資安廠商 Netskope 旗下的研究人員,近來發現有駭侵者利用 Google Sites 與 Microsoft Azure Web App 等雲端服務架設仿冒網站,用於攻擊加密貨幣投資者,以竊取其加密資產。
報告指出,駭侵者的攻擊手法,是事先利用上述的雲端服務來架設多個仿冒知名加密貨幣錢包或交易所入口的釣魚網站,然後利用留言機器人在各大加密貨幣相關社群的討論區中大量發送含有這些釣魚網站連結的留言;用戶如果不慎誤信連結,即可能將自己的錢包或交易所登入資訊輸入到釣魚網站中。
報告指出,由於駭侵者選擇使用 Google 和 Microsoft 的服務,因此這些網站的網域名稱就是 Google 與 Microsoft 所屬的網址;這樣不但垃圾留言較不易遭到自動垃圾留言清除機制刪除,甚至還能取得很好的 SEO 效果。實測發現,一些駭侵者設立的釣魚網站,連往往會在 Google 搜尋結果中名列前茅。
報告說,這些釣魚網站攻擊的對象,是大型加密貨幣交易所與知名加密錢包的用戶,例如 Coinbase、MetaMask、Kraken、Gemini 等。駭侵者企圖利用這些假入口網站來騙取用戶的交易所與加密錢包的登入資訊與錢包復原短語,以完全控制用戶的數位資產。
報告指出,這些假網站還包括假的二階段登入驗證頁面,會要求用戶輸入手機號碼;待用戶輸入手機號碼後,假網站會顯示一個假的錯誤訊息,宣稱用戶因違反安全守則,帳號已遭停用;用戶必須按下頁面中的「詢問專家」按鈕,接著會有假冒的客服人員與用戶線上對談,誘使用戶開啟 Team Viewer 等遙控軟體,竊取用戶收到的二階段驗證碼。
建議加密貨幣投資者不要在任何社群網站中點按宣稱是官方網站的連結,且應注意連結本身是否為真實的網域名稱。
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.