COMMON TRENDS WITH PHISHING IN WEB3
🚩 Common Trends with Phishing in Web3 In this article we will go over some of the things the Wallet Guard team has observed as commonalties amongst phishing attempts in web3!
- DNS Records
- Fuzzy Malicious URLs
- Using Homoglyphs in URLs
1/ DNS Records:
Observations:
🔎 DNS Records for scams tend to be created with in 3 weeks of it being spread.
🔎 When a DNS is Hijacked like with polygon-rpc the ‘Updated’ field in the record is changed.
Wallet Guard automatically checks DNS Record Info and alerts you!
2/ How to preform a manual whois check:
[To Manually Analyze DNS Records]
macOS/Linux:
- Goto Terminal
- Type the following ⬇️ and press enter
- “whois example.com | grep “Creation\|Updated\|Modified”
Example Output ⤵️
3/ Fuzzy Malicous URLs:
Observations:
🔎 Many common phishing campaigns tend to use URLs similar to the official sites
Example: Openssea[.]com vs. Opensea[.]io
4/ Homoglyphs:
Observations:
🔎 Recently we’ve noticed an increase in the usage of Homoglyphs ← Characters that look like each other
For example: PREMłNT[.]XYZ vs PREMINT[.]XYZ
When resolving such domains you get punycode ← converts words that cant be written in ASCII
5/ Punycode:
Observations:
🔎 Say you’re resolving the domain: Openséa[.]app ← This is what the omnibar (search bar on your browser) will say the domain is.
🔎 However, when resolved the way your browser interprets it, the URL looks very different: xn — opensa-fva[.]app
6/ Key Takeaways:
◼️ Links are not always as they seem
◼️ Recently created/modified DNS Records should signal something as risky
◼️ Be alert for Homoglyphs in URLs
◼️ Check out WalletGuard.app/academy for more educational content
7/ Wallet Guard:
If this is your first time coming across Wallet Guard we offer a chrome extension designed to combat scams/phishing in Web3. Our extension acts as a security companion to your crypto wallet of choice. Check us out at WalletGuard.app
