Cryptocurrency Phishing Threats Luring New Victims
Cryptocurrency-related phishing attacks are on the rise, with a report from Kaspersky recording an increase of 40% in 2022 compared to the previous year.
This was among the many findings in the company’s financial threats report, which detailed a growing array of new coins, NFT and other DeFi projects that scammers are using to continuously dupe users.
Financial phishing accounted for 36% of all phishing attacks in 2022, while PayPal was the near-exclusive focus of phishers in the electronic payment systems category, with 84% of phishing pages targeting the platform.
Olga Svistunova, security expert at Kaspersky, said despite some recent problems in the cryptocurrency market, many people still view it as a way to get rich quickly with little effort.
“Cybercriminals are always searching for ways to exploit vulnerabilities in the cryptocurrency ecosystem, and phishing attacks have proven to be an effective method for stealing sensitive information like private keys, passwords and seed phrases,” she explained.
In short, as long as people continue to view cryptocurrencies as a way to make a quick buck, scammers will continue to find ways to exploit this market.
The Perfect Recipe for Social Engineering
Patrick Harr, CEO at SlashNext, points out there is a lot of volatility in the cryptocurrency market, and a lot investors are unsure of where to go and who to trust.
“This is the perfect recipe for social engineering, specifically when the phishing schemes are sophisticated and appear very legitimate like these attacks,” he said.
He added that anyone who has invested and is unsure what to do next is a potential target, as these bad actors offer hope that users can get a better return on their investment.
“Startups could be good targets because they can’t afford to lose their money, so they might be willing to look for a solution that seems safer, which is often too good to be true and what these bad actors offer,” he explained.
Thomas Carter, CEO at True I/O explained that the rise in cryptocurrency-related phishing attacks can be attributed to several factors, including the growing popularity and value of cryptocurrencies, the anonymity of blockchain technology and the lack of regulation in the cryptocurrency market.
“Hackers and scammers are taking advantage of people’s lack of knowledge about cryptocurrencies and using phishing attacks to steal their valuable digital assets,” he said.
He noted the primary targets of cryptocurrency-related phishing attacks are individuals who own and trade cryptocurrencies.
“Attackers target them because they are often less knowledgeable about online security and are more likely to fall for scams,” he said. “Additionally, many cryptocurrency investors and traders are early adopters of technology and may have a different level of security awareness than other groups.”
Harr said that, as AI and automation make these threats harder to spot for users, it’s important for organizations to employ AI detection with contextual and behavioral analysis plus real-time zero-hour date detection that can identify these phishing attempts.
“Don’t trust and always verify through other channels,” he advised. “With market uncertainty and risk, there are usually bad actors ready to take advantage.”
The Evolution of Cryptocurrency Phishing
Svistunova said it’s likely that cryptocurrency-related phishing attacks will continue to evolve and become even more sophisticated.
“One potential area of development is the use of advanced AI and machine learning techniques in various ways,” she said. “For example, we might see the creation of AI-generated phishing emails or the use of AI as a bait to lure unsuspecting victims.”
She pointed out another growing trend in cryptocurrency-related phishing attacks is the use of one-time password (OTP) bots.
These bots are designed to steal one-time passwords that are used to authenticate transactions on cryptocurrency platforms.
“Phishers have been known to use these bots to gain access to victims’ accounts and steal their digital assets,” she said. “This type of attack is particularly effective against users who rely heavily on their mobile devices for trading and may not be aware of the risks associated with OTPs.”
Carter noted that organizations and security professionals can defend themselves against cryptocurrency-related phishing attacks by implementing strong cybersecurity measures such as multi-factor authentication, regular software updates and employee training programs.
“Additionally, they can use blockchain technology to secure their own digital assets and detect fraudulent transactions,” he said.
Other best practices for employee training include regular cybersecurity awareness training, phishing simulation exercises and encouraging employees to report any suspicious emails or activity.
“It’s also important to stress the importance of not sharing sensitive information or passwords and to use strong passwords and two-factor authentication,” Carter said.
He agreed with Harr that hackers are likely to use advanced AI and machine learning techniques to create more convincing scams and that they may target new groups of people as cryptocurrencies become more mainstream.
“Organizations and individuals must remain vigilant and proactive in cybersecurity to protect themselves against these threats,” Carter said.
