A study by Kaspersky showed that the cybercriminals have acquired $2.3 million in the second quarter of 2018 by exploiting the Initial Coin Offerings through phishing.
Majority crypto startups scams
Most of the Ethereum-powered startups have sites with fake ICO websites so that money is raised for their platform development. Such sites become the target of the online criminals as reported by the “Spam and Phishing in Q2 2018” report by Kaspersky. The cybercriminals adopt various techniques like including a crowdfunding link in the emails they send, to make the users by their own will, send money in their Ethereum-wallets. All the victimized users then transfer their funds into the criminal’s account instead of the good ICO round investment they were told about. The report by the multinational cybersecurity company read
“Cybercriminals continue using the names of new ICO projects to collect money from potential investors that are trying to gain early access to new tokens. Sometimes phishing sites pop up before official project sites.”
Advanced report by Kaspersky
The traditional methods of phishing have reportedly been avoided by Kaspersky as they monitored them carefully. With their anti-phishing system, they claim to have “prevented 58,000 user attempts to connect to phishing websites masquerading as popular cryptocurrency wallets and markets”. In the year 2017, the cybercriminals conducted 2000 phishing attacks out of which they gained $300 million.
The HTTPS certification that every user thought of being safe can now contain malicious pages according to the report by Kaspersky. The study read that companies like Google will now change their approach of certifying,
“Starting in September 2018, the browser (Chrome 69) will stop marking HTTPS sites as “Secure” in the URL bar. Instead, starting in October 2018, Chrome will start displaying the “Not secure” label when users enter data on unencrypted sites”.