Beware Of Crypto Phishing, Kaspersky Experts Reveal The Latest Trick Of Attackers

Crypto phishing new trick by cybercriminals (photo: Kaspersky)

JAKARTA - Kaspersky's latest data reveals that there has been a decline in phishing related to cryptocurrencies occurring in the Southeast Asian region showing a slight decline in 2022. From 164,330 total crypto phishing detections in 2021, it fell to 147,649 last year.

However, the global cybersecurity company also noted that a decline was only observed in three of the six main countries in the region, such as Singapore (74%), Thailand (51), and Vietnam (15%).

Meanwhile, in other countries, the type of threat that aims to steal money from cryptowallet owners has actually experienced an increasing trend, including in the Philippines, Indonesia, and Malaysia.

Cybercriminals will not stop when talking about the theft of crypto assets. The main reason is tren'. We see more and more adopters, especially in Southeast Asia. In fact, this region is responsible for 14% of crypto transactions globally and is expected to continue to be at the forefront of mass crypto adoption," explained Adrian Hia, Managing Director for Asia Pacific at Kaspersky in a statement received.

According to Hia, because the population in the region is filled with young people who really understand digital. So, it is important for Southeast Asian people to know about the latest tricks used by crypto phishers to keep their crypto assets safe.

Kaspersky Spam Analysis Expert, Roman Dedenok discussed the tactics used by crypto phishers to obtain victims' crypto assets that were not alert.

Free Money

As is often the case, it all starts with an email. The brain behind this scheme selects an offer to take part in an attractive gift from Bitcoin (BTC), Ethereum (ETH), Litecoin (LTC), Tron (TRX) or Ripple (XRP) as the bait.

When viewed from the email, the domain in the email address of the sender has absolutely nothing to do with any crypto. The text of the message is modest, and full of typos and spelling. Scammers may rely on victims who are so shocked by the number of nine digits that everything else will escape radar.

If you click on the link, then you will be taken to the phishing site. At this point, victims will be asked to specify the wallet they want to transfer funds, the most common of which are Blockchain.com, Trust Wallet, MetaMask, Coinbase, Binance, Crypto.com, and Exodus.

Next, to get the coveted token, the user must enter a series of secret words, aka the seed phrase. As soon as they fill in the column and click the next button, a notification will appear on the screen that everything has been successful and the crypto asset will log into the lucky winning account within 24 hours.

Frase seeds, keys from all doors

Cybercriminals rely on the fact that people usually protect their personal keys strictly, which eventually open up access to crypto wallets; but many users who don't realize their seed phrases are also very pleasing, and think nothing of putting it on the website for the sake of getting a reward.

In fact, the phrase seed is no less valuable. With it, attackers can produce new personal keys and thus gain access to the victim's wallet.

In other words, this initial phrase effectively provides the same opportunity to loot your savings as a private key. This means you have to protect the first layer like the last layer.