The boom of the Cryptos has attracted not only many hungry investors but also hackers. Meanwhile, some common attack vectors have become popular for example the SIM hijacking and Clipboard-hacking. Who knows, how one can easily protect his money from a cyber-attack.
SIM Hijacking Bypasses the 2FA
The flaw in the so-called Sim Hijacking or SIM swapping are not the users, but most of the time the mobile phone operators. The attack could hit anyone using their phone number for a so-called 2-factor authentication (2FA for short).
In 2FA, the login requires two independent acknowledgments that it is really the real user. On the one hand, this is the usual login password, on the other hand, it is a one-time code that is displayed by e-mail, SMS or in an application. After login with the username and password, you have to enter the unique code.
If the second factor is a phone number, attackers can do the following: Call the appropriate mobile operator and request that the phone number be rewritten to a new sim card controlled by the hacker. Most of the time, the mobile service’s customer service rejects such requests, but the attackers can repeat this process until they get a service agent to the line that grants them the request. Once this hurdle has been overcome, the codes are sent via SMS to a new sim card. Thus, the second factor is bypassed and the hacker can dial into the foreign account.
Protect against this attack is limited, for example, by being very careful with the publication of the mobile phone number and does not brag about your own wealth. In principle, however, a 2FA by SMS is not recommended, and you should rather resort to an authenticator program such as Google Authenticator. This program often generates a new code per minute to authenticate with. A 2FA with an external application is the surest way to protect yourself against hackers.
Clipboard Hacking Changes the Receiving Address
Another attack vector changes the clipboard when a user copies receive addresses of Cryptos. The hacker replaces the copied address with an address of his choice and if so, can take over the transaction.
You can protect yourself against such attacks only by giving extra attention. It is therefore important to thoroughly check the receiving address before a transaction. Hardware wallets such as the Trezor and Ledger offer another form of 2FA in which the receiver’s address is also displayed on the hardware wallet display itself.
Let You Not Phish
Again and again, websites appear on the Internet, which is identical to large Cryptos exchange and wallet providers. MyEtherWallet and Trezor were already victims of such attacks in 2018. If the user does not pay attention to the authenticity of the website and enters his login details, he may be able to serve his hackers his information – and the associated money – on a silver tray.
Whether you are actually on the website of the stock exchange or not, you can see on “https: //” on the left side of the URL. The SSL certificate should be valid under all circumstances. Only then is it the right page. For the future, you should save these pages as bookmarks.
Conclusion: Be Mindful!
Cryptos are a new form of currency and have real value. Of course, that attracts the sharks (hackers). Everyone is responsible for their own safety according to the motto “Be Your Own Bank”. Most attacks can be prevented with caution and mindfulness. The safety precautions should increase in proportion to the value to be secured.
For larger stocks, it is always important not to keep them on a stock exchange, but to use a separate hardware wallet. The seed phrase for this hardware wallet should also be protected.