According to a study by Kaspersky, cybercriminals have been able to phish into ICOs and rake in about $2.3 million within the second quarter of the current year. In its report on spam and phishing, the cybersecurity firm found that the top targets were investing sites that belong mostly to Ethereum-based companies trying to raise money for their platform, lured in with fraudulent ICOs websites. Using phony crowdfunding links and other tricks, they make the victims believe they are putting their money into a legitimate ICOs round, and end up giving away their ether funds to malefactors.
“Cybercriminals continue using the names of new ICOs projects to collect money from potential investors that are trying to gain early access to new tokens,” explained Kaspersky. “Sometimes phishing sites pop up before official project sites.”
The very recent phishing attack on the investors of the “Skype-like voice and video call application” Experty can be recalled as an example, where investors had lost about $150,000 worth of ETH to a fake pre-ICOs scheme impersonating the company. Investors had to go through the regular registration process through the official website in order to participate. The malefactors managed to obtain the data of these potential investors. Later, a fake invitation link was used to get these investors to send in their ETH funds, leading them to lose a lot of money.
Telegram had also announced a hugely popular ICOs some time back, which brought several hackers out to try a number of illegal tricks, including fraudulent websites. By the time the original pre-sale was completed, the illicit embodiments had already brought in a similar amount of money themselves.
Till now, Kaspersky has only considered “traditional” phishing attempts for monitoring. The firm claims they have managed to stop upto 58,000 user attempts to log into fake phishing websites that are impersonating real-world wallets and markets. The firm allegedly recorded no less than 2000 phishing attacks in the year 2017 alone. In the same year, the ICOs markets had managed to give away more than $300 million to cybercriminals.