In this article we will go over some of the variables the Wallet Guard team has observed as commonalties amongst phishing attempts!
Link Unfurling Attacks
Using Special Characters & Similar URLS
DNS Record Changes
1. Link Unfurling Attacks
Threat actors can abuse Twitter/X link preview cards to make their scams more believable. Twitter/X will show a different website than where you will actually end up, thus tricking most people. Discord also allows users to mask a link, but will show a warning before you visit with the link that you are actually visiting.
Wallet Guard will warn you if you are about to interact with a wallet drainer or malicious website.
2. Special Characters & Similar URLS
Special characters (homoglyphs) can be used in URLs in order to trick people into thinking they are clicking on a real link. For example, "opensea.io" and "openséa.io" look similar at first glance, but the "e" is using a special character in the second link.
Many common phishing campaigns tend to use URLs similar (fuzzy URLs) to the official sites. For example, "openseaa.io" instead of "opensea.io" or "open-sea.io" instead of "opensea.io".
Wallet Guard will warn you if you are visiting a scam link that is attempting to appear like the real counterpart.
3. DNS Record Changes
🔎 DNS Records for scams tend to be created within 3 weeks of it being spread.
🔎 When a DNS is hijacked like with polygon-rpc the ‘Updated’ field in the record is changed.
Wallet Guard automatically checks DNS records and alerts you.
4. Recent Registrations
Most scam websites are registered, spun up, and taken down within a 24 to 48 hour period. Public WHOIS information lets you see when a domain was registered.
For example, if the website for a project you are about to visit is claiming they have been in development for months, but the website was created literally yesterday, that is a massive red flag and most likely a scam.
You can check public WHOIS information for websites by going to WHO.IS which references a public database of registration records.
Wallet Guard will notify you if the website you are dealing with was recently registered or created.
Links are not always as they seem
Recently created websites/modified DNS records should be red flags
Be alert of similar spelling or special characters in URLs
Wallet Guard detects wallet drainers, scams, phishing websites and bad signatures before they interact with your wallet of choice. It's a free open-source browser extension that is already helping secure over 50,000 wallets. Add it to your browser!