Attackers are using certain SEO techniques to direct users to phishing sites for wallet applications such as Metamask and exchanges such as Coinbase and Kraken. According to Netskope, these sites, created on Google Sites and Microsoft Azure, trick users into providing personal information, allowing malicious entities to siphon funds from these services.
According to Netskope, cryptocurrency phishing schemes use SEO, Google Sites, and Microsoft Azure
Online security firm Netskope has detected a new cryptocurrency phishing scheme that uses SEO techniques and copycat pages. The company reports that throughout 2022, it detected attackers using blogs as a tool to distribute links to phishing sites.
On these blogs, attackers post links that contain SEO content that ranks high in search engine queries. In other words, this link is identified by many people, leading them to believe that it is a link to a genuine crypto site. However, the link directs users to a phishing site that is very similar to crypto-based sites, such as the Metamask website.
Other sites also mimic exchanges such as Coinbase, Gemini, and Kraken.
How Phishing Works
These phishing sites are hosted on Google Sites and Microsoft Azure and are designed to trick users and obtain personal information in two different ways. The first is to directly obtain the private seed of the user’s wallet and prompt the user to import that data. This is the method currently used by the Metamask phishing site.
The second is to obtain the user’s account information on the phished exchange. When the user enters the information, the site returns an error, prompts the user to contact a support operator, and attempts to obtain more information about the user in order to obtain the user’s funds.
Netskope states.
Netskope strongly recommends that users never enter their credentials after clicking a link. Instead, always go directly to the site you are trying to log into. We also recommend that organizations use a secure web gateway that can detect and block phishing in real time.
Phishing scams are not new in the cryptocurrency world. In February, Binance detected and warned of a large phishing scam involving SMS.
Image credit: Shutterstock, Pixabay, Wiki Commons