Crypto scams are on the rise once again. In the most recent incidents, miscreants have turned to the popular hardware wallet, Trezor and the metaverse gaming platform, The Sandbox, to prey on their victims. Both firms have confirmed recent phishing attacks and have asked users to remain on the alert for any suspicious messages and e-mails. Here’s a quick rundown of both these incidents and what you need to do to stay safe.
The Trezor scam
Starting from Feb 27, several Trezor customers reported receiving suspicious e-mails and text messages indicating that Trezor had suffered a data breach. The message instilled a sense of fearing, stating that user holdings were at risk of theft. It then directed users to a link where they could change their login credentials and secure themselves from the data breach.
Users who clicked on this link were taken to a page that looked like a part of the Trezor website. This page had a small message that further drove home the urgency of the situation and pushed customers into updating their recovery phrases. Those who started the process were asked to enter their wallet’s current recovery phrase to generate a new, secure recovery phrase.
For the unacquainted, a recovery phrase is a 12- or 24-word string of random words that can be used to recover crypto holdings if a wallet has been lost or stolen. Spurred on by the fear of losing their assets, users would enter their recovery phrase on the fake page. However, they were actually feeding these details into a database controlled by the scammers.
And once the scammers have the recovery phrase of a wallet, stealing the crypto stored within it is child’s play.
The Sandbox reports phishing attack
More recently, on March 2, the metaverse gaming platform, The Sandbox, raised an alarm over a similar incident. According to an official statement, miscreants gained access to one of their employee’s computers, through which they were able to access several user email addresses. Armed with this contact information, miscreants began sending out fake e-mails titled “The Sandbox Game (PURELAND) Access”.
Of course, these e-mails contained spurious links that, once clicked on, would install malware onto the victim’s computer. This malware would then take control of the user’s computer and access their personal information.
The platform is encouraging users to change their passwords and set up two-factor authentication (2FA) for all their accounts as a safety measure against this phishing attack. As a dire step, The Sandbox has also suggested formatting PCs, especially for those who feel they have been affected by the attack.
Namecheap reported a similar incident in Feb
Namecheap, the domain name registrar and web hosting service, was also hit with a phishing attack a couple of weeks ago. Multiple reports suggest that the company’s mass correspondence platform, SendGrid, was hacked on Feb 13. This allowed miscreants to send unsuspecting users fake emails from official accounts.
Bad actors targeted DHL and MetaMask users, soliciting them into providing their login details over spurious links. For instance, the MetaMask email led users to a fake website that asked for their recovery phrase. On the other hand, the DHL email informed users that their parcels had been held up and asked them to pay an additional amount to receive them. Of course, upon entering the wallet/payment details, scammers would have a field day with the user's crypto holdings/funds.
How to stay safe from such scams
No legitimate crypto platform will ever ask for your wallet keys over mail or text message. If there is a genuine security risk, information will be made publicly available to all users. You can also cross-check the authenticity of such claims by connecting with customer support or sending out a tweet. Also, pay close attention to the links you receive in an e-mail. They may often look like official URLs, but if you look closely, you will see spelling mistakes or other discrepancies.
Setting up 2FA is also a good idea. It could protect you in case bad actors access your personal information and try changing the login credentials of your various accounts. 2FA will ensure you are notified in case someone tries this. Also, it will ensure they are not able to log in without your approval.
Conclusion
Crypto phishing scams have become extremely common these days. This is why it is so important to exercise due diligence when dealing with your e-mails and text messages. Make sure to properly screen all communications and check for potential red flags before clicking on any links. Ultimately, scammers need you to act on the messages to be successful. However, now that you know what to look out for, avoiding their traps is much easier.
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
BJP is planning to ban RSS, says Shiv Sena (UBT) chief Uddhav Thackeray
May 18, 2024 8:01 PM
Punjab Lok Sabha elections: Complete list of Congress candidates
May 18, 2024 4:08 PM
Punjab Lok Sabha elections: Check full list of AAP candidates and constituencies
May 18, 2024 12:59 PM
PM Modi, Rahul Gandhi election rallies in Delhi today: Here are the routes to avoid
May 18, 2024 11:28 AM