Netskope Discovers Hackers Stealing Crypto Via Google Sites And Azure

According to Netskope, certain SEO techniques are being leveraged by attackers, which direct users to phishing websites for exchanges like Kraken and Coinbase and wallet apps like Metamask.

Microsoft Azure and Google Sites have been used for creating these fraudulent websites that hoodwink users into sharing their personal information.

This enables malevolent entities to steal their funds by gaining access to these services.

New scam

Online security company Netskope has detected a new kind of crypto phishing scam that uses copycat pages and SEO techniques to con people.

A report from the company disclosed that during 2022, hackers have made use of blogs for distributing links to various phishing websites.

Attackers use these blogs for posting these links with SEO content, thereby allowing them to rank higher in search engine results.

This ensures that a greater audience will review the links and also creates the impression that they are real crypto sites.

But, these links are actually directing people to phishing websites that are copies of actual websites, such as that of Metamask.

There are also websites mimicking crypto exchanges, such as Kraken, Gemini, and Coinbase.

Phishing mechanism

Microsoft Azure or Google Sites have been used for hosting most of these phishing websites and they use two tactics for fooling people and stealing their personal information.

The first method involves getting private seeds of crypto wallets by prompting users to import the data directly. This method is currently being used for the Metamask phishing website.

The second method involves stealing the account information of users via the phishing website of different crypto exchanges.

When users enter their information, the site gives an error, prompting users to contact customer support that allows them to obtain more information, which can be used for acquiring their funds.

Netskope’s recommendation

After releasing the report, Netskope said that they were recommending crypto users to not share their credentials after opening a link.

It said that users should directly visit the exchange or wallet website they are trying to access, rather than using a link, as this would reduce the possibility of phishing.

In addition, the online security firm also had some recommendations for organizations. It suggested that they use a secure web gateway that could be used for detecting and then blocking these phishing websites in real-time.

It should be noted that the concept of phishing scams is certainly not a new one for the crypto space. Back in February, the world’s largest crypto exchange, Binance also issued a warning.

It had identified a massive phishing scam and the crypto exchange had then issued a warning involving SMS.

Even earlier, there were multiple phishing scams involving crypto wallets have happened and many crypto users have had their digital assets compromised.

Therefore, security experts recommend that users only share their credentials on the actual website that they open directly, instead of following any links, no matter how authentic they may appear to be.

Leave a Reply

Your email address will not be published. Required fields are marked *