Unfortunately, criminals always try to exploit the weaknesses of the common user and the lack of lightness they offer to emails involving services related to the crypto and blockchain world, such as centralized exchanges.
In most cases we find ourselves being contacted for various problems or updates to be done on our account on the exchange and with a lot of links to follow to take us quickly to the relevant platform so as to log in with our credentials but unfortunately we are only doing the criminal game because in that case we are handing over our data to the criminals and that way they will be able to access our account.
Obviously we are talking about a technique called phishing, that is to make the victim believe that they are on legitimate platforms, of which they have all the graphic aspect, but behind the criminals are hiding and therefore ready to recover the credentials of the unfortunate.
Criminals use various systems to get in touch with victims, and one of this is obviously e-mail, where they send messages repeatedly and in various forms, and today we will analyze just one of these emails that happened in my e-mail address electronics.
Scrolling through the received mail, I notice one relating to the Blockchain.com platform, a platform famous for exchanging crypto and more, and I see that in the object I can read "An application has been linked to your account" and therefore I can deduce that someone may have entered my Blockchain.com account somehow, and have access to my crypto:
Who hasn't seen me get warning messages about suspicious account movements?
Surely to many, and therefore precisely on this lever the criminals are operating, that is to make the victim believe that someone has entered our account X and is operating, but none of this is true.
Going to analyze the content of the email, I can immediately check that the sender is strange and presents itself as "[email protected]" which is completely strange since the correct address for these notifications is "[email protected]"and moreover the content is more complete with also our ID of the wallet we have but also various information with access data, IP address, time, type of browser used and also the operating system .
While in this case we can only see that a third-party application has been linked to our account, Yahoo Finance, notifying us that if we have not carried out this operation, invites us to remove the related application:
It is true that I have an account on Blockchain.com, but it is equally true that it arrived at the wrong email address and that I usually use, so this already shows how it is sent to all those who have an email address and not to who has an account on that platform, taking advantage of the probability that someone may have an account of that type, as in my case.
But let's go on in this analysis and as a good programmer that I am, and as a virus collector for my Spam & Virus Database, I take the necessary precautions to see where the link takes me once I click on the remove app button, which in this case takes me to a simple page where I have to enter my 12-word backup phrase, i.e. the seed of my wallet to enter the site:
Unfortunately none of this is true because there are other credentials to access the platform and for sure the seed of my wallet is not one of them, but this shows how instead the criminals want to get the seed to take all our crypto associated with that wallet.
With this we can demonstrate that the relative email that arrived to us was nothing more than an innovative system to recover the credentials of the victims who follow the relative attached link.
In these cases, small precautions are enough to defend oneself, such as:
- Check the sender's address
- Check for any suspicious elements in the email and compare it with other previously received
- Do not follow any links in these emails but in general in any type of suspicious email
Remember "Don't Trust, Verify!"