With the emergence of digital currency exchanges, the ability to buy and sell digital currencies online is easier than ever. However, due to the popularity of these exchanges, scammers are continuously exploring new ways of tricking consumers through phishing schemes.
One method of stealing from consumers is through phishing. Phishing scams attempt to direct users to a fake, yet seemingly identical, copy of the website they wish to access. Once the user attempts to log in, the scammer is provided the user’s login information.
These scams are nothing new, as the term “phishing’ has been used to describe email and website scams since as early as 1996. However, the threat of phishing scams is still prevalent on the web today due to hard-to-spot methods of URL spoofing; a practice of making a fake website’s address look as real as possible.
Due to increasingly hard-to-spot tactics that scammers use, fake URLs can be extremely easy to miss. To illustrate the issue, take a look at the following example:
In the example above, it is easy to miss that the URL is not legitimate. However, by comparing the two addresses, it becomes apparent that instead of using the traditional letter “n,” this phishing attempt makes use of an “ṇ” symbol (notice the small dot).
This is especially hard to notice when the URL is part of an email or hyperlink, as the underline can hide the dot altogether. This practice is known as a ‘homograph attack,’ and as blogger Xudong Zheng pointed out, they are a significant security threat.
“From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters,” said Zheng. “It is possible to register domains such as ‘xn--pple-43d.com’, which is equivalent to ‘аpple.com’. It may not be obvious at first glance, but ‘аpple.com’ uses the Cyrillic ‘а’ (U+0430) rather than the ASCII “a” (U+0041).”
To emphasize this issue, Zheng registered the domain “аррӏе.com,” which looks identical to the actual “apple.com” website. In fact, the only difference is that the letter “a” uses a different alphabetic writing system.
WHY DIGITAL CURRENCY INVESTORS ARE AT RISK
With the popularity of digital currencies and the amount of new and experienced investors, the industry is becoming a prime target for scammers. This is also observed in cases of cryptojacking, where hackers are incentivized to seek unauthorized digital currency mining as a way of making money.
URL spoofing is a risk for all web users, but currently the risk is especially prevalent for users of digital currency exchanges. This is because individuals often use exchanges to hold large amounts of funds and store personal information like their credit card details.
As a consequence of the prevalence of URL spoofing, a representative from CoinJolt stated that the exchange received several reports of people falling victim to these scams.
“We have recently noticed a dramatic increase in threads from users that have become victims of phishing, falsely claiming that CoinJolt has been compromised,” said a CoinJolt representative on Reddit. “Rest assured, this is not the case.”
WHY COMMON SECURITY METHODS AREN’T ENOUGH
While Two Factor Authentication is an extra layer of defense, it is not enough on its own to protect you from a homograph attack. Many digital currency exchange phishing sites ask for a valid authentication code, which they can use to automatically log in to your account on the real site. Some may even ask for your authentication code a second time, using it to withdraw funds from your account or lock you out entirely.
Additionally, while viewing the green “Secure, https” SSL certificate in a website’s address can help limit your exposure to fraudulent sites, some phishing sites manage to obtain SSL certificates from questionable providers.
This is visible in the earlier example of the fake CoinJolt website, which shows a green SSL certificate despite being an illegitimate website.
Major web browsers continue to take active measures designed to limit IDN homograph attacks. However, scammers often find ways around these obstacles, leaving users vulnerable as a consequence.
HOW TO PROTECT YOURSELF FROM PHISHING
Luckily, the risk of falling victim to a homograph attack is nearly non-existent for users that access websites directly. To avoid interacting with phishing sites, manually enter the website’s domain into your browser, or create a bookmark for easy access.
This is especially important due to reports of scammers taking advantage of the ad networks of search engines like Google in order to boost fake websites to the top of search results. As a consequence, many state that this is how they end up falling victim to aggressive phishing schemes.
For further security, many recommend the use of password managers due to their ability to detect phishing schemes.
Ultimately, however, the best tool at your disposal is staying vigilant. Avoid trusting sketchy links or emails, stay up-to-date on virus protection software, and be cautious when entering sensitive information like usernames and passwords.