Kaspersky, a cybersecurity solutions company, discovered how scammers are employing phishing against individuals with cryptocurrency accounts. Targeting hot or cold wallets, the scammers sent 85,000 scam emails to users, which were intercepted by Kaspersky’s solutions.
Citing data from Crypto.com, Kaspersky said there are over 400 million cryptocurrency wallet owners globally. Hot wallets basically mean digital storage while cold wallets are hardware such as flash drives.
“We are witnessing an ongoing surge in the popularity of cryptocurrencies, and with it, the need for users to stay alert and implement strong security measures to protect their digital assets,” Roman Dedenok, a security expert at Kaspersky, said in a statement.
This scam reached its peak in March, with more than 34,000 intercepted malicious messages. Kaspersky continued safeguarding cryptocurrency users in April and May, thwarting roughly 19,902 and 30,816 scam emails in these months, respectively.
Fake blog posts and web pages
According to Kaspersky, their security experts found that scammers usually target “non-technical individuals” or those who might not be as well-versed in IT and security.
Malicious actors send fraudulent emails pretending to be crypto exchange companies. And attached to those emails are links that lead to fake web pages that prompt victims to enter their seed phrase, an essential element for wallet recovery. By gaining access to the seed phrase, scammers can seize control of the victim’s wallet and transfer funds to their own accounts.
Cold wallets are entirely offline storage systems like a dedicated device or even a private key jotted down on paper. Hardware wallets are a prevalent type of cold wallet.
Kaspersky researchers found that malicious actors are using specifically the cryptocurrency exchange Ripple to lure email recipients to participate in an XRP token giveaway. Instead of directing victims to a phishing page. Scammers even use deceptive blog post that mimics the Ripple website’s design to create credibility. Victims will then be asked to connect their hardware wallets. This allows scammers to gain access to victims’ accounts and initiate fraudulent transactions.