phishing
Email Phishing: How to Spot a Scammer | by Blockchain.com | @blockchain | May, 2023
We’ve all received strange emails, an unexpected message from an unknown sender requesting funds or an unsolicited password reset from what appears to be Blockchain.com. These emails look genuine, but should we trust them?
Phishing (pronounced “fishing”) is an online attack that attempts to steal your money or identity, by getting you to reveal personal information.
At Blockchain.com we’re committed to help keep you safe online, so in this article we dissect an actual phishing attempt email, highlighting the tactics used.
Tactic 1: “From” address impersonation
In this example, the scammer has sent this email from a send address which is similar to our official email address: notify@wallet-tx.blockchain.com
Be vigilant about possible omissions or incorrect characters in email addresses.
If you have previously received emails from us, compare the email addresses used in those communications to the potentially suspicious email you received.
You can also check our official email communications address here
Tactic 2: Log-in information requests
If you get an email or text message (SMS) asking for your Blockchain.com account email, phone, password, or Private Key it most likely is a scam.
We’ll never ask you to share your personal information in a text or email. This includes:
- Credit or debit card numbers
- Bank account details
- Account passwords
- Blockchain.com Private Keys
- Blockchain.com Secret Recovery Phrase
Tactic 3: “Appearing” helpful
See here, the scammer is advising to use 2FA in order to increase security.
We often see scammers sprinkling through what appears to be “helpful” hints and tips as a decoy tactic.
Tactic 4: Using official logos and links
Many phishing emails will consist of standard company logos and official sounding language to make it appear to be real.
While there is no clear way to check if the logo is being used genuinely, it’s important to remain vigilant that scammers will try their best to make the email look as professional as possible.
Phishing attacks are getting more and more sophisticated, with new tactics emerging all the time. The most important thing to remember is that at Blockchain.com, we will never ask for your login information, through any form of communication.
If you have any doubt, open a Support Center Ticket here to confirm the validity of a request.
Source link
The X (Twitter) account of crypto-focused venture capital firm Blockchain Capital was seemingly taken over by scammers attempting to lure users with the promise of a token claim.
On Aug. 9, Blockchain Capital’s account made multiple posts promising a giveaway of “BCAP” tokens and directed users to a copycat website that emulated the appearance of the VC firm’s original.
Blockchain Capital later regained control of the account and deleted the posts.
The copycat website — which included an additional “n” in the URL to closely mimic the original — directs users to connect their crypto wallet, a common tactic used by phishing scammers in order to trick users into signing a malicious transaction that drains funds.
The scammers tactically turned off commenting on the posts in an attempt to prevent others from warning of the possible scam. Multiple X users shared the posts warning of the scam attempt.
Blockchain Capital’s hijacked account comes days after the FBI warned of criminal actors taking over the social media accounts of well-known figures in the crypto space in order to funnel users to malicious spoof sites.
Related: No crypto plans for X: Elon Musk debunks scam token claims
A flood of scam posts also recently appeared on pro-XRP lawyer Jeremy Hogan’s hacked X account — where malicious links to a purported XRP (XRP) giveaway were posted for around four days.
In late July, Binance CEO Changpeng “CZ” Zhao warned his 8.5 million X followers of the increasing number of phishing attacks following the hack of Uniswap founder Hayden Adams X account.
Zhao advised against using text message-based two-factor authentication and recommended the use of hardware devices instead.
Magazine: How smart people invest in dumb memecoins — 3-point plan for success
Source link
Four major crypto drainers have emerged to fill the vacuum left by the notorious wallet sweeper Monkey Drainer, with thousands of victims targeted and millions in crypto stolen already this year.
The crypto drainers — called Pink Drainer, Inferno Drainer, Pussy Drainer, and Venom Drainer — have together stolen $66.4 million in total since around the start of 2023 according to Dune dashboards complied by Web3 anti-scam platform Scam Sniffer.
Venom Drainer has stolen nearly $27.5 million since February, the most out of the group. Inferno Drainer is second with over $21.2 million stolen since January but has three times the number of victims at nearly 45,800.
