Top cryptocurrency news: Hackers are using Google Sites and Microsoft Azure to steal cryptocurrency: Netskope

14-Aug-2022 By: Sudeep Saxena

Attackers are using SEO methods to redirect visitors to phishing sites for wallet applications like Metamask and exchanges like Coinbase and Kraken.

According to Netskope, these websites, created on Google Sites and Microsoft Azure, dupe visitors into providing personal information, allowing malicious actors to drain funds from these services.

Netskope, an online security firm, has discovered a new type of cryptocurrency phishing scam scheme that uses SEO methods and imitation pages. According to reports, it has been discovered that attackers are utilizing blogs as methods to propagate links to phishing sites throughout 2022.

The attackers post links to blogs with SEO material, allowing them to rank high in search engine queries. This implies that the links will be assessed by a large number of users, who may mistake them for connections to legitimate cryptocurrency sites. However, the URLs take readers to phishing sites that seem remarkably similar to crypto-based sites, such as the Metamask website.

Other sites, including Coinbase, Gemini, and Kraken, also imitate exchanges.

These phishing sites, which are hosted on Google Sites or Microsoft Azure, are intended to deceive consumers and steal their personal information in two methods. The first involves directly obtaining the private seeds of users' wallets by urging them to import this data. This is the current strategy employed by the Metamask phishing site.

The second involves obtaining information about the users' accounts in any of the phished exchanges. When users enter their information, the sites return an error and direct them to call a support operator, who will attempt to collect further information about the users in order to effectively acquire their funds.

Netskope strongly advises users to never submit credentials after clicking on a link. Instead, go directly to the site where you're trying to log in. We also urge that businesses use a secure online gateway capable of detecting and preventing phishing in real-time.

WHAT'S YOUR OPINION?