"The Lessons from the FTX Hack" Phishing attacks will affect every digital asset holder
This article will discuss how ordinary users can prevent phishing attacks.Author: GoPlus Security
On November 12, the FTX exchange was hacked, resulting in the theft of various assets worth $189 million. The main site of FTX was also attacked, and the app download link was replaced with malware. Once users downloaded or updated the app and used it, they would lose their usernames and passwords, while all registered information on the FTX exchange would also be stolen.
The impact of this incident quickly expanded, with a rapid increase in the number of phishing websites detected over just one weekend on the 12th.
At the same time, multiple project teams or exchanges issued announcements, reminding users to be aware of various forms of phishing attacks.
In the future, phishing attacks will cover every digital asset holder, whether users are on centralized exchanges or decentralized applications.
How do attackers conduct phishing attacks using user information?
Attackers can obtain key information such as users' phone numbers, identity information, and commonly used email addresses by attacking centralized exchanges. This information will further spread through the black market, falling into the hands of more scam attackers;
Attackers can use this information to establish contact with users, such as finding users' social media accounts and sending them messages or emails;
They exploit users' panic or habitual behaviors to send content like "We detected that your account is at risk, please verify as soon as possible, and here is the URL," luring users to enter their passwords on fake centralized exchange sites for secondary verification or to authorize fake contracts;
Once attackers obtain usernames and passwords or authorizations, they can easily steal users' assets.
How can ordinary users prevent phishing attacks?
First, establish a prevention awareness and implement basic preventive measures based on personal circumstances.
- Do not click on links in text messages or emails that you did not initiate.
Official communications will generally not be sent to users unless triggered by user actions, such as changing passwords or confirming transactions. If you receive an email or text message without having done anything, do not click! Do not click! Do not click!
- Bookmark frequently used websites and double-check if the URLs are real.
When searching for a website through a search engine, always verify through other means, such as the official Twitter account or phishing URL detection tools (phishing URLs can be ranked higher than real URLs through paid results or search ranking manipulation, so do not trust them blindly).
- If you need to download an app or application, try to download it from the official website.
Some app markets may provide download links, but attackers can upload fake apps or applications to these markets. If the app market does not have a robust security detection mechanism, users may still download fake apps or applications.
- Do not easily click on links within communities.
Attackers may disguise themselves as different identities within communities to spread false information, such as claiming that the official exchange has been hacked and is no longer accessible, urgently asking users to transfer assets through a separate link; emphasizing urgency, otherwise users' assets will be stolen by attackers, thus tricking users into clicking on phishing links they post in the community.
The above addresses several main phishing methods used by attackers; the logic is not complex, but why do attackers continue to succeed?
First, the attack range is large, covering a vast number of users, and there will always be some who fall through the cracks; second, they exploit users' impatience, causing panic while not allowing users time to think. Once users fall into the attackers' trap and follow their logic, it becomes very difficult to avoid being scammed.
Secondly, learn to use security detection tools.
From the attackers' methods, the key step is guiding users to click on fake URLs. Attackers spread similar URLs to lead users to click on fake websites that replicate the legitimate site, blurring the lines between real and fake to steal users' login information.
If users know how to use phishing URL detection tools or communities, they can effectively identify fake URLs.
1. PHISHFORT
A well-established phishing URL service provider that offers phishing URL API services and also provides browser plugins for ordinary users. The phishing URL database is continuously updated, and when users visit a phishing URL, the PHISHFORT plugin can identify the URL information through the browser and determine if it is a phishing site, covering all mainstream URLs and continuously updating for niche URLs.
PHISHFORT introduction page on GoPluseco
Usage instructions:
You can download the plugin from the PHISHFORT official website.
You can also find it in the Chrome Web Store.
- ScamSniffer
A winning project from the Ethereum Hackathon in Shanghai, also a Chrome browser plugin.
ScamSniffer introduction page on GoPluseco
Usage instructions:
You can download it from the ScamSniffer official website.
You can also find ScamSniffer in the Chrome Web Store.
https://chrome.google.com/webstore/detail/scam-sniffer/mnkbccinkbalkmmnmbcicdobcmgggmfc?
Click to install and open the plugin.
When the plugin is running, it will pop up a warning if it encounters a phishing URL.
Note:
The phishing URL database updates are not immediate, meaning that when a phishing URL goes live, it may not be recognized right away. Therefore, users cannot avoid all risks but can effectively reduce their exposure to risks.
The phishing URL identification rules may not be completely accurate and could result in false positives.
The above content is sourced from GoPluseco, which aggregates high-quality security applications or services in the industry to match users with optimal security solutions. If you encounter security-related issues, feel free to ask GoPluseco, where all questions are answered.
