Cryptocurrencies: At the heart of phising email attacks

Kaspersky‘s experts have carefully examined the phishing pages aimed at potential cryptocurrency investors, as well as the malicious files distributed under the names of the 20 most popular cryptocurrency wallets. As of early 2022, Kaspersky’s products identified and prevented nearly 200,000 attempts to steal users’ digital currencies and credentials in their wallets through phishing.The number of such efforts reached nearly 50,000 in April, which is half of the indices for the first quarter of 2022. Crypto wallets are the primary target for fraud and malicious activity.

With the explosion of digital currencies observed in the last five years, Kaspersky experts have seen various cybercrime tactics used to steal cryptocurrencies– from attracting victims with gifts sent by cryptocurrency exchanges to distributing Wallets of Trojanized DeFi. Crypto wallets are the primary target for scammers because they are the original cryptocurrency store and come into contact with large amounts of virtual money.

In 2022, Kaspersky’s products recorded 193,125 phishing attempts targeting potential cryptocurrency investors or users interested in cryptocurrency mining. During the first quarter of this year, Kaspersky experts discovered about 107,000 attempts. Then in April alone there were nearly 50,000 attempts – almost half of the previous quarter in a single month.

Scammers mimic the websites of authentic crypto wallets and entice victims to enter a personal seed-phrase, a secret 12- or 24-word phrase that ensures the security of the wallet, along with a password and a private “key.” Once the user shares his secret phrase, he is redirected to the actual website, however, his account and all his savings are now in the hands of the fraudster.

In fact, crypto wallets have become the target of numerous malicious activities, including not only phishing pages, masquerading as the most popular wallets, but also malware distributed in their names. Kaspersky experts carefully examined the malicious files distributed using the names from the 20 most popular cryptocurrency wallets.

As a result, they found that within the first five months of 2022, Kaspersky’s products had prevented more than 1,100 users from downloading more than 1,400 different variants of malicious files that had spread under the names of encryption wallets analyzed.Of the malicious files discovered, 75% took advantage of the Binance exchange. They were followed by Electrum (10%) and MetaMask (9%). Most of the time the scammers distributed Trojan downloaders, programs that download and install new versions of other malware. However, among the files analyzed, we also found bankers, spyware, and ransomware.

“Nothing will stop scammers from stealing cryptocurrencies. With the increasing value of digital currencies, scammers have stepped up their activities of defrauding potential investors. Crypto phishing scams deserve special attention – because they are based on social engineering, these attacks don’t require advanced technical skills to get started and work well for scammers.They are often successful due to carelessness and lack of user awareness. Therefore, users need to be careful with key fraud indicators: offers that are very generous, suggestions from unknown senders, as well as requests for money with the promise of future profit,” commented Kaspersky’s Head of Content Filtering Methods Survey, Alexey Marchenko.

To protect yourself from crypto scams, Kaspersky experts recommend:

Be alert. Unexpected messages about losing money and bills or about transfers, gifts and profits are almost always a trick.

Always carefully check the links. It’s best not to click on links to messages from Internet service providers at all — instead, type the service address into your browser.

Install a reputable antivirus solution to protect yourself from phishing. For example, Kaspersky Internet Security’s built-in anti-phishing and anti-fraud features warn users of potentially dangerous websites before it’s too late.