Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and Trojan malware spread on the messaging app Discord. The security firm recorded a total of 303 blockchain security incidents over the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to SlowMist’s Jan. 9 report. One of the phishing strategies makes use of bookmark managers, a feature in most modern browsers. SlowMist said scammers have been exploiting these to ultimately gain access to a project owner’s Discord account. “By inserting JavaScript code into bookmarks through these phishing pages, attackers can potentially gain access to a Discord user’s information and take over the permissions of a project owner’s account,” the firm wrote. After guiding victims to add the malicious bookmark through a phishing page, the scammer waits until the victim clicks on the bookmark while logged into Discord, which triggers the implanted JavaScript code and sends the victim’s personal information to the scammer’s Discord channel. During this process, the scammer can steal a victim’s Discord Token (their encrypted Discord username and password) and thus gain access to their account, allowing them to post fake messages and links to more phishing scams while posing as the victim.
Full story : 5 sneaky tricks crypto phishing scammers used last year: SlowMist.