- Best Prime Day robot vacuum deals to shop in October 2024
- Best Prime Day smartwatch and fitness tracker deals to shop in October 2024
- Best Prime Day deals under $100 to shop in October 2024
- The $13 Amazon Smart Plug is the best smart home deal for October Prime Day
- Grab the HP Victus 15 gaming laptop for $450 with this Best Buy anti-Prime Day deal
Phishing Campaigns Use SVB Collapse to Harvest Crypto
Security researchers have uncovered several new phishing campaigns using the collapse of Silicon Valley Bank (SVB) as a lure to steal cryptocurrency.
Proofpoint said it spotted lures related to USD Coin (USDC), a digital stablecoin tied to the dollar, that was impacted by the SVB collapse.
“This campaign used messages that impersonated several cryptocurrency brands, which were sent via malicious SendGrid accounts and containing SendGrid URLs. The URLs redirected to several different domains that asked the victim to claim their crypto/redeem to USD,” it tweeted yesterday.
“Clicking the button would try to open a DeFi URL, so the victim would need to have a DeFi handler installed, such as MetaMask wallet. The victim would then be lured to install a smart contract that would transfer the contents of the victim’s wallet to the attacker.”
Read more on crypto phishing scams here: Major Phishing Campaign Targets Trezor Crypto Wallets.
P2P payments tech firm Circle, which was exposed by the failure of SVB, announced that USDC would remain redeemable at a 1:1 rate with the dollar, sparking additional phishing campaigns.
Researchers at Cyble said they spotted several phishing sites impersonating Circle promoting the 1:1 deal. Some request users scan a QR code to proceed, which results in their crypto wallet being compromised, the vendor claimed.
Cyble said it saw a similar tactic at work in a separate phishing campaign featuring sites impersonating SVB and promoting a bogus USDC reward program.
“A QR code will be displayed if a user clicks on the ‘Click here to claim’ button to receive the promised USDC on the phishing site,” said Cyble.
“The victim is instructed to scan this QR code using any cryptocurrency wallet, such as Trust, MetaMask or Exodus. However, scanning the code will result in the compromise of the user’s wallet account.”