Microsoft 365 Defender warns of ice phishing attacks

by Don Sharpe
Don Sharpe
Don Sharpe
Author
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been... read more
Affiliate Disclosure
  • Microsoft 365 Defender Research Team warns of increasing social media and ice phishing attacks on blockchain services.
  • Ice phishing still remains one of the biggest security threats to users, especially in the Web3 space.
  • Users should approach any links they receive through social media with caution and verify them through official company channels before engaging with them, researchers recommended.
VPN targeted for cyber attacks

A new Microsoft report has identified phishing attacks being specifically aimed at Web 3 and blockchain tech, according to a recent blog post.

Microsoft 365 Defender Research Team says that phishing is a particular problem for decentralized technologies such as smart contracts and wallets. 

Phishing campaigns work by getting users to give up information under false pretenses. For example, a popular scam involves someone pretending to be from a company or organization that users have interacted with in the past.

This is particularly dangerous in the world of blockchain technology because of how anonymous transactions within the space tend to be. 

Blockchain technology processes transactions with no intermediary, meaning that there aren’t many ways to reverse them once they’ve been completed.

Attacks on blockchain

The Microsoft 365 Defender team said that these ice phishing schemes are unique because they often have a longer incubation time than other cyberattacks.

The team says that these attacks are usually launched against blockchain and Web3 apps, although it is likely they will move on to other online services in the future.

In their research, the team found that threat actors use a variety of techniques to target cryptocurrencies, including dynamic phishing attacks that leverage access to the cryptographic key for a victim’s wallet. If the attack is successful, the actor can take control of the victim’s digital assets.

Another common attack involves using malicious code to trick victims into sending their funds to another address controlled by an attacker. This is often done through extensions or malicious browser extensions.

Attacks also frequently involve tricking victims into sending funds directly to attackers. The team says some threats involve luring users with fake giveaways or lucrative offers that require a small payment in order to receive access.

In contrast to email phishing, which is a common scam used against everyday users, attacks against cryptocurrency blockchains often use social media schemes.

A scammer might pose as a support representative for a legitimate crypto-service and then message unsuspecting users via social media.

Blockchain impersonation

A tactic used by some attackers is to impersonate real blockchain services. A typo-squatter might register a domain almost exactly like a major crypto service but with minor typographical errors.

This has become such a problem that Microsoft recently launched Project Stricture to combat the issue. The project sees Microsoft working with domain name registrars in an attempt to prevent domain names similar to legitimate service providers from being registered.

The latest trend is called ice phishing and it’s a response to the increase in security measures in place to protect cryptographic keys against theft.

In this new form of attack, cybercriminals attempt to steal information by tricking users into signing off on transactions that, instead of sending money to another wallet, transfer private information.

Microsoft 365 Defender Research Team outlines how attackers are using both old and new tactics and techniques to carry out ice phishing attacks that target both individuals and organizations.

Have you experienced any attacks by receiving phishing emails to give your information? Share your experience in the comments section below.