Cybercriminals worldwide target blockchain businesses with a variety of attacks including phishing, making a fool of them every single day. Here’s what you need to know!
Blockchains boast of being intrinsically secure and transparent, by means of a public, decentralised record of transactions. While this is true, the extent of security truly depends on how secure the applications built upon the platform are, and it turns out not very. Developers working on blockchains often tend to overlook the risks and vulnerabilities that applications themselves might have, leading to a staggering number of attacks on businesses seen across the world. Especially with the weakest links being people, phishing attacks have grown drastically both in number and in sophistication building mistrust in the entire industry.
This April Fool’s Day, we thought we should throw light on some such phishing scams that succeeded in defrauding blockchain businesses and users - as for victims of phishing attacks, every day is Fool’s Day!
1. Misguiding Web-links
A fake weblink with a very minor difference from the original is created, manipulating users into uploading personal or financial information believing it to be a genuine site. A good example of this is the phishing attack on the tZero website where scammers created an exact replica of the original website with a weblink Țzero.com instead of Tzero.com - replacing the T with a T-comma (Ț). As a blockchain business dealing with large-scale financial processes and investment management, Tzero faced the risk of losing money, business and reputation.
2. Misleading Adverts
In another type of phishing, scammers launch Google ads that seem extremely genuine, linking to a bogus website - that unsuspecting users upload information to. This happened recently in the case of the Sirin Labs, a State-of-the-art blockchain smartphone with P2P resource sharing. A Google advert was launched leading to the website - Sirin-labs.com, whereas the original website link is Sirinlabs.com. Unsuspecting users would be directed to a fake website that would take their personal information.
3. Fake sites with https://
Several users assume that a website with an https:// in inherently a secure site. However, phishers went an extra mile in creativity, acquiring an https:// certificate for a fake site, tricking users into believing that it was the actual thing. In the case of envion.org, this is exactly what happened. In addition to creating an entirely similar website in the address of énvion.org, the scammers also got the site an https:// certificate, making it seem all the more genuine.
4. Phishing or Ransomware?
Ransomware attacks threaten the functioning and reputation of thousands of businesses across the world, every year. However, the fear of being held to ransom itself turns several business leaders into innocent victims, when phishers or attackers take advantage of the fact and demand ransoms with directly posting in social media. The messages are extremely well drafted and business owners won't mind paying them to take care of the threats and their business reputation.
A culture of security for your blockchain business
Wherever your customers interact online, there is a risk that attackers will manipulate your brand to steal their data for malicious intent. While protecting your network is a finite task, the internet gets larger every day, so your external perimeter is an infinite blind spot. Phishing only works when individuals take the attacker’s bait and scammers are getting smarter and innovative by the hour.
People are the weakest link, and with the right education and cyber-awareness, they could become your strongest line of defence against malicious parties. In a budding industry such as the blockchain, this could directly impact the level of confidence the market has in your product and in the platform itself. Imparting knowledge is the only way to equip your teams with everything they need to stay secure and protect your company’s information and assets from phishing attacks.
Entersoft works in a strategic partnership with Segasec to provide a strong resolution for both inside and outside of the network-perimeter phishing attacks, in one consolidated solution. Segasec uses Machine Learning and Artificial Intelligence to find domain manipulation or content duplication at the earliest stage of the game, watching potential threats evolve using quadrillions of scans 24/7, and with the support of an untraceable web agent that alerts immediately in case of a breach.
This April Fool’s Day, join us in putting a stop to being fooled by scammers. Empower yourself and your employees with information on how to identify and evade phishing attacks. Adopt a culture of security at your blockchain business today!
PS: All examples used in the article are real and may be dated to 2018.