Hackers use Google Sites and Microsoft Azure to steal cryptocurrencies

Attackers use certain SEO techniques to direct users to phishing sites for wallet apps like Metamask and exchanges like Coinbase and Kraken. These sites, built on Google Sites and Microsoft Azure, trick users into providing their personal information, allowing criminal entities to steal their funds from these services, according to Netskope.

The crypto phishing scheme uses SEO, Google Sites and Microsoft Azure

Netskope, an online security company, she revealed a new kind of cryptocurrency phishing scam that involves SEO techniques and cloned pages. According to the company's report, during 2022, attackers were found to be using blogs as tools to distribute links to phishing sites.

In these blogs, attackers post links with SEO content that allows them to rank high in search engine queries. This means that the links will be searched for by many people who may then open them to believe they are linking to real crypto sites. However, the links direct users to phishing sites that are very similar to cryptocurrency-based sites, such as the website for Metamask.

Other sites also mimic exchanges such as Coinbase, Gemini and Kraken.

Phishing mechanism

Hosted either on Google Sites or using Microsoft Azure, these phishing sites are designed to trick users into obtaining their personal information in two different ways. The first of these has to do with directly acquiring users' private wallets by prompting them to import this data. This is the method currently used by the phishing site Metamask.

The second is about getting information about user accounts on any of the phishing exchanges. When users enter their information, the site returns an error and prompts them to contact a support operator who will try to get more information about the users in order to successfully retrieve their funds.

Netskope stated:

Netskope strongly advises users to never enter credentials after clicking a link. Instead, always go directly to the page you're trying to log in to. We also recommend that organizations use a secure web gateway capable of detecting and blocking phishing in real time.

Phishing scams are nothing new in the cryptocurrency world. For example Binance in February revealed a massive phishing scam involving SMS and she warned him.

Interesting events for our readers

Binance

Trade with up to 60% off fees and a $600 bonus

Open an account Review

Phemex

Free bonus up to $ 2,500 upon registration and deposit

Open an account Review

Bybit

Free bonus up to 3650 USD after registration and deposit

Open an account Review

All content in this article is for informational purposes only and does not in any way serve as investment advice. Investing in cryptocurrencies, commodities and stocks is very risky and can lead to capital losses.