A new wave of MyEtherWallet phishing attacks has been witnessed which use a convincing domain and MyEtherWallet branding to trick MyEtherWallet users into sharing their credentials and providing criminals with access to their MyEtherWallet accounts. In the initial hours of the phishing campaign, the criminals responsible for the scam had obtained more than $15,000 of MyEtherWallet funds, including $13,000 from one MyEtherWallet user.
The individuals running this campaign have registered a domain name that is very similat to the legitimate MyEtherWallet website. The domain is almost identical to the actual website, and a quick glance at the URL would not reveal anything untoward. The domain uses the same design, logos, and color schemes as the genuine MyEtherWallet website.
Links to the phishing site are being broadcast in phishing emails, which tell recipients about a ‘hard fork’ update. Clicking the link in the email takes users to the spoofed site where they were asked to enter their private keys and verify their ETH and token balances. Completing the request would give the attackers access to the victims MyEtherWallet funds, allowing transfers to be made to the cybercriminals’ wallets.
The scam was identified by security researcher Wesley Neelen, who along with his partner, Rik van Duijn, investigated the spoofed website, found the source code and log files, and saw a list of compromised wallets. In total, 52.56 Ether – approximately $16,000 – had already been obtained.
The researchers sent a request to the domain registrar asking for the spoofed domain be taken down, although at present the domain is still thought to be live. The scam has also been reported to law enforcement agencies.
This MyEtherWallet phishing campaign is a timely reminder just how important it is to stop and think before responding to any email request. Clicking on any link in an email that needs a logon should be dealt with as suspicious. If a request such as this is encountered, it is important to go to the legitimate site by entering in the URL directly into the browser rather than clicking any link sent via email. By visiting the actual website, users will be able to see if there is a need to update any software and if the request is official.