12 common attack vectors that you probably didn't know (second part)

As we talk in our part 1 of this series, there are common options that scammers use to attack us. They contact by different apps or websites that we utilize in our rutine, so it´s very important to know them. Let's keep completing the list to avoid scams.

‍7. Fake uniswap airdrop, V3, sync, etc‍

Fake uniswap stealing seed:

Fake Uniswap airdrop:

NEVER enter key or phrase! Especially in some dodgy site!

Uniswap clones about a node sync or version upgrade, scams.

Fake airdrop twitter uniswap

Remember on DISCORD:

8. Compromised device

Never mine crypto and use a wallet on the same device.

Always use 2FA, best bet is to have a separate Chromebook or Macbook or PC/laptop that is not used for every day use, but only for crypto.

This can be a scary one. Copy and paste the “correct” wallet, but actually it gets replaced by malware to scammers wallet!

Or hacked PC and signed transaction actually signs TWO transactions, one hidden in the background! OUCH!

- Or modified background.js or metamask to approve hidden transaction EVEN WITH LEDGER.

Another example

- Fake Uniswap ICO site, with a dodgy .exe (teamviewer RAT hidden silent depoy)

9. Fake Ledger and Trezor support

Ledger does not phone you. Nor do they want your backup phrase in a dodgy portal.

Fake ledger:

Fake Trezor:

10. Sim swapping

If you notice GSM service disruptions allay assume sim hack!

Use authenticator app, not SMS!

⚠ Enable SINGLE DEVICE MODE to prevent 2FA app being cloned (AUTHY)!

11. Social engineering attacks and sextortion

Be careful who you chat with and who is asking you for your mothers maiden name or your first pet.

Make sure to scrub off metadata from photos before sharing.

(i.e. I have a video of you doing bad stuff, send BTC to avoid getting exposed)

If you got an email that somebody has a shameful video of you and extorts you, it is a scam.

12. Fake wallets and google play store apps

For example TRON does not have an app yet, but hackers are uploading FAKE Tron apps to google play store, promising and airdrop.

Fake Polkadot

Fake Tron Airdrop

Fake Balancer app

Fake Google Play Uniswap app wallets

NEVER ENTER SEED OR KEYS!

Fake software updates

DON´T DOWNLOAD ANYTHING FRO LINKS YOU GOT IN DMS!

Fake Graph foundation "mandatory" update (Remcos RAT)

‍

Fake Metamask

Metamask users are often invited to fake sites prompting them to enter seed phrase via various methods (email spam, scam DMs, twitter DMs, telegram and so on)

Another Metamask Scam:

Another variation of a Metamask scam

Another one

‍

Attack vectors such as domain squatting, executive impersonation, and SEO poisoning often go unnoticed by even vigilant internet users. PhishFort specializes in detecting and taking down phishing websites, mobile app clones, and fake social media content to protect your business and customers. By addressing these hidden but dangerous attack pathways, PhishFort ensures comprehensive brand protection from lesser known but potent cyber threats. Learn about phishing tactics targeting browser extensions in Chrome Extension Phishing and dive into phishing techniques in crypto with Phishing Enumeration | Understanding a Crypto Phishing Attack .

‍
Test our Brand Protection Services

With PhishFort’s hands-free, fully managed service, you can trust us to safeguard your brand without delay, allowing you to focus on what matters most. Test our Brand Protection Services today and secure peace of mind with rapid, reliable protection from PhishFort.

‍

Questions? Reach out to us on Twitter or Telegram.