In response to new phishing campaign targeting users of the online Ethereum wallet website Myethereumwallet.com, Stephen Burke, Founder and CEO at Cyber Risk Aware commented below.
Stephen Burke, Founder and CEO at Cyber Risk Aware:
“The main points of note here are that cyber criminals are leveraging the same tricks as always
The URL closely matches the legitimate website which people clearly are not spotting or checking as they are under pressure timewise and their eyes see what they want to see. “Etherum” in this case. Staff are operating in a default “trust” position when In fact when it comes to money and personal data anything they should be in a “trust but verify” or better yet “don’t trust and verify” if we want to really tackle this. It is a mindset. People have become desensitised and banks refunding money easily is not helping as people think they will get it back. That is changing however and if you are negligent the bank won’t pay.
Web security courses can show people how to truly assess what makes up a URL so they have the skills to check. For home users and staff this lack of knowledge is a key issue. People just see URL’s as being a web site address but don’t fully appreciate how they can be made to look real when in fact they are dangerous, especially with shortened URL’s and subdomains. For example, Facebook.russia.com is not Russian Facebook, it is Russia.com with something about Facebook.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.