transformed into innovative security solutions and services to protect businesses, critical infrastructure, governments and individuals. consumers around the world. The company's comprehensive security portfolio includes leading endpoint protection and specialized security solutions and services, as well as Cyber โโImmune solutions to combat sophisticated and evolving digital threats. More than 400 million users are protected by Kaspersky technologies and we help more than 220,000 corporate clients to protect what matters most to them. Learn more at www.kaspersky.com.
