Some users of MyEtherWallet have found themselves today with a lack of funds after hackers targeted them in a phishing email attack. The scammers laughed their way to the bank with over $15,000 scored in two hours.
One of the targets of the scam was Wesley Neelen, a penetration testing white-hat hacker who works at DearBytes. He noticed that something was off when he received what looked like a phishing email, pretending to be from the official MyEtherWallet website.
The emails were attempting to convince users to click on a link that would redirect them to a dummy site, set up by the scammers, siphoning the credentials they enter there.
Although the site was uncannily similar to MyEtherWallet’s, it had one fundamental difference: The “t” in the domain name was actually a “ț”, which is used in some languages (most notably, Romanian) to make a “tz” sound. To a casual observer, it might have just looked like some lint on their screen even if they took the time to look at the address bar.
Phishing is a common and simple trick that scammers use to lure more unwary individuals into giving away their authentication details. They take advantage of the similarity between some Unicode letters and modify a target domain just a little bit so that it looks very similar to the original name.
This incident took place just days after MyEtherWallet released an update to its software to better protect users from scammers.
But because it uses keystore files to authenticate its users into the network, it’s easy for scammers to trick users into uploading an authentication file to a fake site.
For anyone using MyEtherWallet or any other wallet that uses file uploads for authentication, it would perhaps be best if they’d have a look at the address bar when navigating the web. This could make the difference between being hoodwinked by scammers and catching them in the act.