Phishing, More Of The Same.
One day you wake up and discover that all your savings in cryptocurrencies have disappeared, what has happened? Someone has accessed your account and has transferred your funds to an unknown direction. A simple error in an email service and you have been the victim of a scam that took advantage of a system vulnerability. It looks like the argument of a Netflix movie, only this time is real. This happened to thousands of cryptocurrency users on January 15, when a massive Phishing campaign managed to steal almost $ 600,000 in different cryptocurrencies. The attack was based on a safety gap in Mailerlite, an email service provider used by several cryptocurrency exchange platforms.
I do not intend to scare or discourage you, but quite the opposite. I have the conviction that cryptocurrencies are a revolutionary technology that has the potential to change the world for better. But we also know that, like all innovation, it has its challenges and its threats. Therefore, I want you to be prepared and know how to defend yourself from possible attacks.
The facts. On January 15, thousands of cryptocurrency users received an email that seemed to come from a legitimate exchange platform, but that was actually part of a massive phishing campaign. The objective was to deceive the recipients to access a false website and provide their access credentials, which allowed attackers to steal their funds. According to a report by the Trend Micro cyber security company, the Phishing campaign took advantage of a safety gap in Mailerlite, an email service provider used by several cryptocurrency exchange platforms. The attackers managed to access the mailerlite accounts of some of these platforms and use them to send false emails to their customers.
The emails had a very convincing appearance, since they used the same design, logo and domain as the legitimate emails of the exchange platforms. In addition, they contained a link that redirected users to a false website that imitated the aspect of the real website of the exchange platform. The false website asked users to enter their access credentials, which were then captured by the attackers.
The attackers focused on exchange platforms that offer custody services, that is, they store user funds in their own portfolios. In this way, once they obtained access credentials, they could access their accounts and transfer their funds to other portfolios controlled by them. According to Trend Micro's report, the attackers managed to steal around $ 600,000 in different cryptocurrencies, including Bitcoin, Ethereum, Litecoin and Ripple. Most victims were in the United States, the United Kingdom, Australia and Japan.
According to a company statement, the security gap in Mailerlite was reported and is under investigation. They have also taken measures to prevent the incident from being repeated and have contacted the affected exchange platforms to offer them assistance.
The incident highlights the risks of relying on cryptocurrency exchange platforms that offer custody services, since users lose control of their funds and are exposed to possible phishing attacks. Therefore, I always recommend, if you are a cryptocurrency user who use personal wallets that allow you to have control of your private keys, which guarantees the property of your funds. It is also advisable to always verify the authenticity of the emails you receive from the exchange platforms, and do not click on any suspicious link. You should also use additional security measures, such as two factors authentication, which hinder unauthorized access to your accounts.
TOOLS, PLATFORMS & APPLICATIONS
💲 Bitrefill - Living with crypto, a philosophy of financial freedom. Travel, play, eat & live with Cryptocurrencies.
💲 StormGain - They can start operating without investment, the capital is acquired for free with the Bitcoin Cloud Miner of the platform itself.
💲 QuantFury - Join using my Invite Code: JRRU2593 & We will both receive up to $ 250 in cryptocurrencies (BTC, ETH, etc) or an action (Uber, AAPL, etc). It is traded and invest without commissions or loan rates at spot prices in real time.
💲 Solcial, Bulb, Publish0x, Tangled, Sl8 - Write to Earn (W2E) & Read to Earn (R2E) Platforms. Earn cryptocurrencies, NFTs or money without investment. Do you know other platforms?
✍ Originally Posted: Publish0x
