Catches of the Month: Phishing Scams for June 2022

Welcome to our June 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data.

This month, we look at how an NFT artist was scammed via Twitter, delve into bogus emails imitating QuickBooks and investigate a spate of attacks targeting metaverse investors.

NFT artist’s Twitter account phished

A digital artist who has created some of the world’s most popular NFTs recently discovered that he had been hacked.

The artist, known as Beeple, was the victim of a phishing scam, with the attackers stealing more than $70,000 (about £56,000) worth of cryptocurrency.

In addition to the theft, the cyber criminals shared a phishing link on Beeple’s Twitter account that, if clicked, took money from their crypto wallets.

It’s unclear how many of Beeple’s 674,000 followers were caught out by the scam, which claimed to be a raffle giving away works from the artist’s collaboration with Louis Vuitton.

Beeple first worked with the fashion brand in 2019, and has created more than 700 pieces, with the most expensive selling for 350 ETH (about £550,000).

According to Harry Denley, a security expert at the cryptocurrency wallet MetaMask, the bogus site being promoted on Beeple’s Twitter account didn’t use traditional phishing techniques. That is to say, it didn’t encourage users to hand over their login details, which the attackers could use to compromise the account.

Instead, anyone who followed the link was effectively consenting to a transfer of 1 ETH (£1,500) to an account controlled by the attackers.

This attack method is potentially less lucrative than compromising accounts, because it puts a cap on the amount of cryptocurrency that can be drained. However, it is more likely to work, because it only requires users to follow a link rather than enter their login details.

QuickBooks users warned of phishing scam

Intuit, the tax software provider that runs QuickBooks, has warned customers about scam emails claiming to be from the company.

Its warning follows several reports from users who said they had received emails claiming that their QuickBooks accounts had been suspended as a result of a failed business info review.

The fraudulent message read:

We’re writing to let you know that after conducting a review of your business, we have been unable to verify some information on your account. For that reason, we have put a temporary hold on your account.

If you believe that we’ve made a mistake, we’d like to remedy the situation as quickly as possible. To help us effectively revisit your account please complete the below verification form. Once verification has been completed, we will re-review your account within 24-48 hours.

Users are then directed to click a button that says “complete verification”. Doing so redirects the user to a website that mimics QuickBooks’s login page. Anyone who enters their login credentials provides the information to the attackers behind the scheme.

Crooks are targeting metaverse investors with phishing scams

The metaverse has been steadily gaining public attention over the past year, particularly as a result of Mark Zuckerberg’s investment into the technology.

Although plenty of scepticism remains over its viability, Zuckerberg isn’t the only one who believes this is the future of online communication. Plenty of people are queuing up to purchase blockchain-powered “virtual land” in various metaverse platforms.

But wherever money flows, crime soon follows. CNBC reported last month that there had been a spate of phishing attacks targeting metaverse investors.

Multiple investors said that their land had been stolen after receiving a message supposedly sent by the metaverse platform The Sandbox. It instead tricked the recipient into handing over their crypto assets.

Another person said that she had followed a link from Google that, when clicked, wiped her MetaMask wallet.

These incidents demonstrate the huge risks that come with crypto investments. There have been similar cyber attacks targeting NFT investors, with a single click of a button wiping people’s assets.

The lack of regulation when it comes to the blockchain is what attracts many people to invest in the technology, but it’s also a major problem when fraud occurs. Victims have no legal recourse and no way to prove that they own the asset in question.

Many of the people who fall victim to crypto scams don’t fully understand the inherent risks of the technology. You must be exceptionally careful when dealing with crypto wallets, and must not invest anything that you are not prepared to lose.

Can you spot a scam?

All organisations are vulnerable to phishing, no matter their size or the sector, so it’s essential to understand how you might be targeted and what you can do to prevent a breach.

You can help educate your staff with IT Governance’s Phishing Staff Awareness Training Programme.

This 45-minute course uses real-world examples like the ones we’ve discussed here to explain how phishing attacks work, the tactics that cyber criminals use and how you can detect malicious emails.