Pussy Drainer and Pink Drainer together have been used to steal from over 6,000 victims with $17.5 million in funds pilfered across the two. Monkey Drainer was estimated to have stolen about $13 million worth of digital assets in total during its reign.
Crypto drainers work by having the victim unknowingly agree to a malicious transaction in their crypto wallet that allows a smart contract to transfer out a portion of assets or the entire contents of the wallet, depending on the transaction that was signed.
Scam Sniffer told Cointelegraph that most crypto drainers are rented out to groups undertaking phishing scams and the drainer takes a percentage cut of the loot.
Many operate on this pricing model but some have an additional access fee. Blockchain security firm CertiK explained that Inferno — like many other drainers — “has a 20% commission” while Venom has “introduced an initial $1,000 fee” for first-time users.
Scam Sniffer said some draining services advertise “add-ons” such as including malicious signature requests that emulate popular nonfungible token (NFT) marketplaces such as Blur and X2Y2.
“In the NFT space, there are a lot of protocols that use unreadable signatures like Seaport, Blur and X2Y2,” Scam Sniffer explained. “If the victims have assets on Blur, the drainers could launch particular malicious signatures to steal NFTs approved to trade on Blur.”
3/ Blur’s bulk listing requires users to sign a Root, which is unreadable for users. this Root is the Merkle Tree Root generated by multiple Order hash. pic.twitter.com/RxAsJp0Urv
— Scam Sniffer (@realScamSniffer) June 26, 2023
Not all drainers are around forever though. According to Scam Sniffer, once the person or people behind a drainer steal a certain amount of funds, they will announce they’re quitting — likely an attempt at staving off law enforcement.
Related: Crypto scams are going to ramp up with the rise of AI
However, it added as one crypto drainer leaves another takes its place “because it’s profitable! […] And no one has been arrested so far.”
The are currently multiple crypto-draining services making the rounds on Telegram. CertiK shared images with Cointelegraph showing other drainers named Angel, Spawn, Whale and Atomic.
In March, the crypto-draining service Monkey Drainer announced they were “shutting down” saying it was “time to move on to something better.”
The person behind Monkey Drainer pointed their “fellow cyber-gangsters” to Venom, touting it as a “flawless” service.
Magazine: Should you ‘orange pill’ children? The case for Bitcoin kids books
Source link
Hackers continue their relentless activities, displaying no signs of slowing down. Shortly after the Multichain hack, these malicious individuals once again launched an attack. Their latest tactic involves spreading a phishing link through Twitter.
A fraudulent distribution of Fantom (FTM) to users, falsely linked to the Multichain attack, is rapidly spreading on Twitter, attracting significant attention. This post has garnered numerous retweets, views and even bookmarks from Twitter users.
In the disguised tweet, the malicious individuals stated thus;
“Due to the Multichain hack, Fantom Foundation is issuing an emergency FTM distribution to all users. All users who have interacted with the FTM chain are eligible to claim.”
A phishing link was included in the tweet and shared with the affected users of the hack, leading them to believe it is associated with Fantom Foundation, the non-profit organization responsible for the Fantom (FTM) protocol.
Due to the Multichain hack, Fantom Foundation is issuing an emergency FTM distribution to all users.
All users who have interacted with the FTM chain are eligible to claim.
Receive Now ➡️ https://t.co/UUOBcycz8t#Fantom #Multichain #FTM #FTMUSDT#FantomHackathon $USDC,…
— Fantom Foundation (@FantomFNlD) July 7, 2023
On July 6th, Multichain encountered an alarming situation when significant outflows were detected on its platform. In response, Multichain suspended operations to investigate the issue. By the end of the day, approximately $125 million worth of Multichain assets had been illicitly transferred to various wallets. The most targeted asset was the Fantom bridge, with approximately $122 million worth of wBTC, USDC, USDT and other altcoins being stolen from its holdings.
Looks like another hack happened on Multichain. This DOES NOT affect users on @Binance or @Binance itself. We have swapped all assets out and closed deposits a while back. Regardless, we offer our assistance in helping with the situation.
