Scammers have taken their tactics to the next level and are now using real funds in address poisoning attacks. This new development was brought to light through a post on X by Cyvers Alerts, a platform dedicated to raising awareness about online threats.
New Phishing Scam Targets Crypto Users
A recent incident where a victim lost nearly $50k has raised concerns about a new phishing scam targeting crypto users. The initial post warned, “Beware of a new phishing scam targeting #crypto users! Scammers are now sending real $ETH to trick you.”
?ALERT?Beware of a new phishing scam targeting #crypto users! Scammers are now sending real $ETH to trick you. ?️♂️
They expect you to accidentally copy a scam address. Similar to address poisoning, they might also send fake $USDT. If you send funds to this wrong address, you’ll… pic.twitter.com/8EKxixgVTG
— ? Cyvers Alerts ? (@CyversAlerts) January 15, 2024
The post further emphasized that these bad actors rely on users mistakenly copying a scam address, a tactic similar to address poisoning. These fraudsters may also send counterfeit Tether (USDT) tokens, tricking users into sending funds to the wrong address and falling prey to their scam.
In a follow-up post, Cyvers Alerts pointed to an incident of such a scam. The victim fell prey after receiving a negligible amount of Ethereum in what appeared to be a test transaction.
Unknown to them, the scammer had placed their fake address in the victim’s transaction history. Subsequently, the victim copied the scammer’s address and sent 17 ETH worth $47.6K, resulting in a significant financial loss.
User Loses 1 Million USDT
Another X user named Catakor has highlighted a recent similar incident that saw a user lose a million USDT. Through a thread, they narrated how the user received a million from their Kraken account and conducted a “test deposit” to confirm the funds went to the correct account.
However, a scammer had created a fake transfer of USDT from the user’s wallet to an address closely resembling the one associated with the Kraken account. The user then unknowingly copied the last “sent” transaction, resulting in them losing up to a million USDT. The scammer then quickly converted the stolen USDT to ETH and transferred them to another wallet, where they are now stored.
Address poisoning is a scam that targets the common practice of copying and pasting wallet addresses in cryptocurrency transactions. The scammer uses a ‘vanity’ address generator to create one closely resembling the victim’s and sends a transaction of negligible value from this fake account. If the victim accidentally pastes the scammer’s address, they end up sending funds to the scammer instead of the intended recipient.
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).
Unveiling the Latest Tactics Used by Scammers in Poisoning Attacks
In today’s digital world, scams and cyber attacks have become a common occurrence. With the rise of technology, scammers have become more sophisticated in their tactics, making it harder for people to detect and protect themselves from these attacks. One of the most dangerous techniques used by scammers is poisoning attacks. It is a form of cyber attack where attackers aim to infect a user’s system by tricking them into opening a malicious link or downloading a harmful file. These attacks can cause severe damage to an individual’s personal data, financial information, and even their devices. In this article, we will discuss the latest tactics used by scammers in poisoning attacks and how you can safeguard yourself from falling victim to them.
Tactic 1: Social Engineering
One of the most effective tactics used by scammers in poisoning attacks is social engineering. It is the art of manipulating people into giving confidential information, such as login credentials, financial details, or clicking on malicious links. In poisoning attacks, the scammer may use social engineering by posing as a legitimate person or company, using a fake email address or website. They may also use fear tactics, urgency, or curiosity to trick the victim into taking action without thinking.
Tactic 2: Phishing
Phishing is a type of social engineering tactic used to acquire sensitive information from individuals. In this tactic, scammers send fraudulent emails that appear to be from a trusted source, such as a bank or a popular brand. These emails often contain a link or attachment that, when clicked, directs the user to a fake website or downloads a malware-infected file. These phony websites or files are designed to steal login credentials or install malware on the user’s device, allowing scammers to carry out their attack.
Tactic 3: Watering Hole Attacks
Watering hole attacks are a more sophisticated form of poisoning attacks. In this tactic, the scammers target specific websites frequently visited by their victims, such as social media platforms or popular news sites. They infect these websites with malicious code, causing anyone who visits the site to download malware onto their device. This type of attack is challenging to detect, as the victim may believe they are visiting a legitimate website and freely browse without realizing their device has been compromised.
Tactic 4: Vishing
Vishing is a phishing technique that involves scammers using voice communication, such as phone calls, to obtain sensitive information. In this tactic, scammers often create a sense of urgency or use authority to trick the victim into giving their personal information. They may also use technology, such as spoofing or robocalls, to make the calls appear legitimate. Vishing can be challenging to detect, as the victim may believe they are speaking to a legitimate representative of a company or organization.
Tactic 5: SMSishing
Similar to vishing, SMSishing is a tactic that involves sending fraudulent text messages to trick individuals into giving sensitive information. In this tactic, scammers often use a sense of urgency or fear to convince the victim to reply to the text with personal information or click on a link. These links can lead to a fake website or download a malware-infected file on the user’s device.
Protecting Yourself from Poisoning Attacks
As scammers become more sophisticated in their tactics, it is crucial to educate yourself on how to protect yourself from these attacks. Here are some practical tips to safeguard yourself from poisoning attacks:
1. Be cautious of emails and messages from unknown sources, especially if they contain links or attachments. Always verify the sender’s identity and the legitimacy of the link or attachment before clicking on them.
2. Look for signs of phishing, such as emails with spelling or grammatical errors, or messages that evoke a sense of urgency or fear.
3. Install and regularly update anti-virus and anti-malware software on your devices to detect and remove any harmful files.
4. Use a strong and unique password for your accounts to make it difficult for scammers to access your accounts.
5. Enable two-factor authentication wherever possible to add an extra layer of security to your accounts.
6. Regularly backup your important data to an external hard drive or cloud storage to protect it in case of a cyber attack.
In Conclusion
Poisoning attacks are a significant threat in today’s digital age. Scammers use various tactics, such as social engineering, phishing, and vishing, to trick individuals into disclosing personal and financial information, causing severe damage to their data and devices. By educating yourself on the latest tactics used by scammers and following the practical tips mentioned above, you can protect yourself from falling victim to these attacks. Remember to always stay vigilant and cautious when it comes to your online activities, and if something seems suspicious, it’s best to err on the side of caution. Stay safe and stay informed to keep yourself protected from poisoning attacks.