Phishers In Crypto Are Getting Smarter — And So Should You

Welcome to Hoken Tech

Unfortunately, criminals always try to exploit the weaknesses of the common user and the lack of lightness they offer to emails involving services related to the crypto and blockchain world, such as centralized exchanges.

In most cases, we find ourselves being contacted for various problems or updates to be done on our account on the exchange and with a lot of links to follow to take us quickly to the relevant platform to log in with our credentials but unfortunately, we are only doing the criminal game because in that case, we are handing over our data to the criminals and that way they will be able to access our account.

We are talking about a technique called phishing, which is to make the victim believe that they are on legitimate platforms, of which they have all the graphic aspects, but behind the criminals are hiding and therefore ready to recover the credentials of the unfortunate.

Criminals use various systems to get in touch with victims, and one of these is e-mail, where they send messages repeatedly and in various forms, and today we will analyze just one of these emails that happened in my e-mail address electronics.

Scrolling through the received mail, I notice one relating to the Blockchain.com platform, a platform famous for exchanging crypto and more, and I see that in the object I can read “An application has been linked to your account” and therefore I can deduce that someone may have entered my Blockchain.com account somehow, and have access to my crypto:

Who hasn’t seen me get warning messages about suspicious account movements?

Surely to many, and therefore precisely on this lever the criminals are operating, that is to make the victim believe that someone has entered our account X and is operating, but none of this is true.

Going to analyze the content of the email, I can immediately check that the sender is strange and presents itself as “arturo@tago.com.py” which is completely strange since the correct address for these notifications is “notify@wallet-tx.blockchain.com” moreover, the content is more complete with also our ID of the wallet we have but also various information with access data, IP address, time, type of browser used and also the operating system.

While in this case, we can only see that a third-party application has been linked to our account, Yahoo Finance, notifying us that if we have not carried out this operation, invites us to remove the related application:

I indeed have an account on Blockchain.com, but it is equally true that it arrived at the wrong email address that I usually use, so this already shows how it is sent to all those who have an email address and not to those who have an account on that platform, taking advantage of the probability that someone may have an account of that type, as in my case.

But let’s go on in this analysis as a good programmer that I am, and as a virus collector for my Spam & Virus Database, I take the necessary precautions to see where the link takes me once I click on the remove app button, which in this case takes me to a simple page where I have to enter my 12-word backup phrase, i.e. the seed of my wallet to enter the site:

Unfortunately, none of this is true because there are other credentials to access the platform and for sure the seed of my wallet is not one of them, but this shows how instead the criminals want to get the seed to take all our crypto associated with that wallet.

With this, we can demonstrate that the relative email that arrived to us was nothing more than an innovative system to recover the credentials of the victims who follow the relative attached link.

In these cases, small precautions are enough to defend oneself, such as: