Cybercriminals have raked in a total $2.3 million by exploiting ICOs via phishing in the second quarter of 2018, a Kaspersky study revealed.
The multinational cybersecurity company in its new Spam and Phishing in Q2 2018 report found that online malefactors target crypto investors with fake ICO websites. Most of these sites belong to Ethereum-powered startups that raise money for the development of their platforms.
In addition to injecting a phony crowdfunding link into their outbound emails, cybercriminals try every last trick to influence a victim to send them crypto-funds to their Ethereum wallets willingly. The victims, believing they are investing in a good ICO round, ends up throwing their Ether funds to unlawful benefactors.
“Cybercriminals continue using the names of new ICO projects to collect money from potential investors that are trying to gain early access to new tokens,” Kaspersky disclosed. “Sometimes phishing sites pop up before official project sites.”
For example, the situation around the very fresh phishing attack on Experty can be mentioned for further elaboration. The ICO participants of this ‘Skype-like voice and video call application’ had lost $150,000 worth of Ethereum to a fraudulent pre-ICO scheme impersonating Experty. To participate in the ICO, investors had to go through a regular registration procedure on Experty’s website. Scammers managed to steal the information of potential investors from the company. They later persuaded these investors to send them Ether funds via a fake invitation link. As a result, investors lost a hefty sum.
A tremendously popular ICO announced by Telegram had also invoked hackers to employ various unlawful strategies, resulting in a dozen fake sites. By the time Telegram presale concluded, its impersonations had already raked in money that was reportedly comparable to the original presale round.
So far, Kaspersky has managed to monitor phishing attempts that are considered traditional by their approach. The antivirus company claims that they have “prevented 58,000 user attempts to connect to phishing websites masquerading as popular cryptocurrency wallets and markets” with their antiphishing system. In 2017, the number of recorded phishing attacks were two thousand, as confirmed by Alexander Gostev, Kaspersky’s chief antivirus expert
In the same year, ICO market had lost over $300 million to cybercriminals, including hackers and phishers.
HTTPS Certification is Not Reliable
Even the most informed investors consider websites with HTTPS certification genuine. The Kaspersky report, however, finds that malicious pages can now be found on secure pages, blaming it on the ease of access of these certificates. The study added that popular browsers like Google are beginning to change their approach towards certifying non-encrypted websites. It read:
“Starting in September 2018, the browser (Chrome 69) will stop marking HTTPS sites as “Secure” in the URL bar. Instead, starting in October 2018, Chrome will start displaying the “Not secure” label when users enter data on unencrypted sites.”