Several well-known cryptocurrency statistics websites, such as CoinGecko, Etherscan, DeFi Pulse, and others, have reported instances of fraudulent pop-ups requesting users to link their MetaMask wallets for use on the site.
Malicious notifications on cryptocurrency websites urged users to link their MetaMask wallets for use on the site
Several well-known cryptocurrency statistics websites, such as CoinGecko, Etherscan, DeFi Pulse, and others, have reported instances of fraudulent pop-ups requesting users to link their MetaMask wallets for use on the site.
According to experts, this appears to be a phishing attack aimed at users of the MetaMask wallet.
The wallet is a software crypto wallet that enables access on phone or via a browser. The attack provides a link to the Bored Ape Yacht Club project, with an ape skull logo and an nftapes.win domain.
CoinGecko founder Bobby Ong told CoinDesk that the company is examining the core cause of the hack in order to resolve the issue. Ong believes the event was caused by a malicious ad script from Coinzilla, a crypto ad network.
Elsewhere, cryptocurrency website Etherscan has advised users not to confirm any transactions that appeared on the site.
Last year, Check Point Research had discovered a phishing attack that leveraged Google advertising to steal user credentials and deceive them into entering the attacker’s wallet so that any transactions they tried would be received at the attacker’s wallet.
Some Practices To Avoid Phishing Attacks
Experts have advised users to follow a few basic steps and look out for the tell-tale signs of a phishing mail or attack to avoid falling prey to such scams.
1] If the customer has received a mail from an unexpected source that asks them to click on the link, it is highly possible that the link contains malicious content, or is an attempt to phish the customer.
2] The customer should avoid sharing personal information, such as passwords, personal account numbers, bank details, and so on. Such details are strictly confidential, and even banking personnel do not have access to such information.
3] Before logging into any website, check the URL of the site. If the text is ‘https://’ and is not ‘http://’, then it means that the website uses encryption, and is an authentic website. The ‘s’ in ‘https://’ stands for secured.
4] Before divulging any detail, it is always safe to call the bank or banking personnel to confirm if the email or message has been initiated by them.
5] Updating the passwords regularly and installing anti-virus software, spyware filters, email filters and firewall programs also help in avoiding phishing attacks.
6] Regularly checking on the bank, credit and debit card statements help in ensuring that legitimate transactions have been made.
7] In case the customer has accidentally been phished, he/she should immediately contact the bank, financial institution or credit card issuing bank and inform them.
8] The customers should check bank statements regularly to ensure that it is correct in every aspect.
Challenges Cyber Authorities Face While Solving Cyber-Related Crimes/Phishing Attacks
Triveni Singh, Superintendent of Police, Cyber Crime at Uttar Pradesh Police told Outlook Money that one of the biggest challenges they face in crimes related to crypto is tracking.
“Whenever a crime happens and we ask for any data, they are not able to show it. But now, to follow such cases, we are getting help from some companies where they provide us with tools to trace them. I can’t share the name of the company, but those tools help us to know how transactions happen. On the basis of that, we are using open-source intelligence to trace such cases,” he says.
A report of Chainalysis noted that in 2021 alone, Indian users visited crypto scam websites over 9.6 million times. The most visited scam websites in India are coinpayu.com, adbtc.top, hackertyper.net, dualmine.com and coingain.app. These five websites alone received about 4.6 million visits from Indian users.