After the Failure of Crypto, Phishing Attacks Are Converting to Metaverse
It is reported that several websites, including Etherscan and dextools, have confirmed the cryptocurrency scam and issued a warning not to connect to the wallet.
Since 2022, things have not been good for cryptocurrency. From major cryptocurrencies such as Bitcoin and Terra to memecoins such as Shiba Inu, every cryptocurrency is suffering losses. However, when the situation of various cryptocurrency projects is bad, Metaverse is becoming an attractive kamer. Seeing people’s great interest in Metaverse, cyber criminals have begun to carry out phishing attacks carefully designed around various Metaverse platforms. According to the fourth quarter 2021 brand phishing report of check point research, roblox, the Metaverse platform, is the eighth largest imitation brand of phishing attacks in this quarter.
Although roblox accounts for only 3% of all brand phishing attacks, this is the first time that brand phishing around Metaverse platform has entered the top 10. This article introduces how phishing attacks steal from meta space after cryptocurrency fails.
“In the metauniverse, fraud and phishing attacks against your identity may come from a familiar face – literally – such as an avatar posing as your colleague, rather than a misleading domain name or e-mail address. If we don’t act now, these types of threats may become a breakthrough for the enterprise.”.
Brand Phishing Attack
Brand phishing attacks have been quite effective because targets are more likely to click on them for more information. Metaverse broadly refers to a virtual platform that can be accessed through different devices, and people can move in a digital environment.
Given India’s great interest in Metaverse, more growth in phishing attacks around its brand can be expected. According to dapprdar’s report in November 2021, more than 500000 users in India showed interest in Metaverse project and NFT, ranking third in the world after the United States and Indonesia.
In a brand phishing attack, the threat sends a crafted fake email that looks like it comes from the brand itself or one of its partners. The purpose is to make users believe that the email is true, and then deceive them to click on malicious links or attachments. Its ultimate goal is to enter their accounts and systems and steal personal information or bank vouchers.
Boring Ape Yacht Club Phishing Attack
The swindler behind the phishing attack forged that the user will click on the link provided to enter the most important NFT Avatar – the boring ape man yacht club. To make it a reality, the pop-up window features an ape skull logo, next to the now invalid domain name nftapes win。 According to the whois query, the domain name that caused the phishing attack was registered around 3 p.m. on Friday. Eastern time.
The ad requires users to connect their metamask wallet for use on the website. Web 3.0 technology allows metamask wallet to authorize access to websites through smartphone and browser extensions. As fraudsters try to place suspicious advertising scripts on well-known websites that have a trust relationship with the audience, many users fall into the trap and provide access to their wallets.
Keep Safe
In order to avoid unnecessary phishing attacks, it is best to wait and reconsider joining the meta space. A congressional investigation into Metaverse’s security and privacy practices will force people to make changes in response to “inevitable violations”.
But the truth is that social media managers, brand advocates and early NFT speculators may ignore this advice because many of them can’t wait to jump into the vitality circle. Those who want to join the vitality circle immediately should ensure that their accounts have enabled multi factor authentication to prevent the simplest accounts from being taken over.
In the future, the vitality circle may bring its own unique threat by taking advantage of the anonymity provided by the platform. Recently, “deepfake” is one of the latest types of misinformation attacks. It uses an artificial intelligence called deep learning to produce images of false events, which was deployed during the Ukrainian war to continue Ukraine’s false surrender. Therefore, living in meta space will not be as easy and interesting as you think, because like cryptocurrency, this technology is also accompanied by many risks, including phishing attacks.
Please be aware that all investments involve risk, including the potential loss of part or all of your invested capital. Past performance is not indicative of future results. You should ensure that you fully understand the risks involved and consider seeking independent professional advice suited to your individual circumstances before making any decision.
For any inquiries or feedback regarding this article, please contact us at: [email protected]