Stay #SAFU. https://t.co/GGInbxFkic
— CZ Binance (@cz_binance) July 7, 2023
In light of these events, users were strongly recommended to halt all activities on the Multichain protocol and revoke any contract approvals associated with Multichain. This precautionary measure was advised until investigations were concluded and a comprehensive explanation was provided.
Related: Circle, Tether freezes over $65M in assets transferred from Multichain
During the ongoing investigation, Changpeng ‘CZ’ Zhao, the CEO of Binance, utilized Twitter to inform his followers that the prominent digital asset service provider remained unharmed by the attack, reassuring them that all funds were secure. Additionally, he verified that Binance had already executed an asset swap and ceased accepting deposits from Multichain some time ago.
Instances of Twitter hacks like these are increasingly prevalent within the crypto industry. It is crucial for users to exercise caution and refrain from clicking on unfamiliar links.
Magazine: Should crypto projects ever negotiate with hackers? Probably
Source link
Republican National Committee Endorses Pro-Bitcoin Platform in Party Draft
BC.GAME Announces the Partnership with Leicester City and New $BC Token!
What’s the best new crypto in 2024?
Bitcoin Mining Difficulty Crashes 5% To Lowest Level In 3 Months, What Happens Next?
Bitcoin (BTC) Price, Volume Contrasts In Fight For Rebound
The German Government Is Selling More Bitcoin – $28 Million Moves to Exchanges
BC.GAME Announces the Partnership with Leicester City and New $BC Token!
Justin Sun Says TRON Team Designing New Gas-Free Stablecoin Transfer Solution
Mt. Gox is a ‘thorn in Bitcoin’s side,’ analyst says
XRP Eyes Recovery Amid Massive Accumulation, What’s Next?
Germany Moves Another $28 Million in Bitcoin to Bitstamp, Coinbase
'Asia's MicroStrategy' Metaplanet Buys Another ¥400 Million Worth of Bitcoin
BlackRock’s BUIDL adds over $5m in a week despite market turbulence
Binance To Delist All Spot Pairs Of These Major Crypto
German Government Sill Holds 39,826 BTC, Blockchain Data Show
Bitcoin Dropped Below 2017 All-Time-High but Could Sellers be Getting Exhausted? – Blockchain News, Opinion, TV and Jobs
What does the Coinbase Premium Gap Tell us about Investor Activity? – Blockchain News, Opinion, TV and Jobs
BNM DAO Token Airdrop
A String of 200 ‘Sleeping Bitcoins’ From 2010 Worth $4.27 Million Moved on Friday
NFT Sector Keeps Developing – Number of Unique Ethereum NFT Traders Surged 276% in 2022 – Blockchain News, Opinion, TV and Jobs
New Minting Services
Block News Media Live Stream
SEC’s Chairman Gensler Takes Aggressive Stance on Tokens – Blockchain News, Opinion, TV and Jobs
Friends or Enemies? – Blockchain News, Opinion, TV and Jobs
Enjoy frictionless crypto purchases with Apple Pay and Google Pay | by Jim | @blockchain | Jun, 2022
How Web3 can prevent Hollywood strikes
Block News Media Live Stream
Block News Media Live Stream
Block News Media Live Stream
XRP Explodes With 1,300% Surge In Trading Volume As crypto Exchanges Jump On Board
Altcoins2 years agoBitcoin Dropped Below 2017 All-Time-High but Could Sellers be Getting Exhausted? – Blockchain News, Opinion, TV and Jobs
Binance2 years agoWhat does the Coinbase Premium Gap Tell us about Investor Activity? – Blockchain News, Opinion, TV and Jobs
- Uncategorized3 years ago
BNM DAO Token Airdrop
Bitcoin miners2 years agoA String of 200 ‘Sleeping Bitcoins’ From 2010 Worth $4.27 Million Moved on Friday
BTC1 year agoNFT Sector Keeps Developing – Number of Unique Ethereum NFT Traders Surged 276% in 2022 – Blockchain News, Opinion, TV and Jobs
- Uncategorized3 years ago
New Minting Services
Video2 years agoBlock News Media Live Stream
Bitcoin1 year agoSEC’s Chairman Gensler Takes Aggressive Stance on Tokens – Blockchain News, Opinion, TV and Jobs
