Security firm SlowMist recently identified five common phishing techniques used by crypto scammers to target victims in 2022. The list includes malicious browser dialers, false sales orders, and other tactics. Trojan Horse malware spreads through messaging apps like Discord.
This comes after SlowMist reported a total of 303 security incidents in the blockchain space for the year. According to the firm’s security report, 31.6% of these incidents were caused by phishing or rug snatching scams.
Malicious browser bookmarks
One of the most popular phishing techniques involves malicious bookmarks. These can be added to any modern browser and are used by attackers to gain access to project owners’ accounts.
SlowMist claims that scammers use these bookmarks to inject JavaScript code into phishing pages. This code can then be used to gain access to a Discord user’s information and take account permissions from the project owner.
The scammer can then wait until the victim clicks the malicious bookmark while connected to Discord, activating the JavaScript code and sending personal information to the scammer. This is how the scammer can take the victim’s money by obtaining their Discord Token (encryption and a Discord Password and username). They can then follow the victim.
‘Zero Dollar Buy’ NFT Phishing
SlowMist reported that 22 of NFT’s 56 security breaches were caused by phishing attacks. Scammers use many methods to entice victims to sign NFTs, after which the scammer can purchase NFTs from the victim through a marketplace for a price set by them.
Unfortunately, it is not possible to disavow a signature stolen through sites like Revoke. However, users can deauthorize any previous pending orders they have set up, which can help mitigate the risk of phishing attacks and prevent the attacker from using their signature.
Trojan Horse Coin Theft
This type of attack usually occurs via private messages via Discord. The attacker invites victims to test a new project and then sends them a program as a compressed file with an executable file. This file is approximately 800 MB in size.
After downloading the program, it searches for files that contain keywords like “wallet” and sends them to the attacker. The latest version of RedLine Stealer also has the ability to steal cryptocurrency, scan the information from the digital currency wallet installed on the local computer, and upload it to a remote control machine.
In addition to stealing cryptocurrency, RedLine Stealer can also upload and download files, execute commands, and send periodic information about the infected computer.
‘Blank Check’ eth_sign for Phishing
Scammers can use victims’ private keys to sign any transaction they wish using phishing attacks. A signature request box can appear when a user connects their wallet to a fraudulent site. Signing gives attackers access to the signature, allowing them to create any data and then ask for it via eth_sign.
“This type of phishing can be very confusing, especially when it comes to authorization,” SlowMist stated.
Final Same Number Transfer Scam
This scam involves attackers sending tokens of small amounts, such as.01 USDT or 0.01 USDT, to victims. They often have a similar address to the last few digits to trick users into accidentally copying that address. This can result in incorrect information in the transfer history.
The rest of SlowMist’s 2022 report addressed other security incidents that