I guess it's about time to revisit this important subject as the price of bitcoin is picking up and so are those cyber criminals. According to this report,
Cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades..
Cybersecurity Ventures predicts cybercrime will cost the world in excess of
$6 trillion annually by 2021, up from $3 trillion in 2015.
Yes, you heard it right, a staggering amount and it is really very concerning. So don't be the person to be added to those statistics. And what causes all of this? Because cyber criminals use phishing attacks to unsuspecting victims.
Phishing - I'm sure everyone have heard this subject before, so in a nutshell it is a way that cyber criminals used to get their victims to perform some type of actions like clicking on a relatively safe link in an email or getting us to enter our personal data. However, they've also evolved throughout the years and here are some variants:
[1]
Smishing (SMS Phishing) - I recently open up a thread here,
Smishing and how not to fall for it.
[2]
Vishing (Voice Phishing) - As the term implies, criminals used the phone system to lure you. It could come from a 1-800 number and will ask for your personal information or even ask access to your PC or laptop. They could camouflaged as someone calling from Apple or Microsoft. They used those big company names so that it won't arouse any suspicious. Remember, support won't call you first. Credit to
DdmrDdmr.
[3]
CatPhishing -
Don't forget about catphishing as well. That's when some dude pretends to be a female to try get their victim to let their guard down and send them bitcoins (because obviously a woman would never scam anyone - they're far too nice for that).
Here is a
classic scandalous example:
Alia's case.
[4]
Domain spoofing - I think this one is very predominant and may have been used by cyber criminals more often. They could impersonate a legit website like this forum, adopting the feel and looks so you need to look closely at the domain name. They could completely hide it using this
puny code technique. MyEtherWallet domain was social engineered using this kind of attack like a year ago if I'm not mistake, which causes millions of dollars lost for crypto enthusiast.
[5]
Evil twin phishing -
"An evil twin, in security, is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the end-user's knowledge." [6]
Juice Jacking - this is where cyber criminals uses public USB port as their attack vector. We can compare this to card skimming scams. Criminals are mirroring the real device so that when you plug-in and try to charge your mobile phone, they can either used it to (1) install malware into your device (2) copy all your data in it.
Source: https://searchsecurity.techtarget.com/definition/evil-twin.
Remember that we always say not to trust public WIFI? However, criminals has found a way to even attack us by disguising as a real and legitimate WIFI access, maybe this is not as well known as other attack vector but this is very scary as well.
It's really hard for us to not to fall for this trick. But at least we should be aware of it and maybe have seconds thoughts before clicking or even giving out our personal data. And for those sites we trusted, a good password manager is a must, or uses 2FA, you can refer to
bitmover's 2FA or
nakamura12's [Guide] How to Enable 2FA using Google Authenticator!.
So be very careful and vigilant !!!.