Be afraid: Phishing activity in crypto hits record high in 2022 — here’s what you can do to protect your assets

Cybersecurity company Netskope warned crypto-asset owners of a significant increase in phishing attacks using SEO tools based on Google Sites and Microsoft Azure. Phishing pages are being created en masse, followed by the theft of critical information. First of all, MetaMask wallet holders, as well as clients of exchanges, were the targets of hacker attacks.

Creating fake websites

According to the Netskope report, three methods of identity theft have become most common in recent months:

• The first has to do with obtaining users’ wallet SIDs directly — scammers offer to import their own data under various pretexts. This method is used by a phishing site MetaMask, which is a full copy of the original one.
• The second method is related to obtaining information about users’ accounts at any of the exchanges. When users enter their login information, such a phishing site generates an error and offers to contact a support operator, who tries to correspond with them to get more information, allegedly for successful access recovery.
• Apart from that, cybercriminals use topic blogs on popular social networks and SEO optimization tools, where they embed direct links to phishing sites into valuable crypto educational content. The user sees quality, helpful content and loses their vigilance by clicking on the links.

Important to know

Attackers can redeem popular search queries, such as “binance crypto,” and then place their ad insertion first on the search results — completely emulating the real Binance exchange site. It is elementary to fall for such a trick, even for an experienced user who is lazy to enter the full address of the exchange manually and decides to go through the web search.

Similarly, informational and educational sites often publish direct links to the relevant sections of well-known exchanges, which you want to go to using the proposed hyperlink — this also carries a danger.

Two simple tips:

• Go to essential sites, such as exchanges and online stores, only using your own bookmarks. Be careful about the authorization URLs, don’t mindlessly click links from search or any external pages.
• Always enable two-factor authentication, which practically nullifies such phishing schemes.

 Finally, according to another report by APWG (Phishing Activity Trends Report), the first quarter of 2022 was the worst month for phishing attacks in the history of surveillance. Netskope also noted record activity in the current year, which calls for more caution and vigilance.