Cybercriminals raised $ 2.3 million by exploiting ICOs via phishing in the second quarter of 2018, a Kaspersky study revealed.
The IT security multinational in its new Spam and Phishing in the second quarter of 2018 found that online criminals are targeting encrypted investors with fake ICO sites. Most of these sites belong to Ethereum-based startups that raise money for the development of their platforms.
In addition to injecting a fake crowdfunding link into their outgoing e-mails, cybercriminals attempt to trick the victim into sending crypts to their Ethereum portfolios willingly. The victims, believing to invest in a good round of ICO, end up throwing their Ether funds to illicit benefactors.
"Cybercriminals continue to use the names of ICO's new projects to raise money from potential investors who are trying to get early access to new tokens," Kaspersky said. "Sometimes phishing sites open up to official project sites."
For example, for further details, it is possible to mention the situation regarding the brand new phishing attack on Experty. The ICO participants of this "Skype-like voice and video calling" had lost $ 150,000 of Ethereum in a fraudulent pre-ICO scheme impersonating Experty. To participate in the ICO, investors had to follow a regular registration procedure on the Experty website. Scammers managed to steal information from potential investors from the company. They later convinced these investors to send their Ether funds via a fake invitation link. As a result, investors have lost a large sum.
An extremely popular ICO announced by Telegram had also invoked hackers to employ various illegal strategies, resulting in a dozen of fake sites. At the time Telegram concluded, his imitations had already collected money which, according to the news, was comparable to the original presale round.
So far, Kaspersky has been able to monitor phishing attempts that are considered traditional by their approach. The antivirus company claims to have "prevented 58,000 attempts to connect to phishing sites disguised as the most popular cryptocurrency portfolios and markets" with their anti-phishing system. In 2017, the number of registered phishing attacks was two thousand, as confirmed by Alexander Gostev, Kaspersky's chief anti-virus expert
In the same year, the ICO market lost more than 300 million dollars to cybercriminals, including hackers and phishers.
HTTPS Certification is not reliable
Even the most knowledgeable investors consider websites with authentic HTTPS certification. The Kaspersky report, however, notes that it is now possible to find malicious pages on protected pages, blaming them for the ease of access of these certificates. The study added that the most popular browsers such as Google are starting to change their approach towards the certification of unencrypted websites. It said:
"As of September 2018, the browser (Chrome 69) will stop marking HTTPS sites as" protected "in the address bar. Instead, starting in October 2018, Chrome will begin to display the label "Unprotected" when users enter data on unencrypted sites. "
Image highlighted by Shutterstock.
Follow us on Telegram or subscribe to our newsletter here.
• Join the CCN Crypto community for $ 9.99 a month, click here
• Do you want exclusive analysis and in-depth analysis encrypted by Hacked.com? Click here.
• Open positions on CCN: sought-after full-time and part-time journalists.