Friend.tech phishing scheme involved fake journalists
SlowMist reveals a sophisticated phishing attack on friend.tech, where fraudsters used fake interviews and malicious scripts to target users.
Experts found that unknown attackers sent a link containing a malicious JavaScript script. Fraudsters tricked users into adding it as a bookmark, laying the groundwork for future malicious activities.
The investigation also revealed that the attacker posed as a journalist from a well-known news agency and even had more than ten thousand followers on Twitter. The criminal targeted key opinion leaders who, due to their popularity, would consider it reasonable to receive invitations to interviews.
To lull vigilance, the attacker followed on Twitter the same people that the victims did. This gave the impression that they were part of the same community. After scheduling the interview, the attacker offered to join the interview on Telegram and even provided an interview plan. After the discussion, the attacker asked to fill out a form and open a phishing link.
However, the SlowMist team did not indicate how much cryptocurrency the attackers could steal in this fraudulent way. It is also unknown how many users were affected by the phishing attack. However, experts asked users to be vigilant and check for suspicious content.
“While we might not be familiar with all these scams, we can significantly avoid phishing attacks by: not clicking unknown links; learning to identify phishing links; and maintaining skepticism and continuous verification for actions involving authorization or password input.”
SlowMist team
At the end of July, a programmer from the Estonian company CoinsPaid met via video call with a recruiter who had reached out via LinkedIn with a lucrative job offer. During the interview, he was asked to upload a file to take a technical test, which he completed on his work computer.
A few days later, on July 22, the CoinsPaid security service noticed a series of unusual withdrawals – money was quickly drained from the company’s accounts. By that time, CoinsPaid had lost $37 million.