Creditors of Celsius Network, a bankrupt crypto lender, have recently been targeted for Celsius crypto phishing attacks. Celsius Network is a platform that uses its own CEL coin and allows you to deposit various cryptocurrencies such as Bitcoin and Ethereum into the Celsius wallet to earn profits or take loans using the deposited funds as collateral. Creditors who have been restricted from withdrawing Celsius coins due to Celsius’s bankruptcy in July 2022 are requesting refunds for their investments through ‘Stretto,’ a fund recovery claim agent.
The phishing attack targeting Celsius crypto investors in this situation started with phishing emails and phishing sites impersonating Stretto. Victims of Celsius crypto phishing have reported receiving emails from email@example.com claiming, “We offer creditors a 7-day exit window to claim your frozen funds.” The phishing email contains a link to case-stretto[.]com, which is a website purportedly for refund claims. However, the link redirects the recipient to the phishing site of Stretto, claims-stretto[.]com.
How to Detect Celsius Crypto Phishing Sites Through URL Scanning
Below is a comparison between the original Stretto website and the Stretto phishing site that is currently being distributed to Celsius crypto creditors. You can check the legitimate Stretto website by accessing the https://cases.stretto.com/celsius/claims/ link.
At first glance, it is difficult to distinguish between the legitimate Stretto website and the phishing site. The website URL is also similar in form to the actual site, making it challenging to differentiate.
When you access this phishing site, it opens a prompt to connect your cryptocurrency wallet. This will allow hackers to steal your crypto wallet information and drain all assets.
These cleverly orchestrated phishing attacks are designed to bypass spam filters and are not marked as spam. Therefore, in order to prevent phishing attacks, it is important to be suspicious of links included in emails.
The real-time URL scan result classified the domain link as a 99% Critical risk level, with a phishing probability of 56.7%. Judging by the domain creation date and the geographical location, it cannot be regarded as a legitimate website.
Suspicious HTML elements and fake favicons appear to have been used as well.
In addition, you can check real-time website screenshots without directly accessing the website using the real-time URL scan report of Criminal IP. Websites created by hackers, such as the Celsius crypto phishing site, can be dangerous due to malware infection just by accessing them.
How to Prevent Cryptocurrency Phishing Attacks
When receiving Celsius crypto phishing emails, it is essential to check the latest news about phishing attacks to assess the legitimacy of the email. However, due to clever tactics, this is never an easy task.
In order to prevent cunning phishing attacks as much as possible, it is advisable to use a URL scanning tool like Criminal IP on any suspicious links included in received emails before clicking on them. If regularly scanning links seems inconvenient, we recommend installing an anti-phishing Chrome extension in your browser to automatically block access to malicious links.
Check out our article on how to be safe from Google Ads scams.
This report is based on data from Criminal IP, a Cyberthreat Intelligence search engine.
Create a free Criminal IP account today to access the search results cited in the report and search for more extensive threat intelligence.
Source: Criminal IP (https://www.criminalip.io/)