Phishing of Crypto Hodlers, Traders, and Stock Exchanges

in #hacken6 years ago (edited)

Originally published in Hacken Blog

The crypto community had no other choice but to put up with the fact that there also exists the dark side — a community of various types of scammers and phishers. However, Nikita Knysh — the head of security in Hacken, co-founder of Hacken and HackIT Cybersecurity conference, has a lot to tell about how crypto hodlers are most likely to become phishing victims and what tools should be used to protect them from scams.

Phishing sites

Problem

There were times when Google Adwords and contextual advertising were so widespread that almost every ICO site had its own clone. Some of our clients had up to 30 fake websites that were being registered one by one and disappeared only after Hacken's intervention. Can you imagine that auctions for contextual advertising for the client's brand were more than $100 per click?!

Problem-solving

We set up a mention monitoring system for the brand and words similar to its name. Then, the whole crew of people began to automatically click off Google ads, putting the balance of intruders into the minus in just a few minutes. We also flooded registrars and hosts with complaints and were trying to block fraudulent phishers in all possible ways.One of the most effective ways to protect users was getting the original domain into the whitelist of MetaMask, and all fake domains into its blacklist accordingly. Every day, we were persuading the investors to install a plug-in from MetaMask, and, as a result, new phishing domains and wallets were added to the block list every hour.

Phishing Twitter accounts and AirDrop campaigns

Problem

Some marketers have recently started to begin their speeches with the phrase «people are becoming dumber every day», and the best manifestation is fake AirDrop-campaigns. I would also add that «people are acting stupid because they simply hope to get something for free.» I believe phishers and sober thinking individuals noticed that the feed in social media networks sometimes turns into a never-ending stream of «win this or that for a repost right here right now.»

Now, all those hoaxes are slowly migrating into the crypto world. If earlier spam used to look like «copy this letter and send it to three other people and you will be forever happy», later it evolved into «resend this SMS and fill three accounts with a magical balance that will fill yours in return», or, «repost, indicate your wallet, send us 1 ETH, and we will send you 1000 s**t-coins.» Doesn’t it remind you of the story «I got my iPhone 6 back, but I have already bought Iphone 7, so I'll give the former away to a random person who will repost this?»

Let’s analyze this case on a real example: here is an incomplete list of phishing campaigns on Twitter, which were allegedly distributing tokens on behalf of Hacken: Hackven_io; Hacken_ibo; Hacken_ioo; Hacken_rio; Hacken_ixo; Hacken_yio; Hackezn_io; Hackebn_io; Hackens_io;  Hackedn_io; Hakken_io; Hackqen_io; Hacken_ieo; Hacyken_rio; Hackeon_io; Hackren_io; Hacken_lo_; Hacken_iso; Hackensios

Honestly, after the 30th phishing account, we stopped writing them down. The funny thing is that people themselves are distributing such kind of information without even giving it a second thought. 

Moreover, it became pretty popular to tag well-known ICOs on Twitter, Facebook or even Instagram and tell everyone about the giveaway of remaining tokens. Those who tagged us were not very lucky though, as they got under the influence of our anti-phishing machine. However, you might be surprised that a lot of ICOs do not pay attention to such campaigns at all. Here is the list of sites that «we're giving away» tokens and tagging Hacken (as you probably guess, they are all already blocked): 

ethereum.org-giveaway.live

ethereumpomo.online

giveaway.ethereunn.org

eth-airdrop.online

ethtogive.com

manytokens.com

Problem-solving

Block fake accounts by sending complaints, conduct an airdrop campaign only on your own domain (or subdomain) and always warn that the distribution of any other links to third-party resources (e.g. Google form) will result in account blocking and accusations of illegal use of the brand by third parties. Users also need to remember: free cheese is only in a mousetrap. The distribution of tokens can only take place within advertising campaigns or with certain marketing purposes, but it is still necessary to double-check such information on the official website of the project.

What to do about phishing in Telegram?

Problem.

Nowadays, almost every ICO is facing the same problem: dealing with phishing scams in Telegram. By entering the group or subscribing to a channel of any popular token sale, you will probably instantly get up to ten personal messages «from the administrator» with an offer to buy tokens. Despite the fact that admins of large projects regularly «clean» the group from spam and other delusional messages, right now this is not enough, because phishers and scammers simply write people directly.

Problem-solving

You can use our Hacken Antispam/AntiPhishing bot, which once in a certain period of time goes through the entire list of users and does the following:

  1. Compares all profile pictures of users with those of administrators and shows potential phishers that can impersonate the administrator.
  2. Compares all nicknames, first/last names and user statuses for the similarities with the ones of official administrators, brands, etc. in order to detect potential phishers.
  3. Bans such personalities without mercy.
  4. Removes users with zero activity who did not check the chat for more than 30 days (the number is up to you).
  5. Filters all links and wallets that are sent to the chat.
  6. Filters all "forwarded" messages and pictures, as this is a very popular way of dishonest and fraudulent advertising in other channels.
  7. Sends manual/automatic reports (complaints) about those who violate the above-mentioned points.

For ordinary users, I would highly recommend not to buy tokens in group chats or untested channels. If needed, you should personally contact admins and understand that they are unlikely to offer you to buy something using an unofficial link leading to some strange site.Blocking scams in Telegram is a very complicated question that requires a considerable amount of time and certain knowledge in the field of jurisprudence. In order to ban the user, you would need to describe in every detail what exactly they are violating according to messenger rules or international laws.

Summing UP

There have always been people who batten. Nevertheless, there are companies like Hacken who interfere the parasitical activities. 

Subscribe to Hacken official blog to read latest industry trends and educational articles.