Netskope Discovers Hackers Are Using Google Sites and Microsoft Azure to Steal Crypto

Attackers are taking advantage of certain SEO techniques to direct users to phishing sites for wallet apps like Metamask and exchanges such as Coinbase and Kraken. These sites, created in Google Sites and Microsoft Azure, fool users into introducing their personal information, allowing malevolent entities to siphon their funds from these services, according to Netskope.

A new kind of cryptocurrency phishing scam scheme has been detected by Netskope, an online security company, that involves SEO techniques and copycat pages. According to a report from the company, throughout 2022, it has been detected that attackers are using blogs as tools to distribute links to phishing sites.

In these blogs, the attackers post links with SEO content that allows them to rank high in search engine queries. This means that the links will be reviewed by many people, which can then open them to believing these are linking to real crypto sites. However, the links are directing the users to phishing sites that are very similar to crypto-based sites, such as the website for Metamask.

Other sites also mimic exchanges such as Coinbase, Gemini, and Kraken.

These phishing sites, which are hosted either on Google Sites or use Microsoft Azure, are designed to fool the users and take their personal information in two different ways. The first one has to do with acquiring the private seeds of the wallets of the users directly by prompting them to import this data. This is the method that the Metamask phishing site is currently using.

The second one has to do with obtaining the info of the users’ accounts in any of the exchanges being phished. When the users input their info, the sites return an error and prompt them to contact a support operator that will try to obtain more info about the users to successfully acquire their funds.

Netskope stated:

Netskope strongly recommends users never enter credentials after clicking on a link. Instead, always navigate directly to the site you are trying to log in to. For organizations, we also recommend using a secure web gateway, capable of detecting and blocking phishing in real-time.

Phishing scams are not new in the cryptocurrency world. Binance detected and warned about a massive phishing scam involving SMS in February.

What do you think about the new phishing scheme involving SEO, Google Sites, and Microsoft Azure-hosted webpages? Tell us in the comments section below.