Phishing Powered by Advertisement -Cryptocurrency Hack

April 7, 2018
Phishing Powered by Advertisement

Phishing Powered by Advertisement

 

 

 

Basically, the criminals were able to get their ads approved by Adwords far too easily. They have been advertising their websites to appear on the topmost results whenever the desired keyword hits. The popular victims of these phishing attacks are cryptocurrency users and cryptocurrency exchanges, but not limited to those group of people.
Here is an overview of how it happens and how it is possible that they were able to do it:

  1. Criminal groups purchase or register a miss spelled domain from a domain registrar or a registrant who already owns a domain as such. Eg.(coinbase.com vs coinbse.com) AKA cybersquatting.
  2. Host the domain with a hosting provider with poor anti-phishing policies, and then upload the fake website.
  3. Use Google Ad words to advertise the fake website. This is much easier than crafting professional like emails and so much easier than looking for email addresses in the whole cyberspace.
  4. Once credentials are stolen especially cryptocurrency accounts, the group can easily transfer any cryptocurrencies (bitcoin for example) to their own wallet because it was too easy to transfer to any digital wallet without too much verification. Not to mention the blockchain technology makes it more difficult for transactions to trace.

Anti-phishing intelligence will have to go through such herculean tasks just to investigate the ledger of the blockchain technology for tracking the transactions. Before such anomaly happens it should have been prevented by educating people and the users of the financial platforms on how to secure accounts.

Most importantly it is the duty and responsibility of any business owner to protect its intellectual property and customers online. The reason why cryptocurrency phishing is popular nowadays, because of the lack of anti-phishing mechanisms and the lack of phishing intelligence in their team.

The group named Coinhoarder performed these attacks for the past 3 years concentrating their activities in Africa, due to the fact that there are many bitcoin owners there as banking in developing countries is difficult to access.

 

About the author

Leave a Reply