Phishing Actors Prey on Luno Crypto Exchange Users to Steal Their Coins

  • Actors are running semi-sophisticated phishing campaigns targeting Luno crypto-exchange platform users.
  • The emails allege a problem with the account of the recipient, leading them to a phishing site where they enter their credentials.
  • The sender’s address and the phishing site layout are pretty convincing, but the landing URL isn’t.

There’s a spike in phishing attacks targeting users of the Luno cryptocurrency exchange right now, and as Kaspersky warns through a report, the scammers are having good rates of success. The actors send email messages to the victims that pretend to come from the Luno team, impersonating the address convincingly. The message body talks about a problem that has placed the recipient's account on hold, so they allegedly need to click on the embedded button and follow the instructions to “solve the problem.”

Source: Kaspersky

In the next step, which is to send the victim to the phishing page through a series of redirects and ask them to log in, the landing URL address that is used for the site has no resemblance to the Luno platform, but the layout of the webpage looks good enough for the deception to work.

If the victim ignores all the signs of fraud and enters their credentials, they get a ‘403 Forbidden’ error, and the adventure ends there. For the attackers, this is where the exploit begins as they now hold the user’s credentials and can log in to their accounts to withdraw crypto on wallets controlled by them.

Source: Kaspersky

One thing that you should keep in mind is that those phishing actors aren’t moving randomly, and neither do they distribute millions of emails with the hope that some will reach Luno users. Every time you write anything about owning crypto on social media, you are giving crooks a tip. Someone could easily see which crypto exchanges you are following on these platforms and figure out where your investments are. In other cases, the actors buy data leak lists from other relevant platforms and then use mass-mailing tools to do the job.

If you have received an email alleging any issue that requires your login on the account, do not click on any embedded buttons. Instead, open a new tab and visit the official site. If there’s anything that requires your attention, you will see an alert there. In any case, never enter credentials anywhere without carefully checking the URL you’re on. Finally, use multi-factor authentication that would make losing your account unlikely, even in the case of your credentials being compromised.

REVIEW OVERVIEW

Latest

Why Is Demon Slayer So Popular?

In August 2019, the world suddenly started talking about an anime series that had just released its nineteenth episode. Fast forward to...

F1 Live Stream 2022: How to Watch Formula 1 Without Cable

There's not much time until the 2022 Formula 1 World Championship gets underway - the first race is scheduled for late March,...

Disney+ Announces Basketball Series Inspired By Award-Winning Book The Crossover

Disney Plus announced a new basketball-themed drama series that is set to land on the streaming platform, drawing inspiration from the critically...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari