Researchers at PIXM have revealed their latest observations of a multilayered phishing campaign targeting cryptocurrency exchange Coinbase. Hackers are sending out spoofed Coinbase emails to harvest personal credentials and use them to log into users’ legitimate Coinbase accounts in real-time.
How it works: Hackers present users with a notification that their account needed attention due to an urgent matter (ex: locked account, transaction confirmation). Users were prompted to enter login credentials and a 2 factor authentication code into the fake website. With the newly obtained personal information, the attacker immediately gains access into users’ legitimate sessions on the coinbase website. This attack is centered around three core techniques and is patently different from other phishing attacks tracked by PIXM in the way that domains stay alive for extremely short periods of time:
- Short Lived Domains
- Context Awareness
- 2-Factor Relay
You can get more details on this phishing campaign here.
Like this:
Like Loading...
Related
This entry was posted on August 4, 2022 at 9:00 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Hackers Send Spoofed Coinbase Emails gather Users’ Credentials to Steal Cryptocurrency in Real Time: PIXM
Researchers at PIXM have revealed their latest observations of a multilayered phishing campaign targeting cryptocurrency exchange Coinbase. Hackers are sending out spoofed Coinbase emails to harvest personal credentials and use them to log into users’ legitimate Coinbase accounts in real-time.
How it works: Hackers present users with a notification that their account needed attention due to an urgent matter (ex: locked account, transaction confirmation). Users were prompted to enter login credentials and a 2 factor authentication code into the fake website. With the newly obtained personal information, the attacker immediately gains access into users’ legitimate sessions on the coinbase website. This attack is centered around three core techniques and is patently different from other phishing attacks tracked by PIXM in the way that domains stay alive for extremely short periods of time:
You can get more details on this phishing campaign here.
Share this:
Like this:
Related
This entry was posted on August 4, 2022 at 9:00 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.