event background
event background
In the early morning of May 16th, when I was looking for my family, I joined the official Discord server from the invitation link on the project official website. Immediately after I joined the server there was a"robot"Analysis of Fishing Techniques
Analysis of Fishing Techniques
I visit"robot"After the link sent by (Captcha.bot), it asked me to perform man-machine verification, but after I passed the verification, I found that it asked to wake up my little fox (MetaMask) wallet, and the wallet interface that was called up was quite real, as follows As shown in the picture, but I see the address bar of the wallet shows"about:blank"This aroused my vigilance (I usually audit a lot of plug-in wallets), if it is triggered by a plug-in, there will be no such thing"about:blank"address bar.
Next, I randomly entered the password, and checked through the review elements, and determined that this little fox (MetaMask) interface was created by a fake website"https://captcha.fm/"What popped up was not the real wallet interface, so I started debugging the wallet.
After randomly entering the password, this fake wallet interface enters into"Security Check"interface, asking me to enter the mnemonic for verification. Note that the entered password and mnemonic will be encrypted and sent to the server of the malicious site.
first level title
Analyze Malicious Accounts
After downloading and saving the source code of the malicious site, I sent the information to the project team and began to analyze the account of this phishing attack. Since I just joined the family group, I received a verification message from the address below. After analysis, this account is an ordinary account disguised as a Captcha.bot robot. When I joined the official server, the fake Captcha.bot robot immediately sent me a fake human-computer verification link from the official server (it looks like an automated Identify newly joined users, automatically construct links and privately send phishing links), thus guiding me to enter wallet passwords and mnemonic words.
first level title
Received phishing link again
The matter is not over yet, another SlowMist partner (thanks to @Victory for providing the material) joined the official Discord server the next morning, and received a private message from a malicious account again, which contained a phishing link, different Yes, this time the phisher directly pretended to be an official account and sent a private message.
The story told by the phisher this time is to import mnemonic words into the link for identity verification. However, instead of using the fake little fox (MetaMask) interface to deceive users, they directly guide users to enter the mnemonic words on the page. This phishing The technique is not so real (the fishing technique is too rough).
first level title
Phishing prevention method
Various phishing techniques and incidents emerge in endlessly. Users must learn to identify various phishing techniques to avoid being cheated, and the project party must also strengthen the education of users' security awareness.
userAfter joining Discord, users in the server should be prohibited from private chatting in the privacy function. At the same time, users also need to improve their security awareness, and learn to identify the attack methods of disguising MetaMask (such as checking whether there is an address bar, if it is initiated by a plug-in, there is no address bar), and when the web page invokes MetaMask to request a signature, it must identify the content of the signature , rejecting the request for the web page if it cannot identify whether the signature is malicious. When participating in the Web3 project, do not import private keys/mnemonic phrases on web pages anytime and anywhere. Use hardware wallets as much as possible. Since hardware wallets generally cannot directly export mnemonic words or private keys, it can increase the threshold for the mnemonic private key to be stolen.
Project sideThe team should always pay attention to the feedback of community users, delete malicious accounts in the community Discord server in a timely manner, and conduct anti-phishing security education when users first join the Discord server.
Discord privacy settings and security configuration reference link:
https://discord.com/safety/360043857751-Four-steps-to-a-super-safe-account
https://support.discord.com/hc/en-us/articles/217916488-Blocking-Privacy-Settings-
