How to protect your wallets from hacking: six non-obvious ways

A study by the American company Foley & Lardner showed that 71 percent of large traders and captainvalor considers hacking attacks and fraud are the most serious factor that has a negative impact on the market. Respondents noted that the threat of cyber attacks to the global cryptocurrency industry are very high.

According to the report, ING Bank NV and Ipsos, nine per cent of Europeans plan to buy coins in the near future, and in USA 8 percent of the population already own digital assets. In the future, according to RT, the number of capturadora will increase to 250 million people — a quarter of a billion potential victims of scams. And they all need to face the new tricks that scammers invent every day. Talk about non-obvious ways to protect your money from hackers.

the

App in Google Play and App Store

Tips:

the
1. don't get carried away with the installation of mobile applications that produce unverified publishers and which do not solve the immediate problems;
the
2. add two-factor authentication for your most important apps on the smartphone;
the
3. be sure to check the links to the applications on the official website of the project.

Victims of burglary are often the owners of smartphones with Android operating system that does not use two-factor authentication. The fact that the open Google Android operating system makes users ' data more open and vulnerable. When the application starts, the user enters sensitive data to access their accounts on social networks or email services, and thereby provides hackers access to them.

One of the most famous stories associated with the hacking system the Android attack on the traders of the American stock exchange Poloniex. Last year in Google Play, a host of trading apps platform, although the exchange has not released official Android version. According to analysts ESET, then victims of fraud were more than 5.5 thousands of traders.

Users of iOS devices, in turn, often accidentally downloaded from the App Store, with built-in hidden miners. Apple was even forced to tighten the rules of receiving applications to your store to stop the spread of such software. But it's a completely different situation, the damage from which is not comparable to hacking wallets, since the miner only slows down your computer or smartphone.

the

Bots in the Slack

Tips:

the
1. ignore the bots;
the
2. protect Slack channel, for example, by using bots Metacert security or Webroot for antivirus software Avira or even the built-in Google Safe Browsing.

From mid-2017 Slack-bots, created by criminals, ostensibly to trade in cryptocurrencies, became the main trouble for the fast-growing corporate messaging service. Most often, the hackers create a bot that notifies users about problems with their wallet. The idea is to get people to click on the link and enter the private key. And it works — despite the fact that members of the crypto community to react quickly and block bots at roughly the same speed with which scammers create them.

The successful attack using Slack at the moment — hacking group, which discussed the development of the Enigma coins. Then the scammers have earned 500 thousand dollars in Ethereum on gullible users.

the

add-Ons for cryptographic trade

Tips:

the
1. use for operations with cryptocurrencies separate browser;
the
2. enable incognito mode;
the
3. do not load extensions and applications for coins
the
4. get a separate smartphone or computer only for operation with coins;
the
5. download the antivirus and install a firewall.

Many Browsers offer extensions for UI customization, password storage and more comfortable work with online wallets. Discard of these tools — and it's not that the script reads everything that you write in the input line. The problem is that such proposals are based on JavaScript, which is extremely vulnerable to attacks. In addition, the extension can use the computer for covert mining.

the

Authentication via SMS

Tips:

the
1. make the redirect to block attackers access to your data;
the
2. make two-factor authentication via SMS to receive text passwords to confirm transactions and sign in to your account.

Many users prefer to use mobile authentication (using push notifications), because they used to do it, and the phone is always at hand. The company Positive Technologies, specializing in cyber security, demonstrated how easy it is to intercept a message confirming the password via the push-Protocol Signal System 7 (SS7).

Experts were able to access the text message using a tool that detects weaknesses in the cellular network. The demonstration was conducted on the example of Coinbase, and the results shocked users of the exchange. At first glance, it looks like the vulnerability of the trading platform, but the real reason lies in the cellular system, said Positive Technologies. This proves that any system can be accessed directly via SMS, even if you use two-factor authentication.

the

Public wifi

Tips:

the
1. to perform cryptobia transactions through public Wi-Fi, even if you use VPN;
the
2. periodically update the firmware of your ownrouter equipment manufacturers are constantly releasing updates to protect users against selection of keys to routers.

Back in October of last year in Wi-Fi Protected Access (WPA), which is used by routers, was discovered a fatal vulnerability. After performing a basic attack KRACK (attacks by resetting the password) the user's device is again connected to the same network, but it was at that time already controlled by the hackers. So all information uploaded or sent through the network by the user, becomes available to the attackers, including the secret keys from crypto coleslaw. This problem is particularly acute for public Wi-Fi networks at railway stations, airports, hotels, and places with a large crowd of people.

the

Sites-clones and phishing

Tips:

the
1. never use the websites of the stock exchanges and cryptocurrency applications that do not use the HTPPS Protocol;
the
2. when using Chrome, configure the extension — for example, Cryptonite. It shows that the website address has been spoofed, and you are caught in the hands of fraudsters;
the
3. if you have received a push notification from any website that is associated with the cryptocurrency, copy the link into the address bar of the browser and compare it with the address of the source site;
the
4. if something seems suspicious, close the window and delete the email from your mailbox.

This method of hacking like phishing, a well-known and widely used since the "dotcom revolution". Fraudsters create a full copy of the source site with a domain that differs by one letter. The purpose of this trick — including the replacement of the address in the browser address bar the goal is to entice the user to a malicious website and force it to enter the password of the account on the exchange or crypto.

Another way phishing — sending emails on behalf of the exchange or of another company, which fully coincides with the original letter of the marketplace. In fact, the purpose of these messages is to get you to click the link and enter your personal data. According to estimates Chainalysis, scammers use this method already stolen cryptocurrency in the amount of $ 225 million.

With such recently faced we are. On the ingenious scheme of fraud and fake website, read the Ethereum Project .

A Renowned expert on malicious software Mac Patrick Wardle often writes in his blog that many viruses aimed at cheating the ordinary user, infinitely stupid. Equally stupid to become a victim of such attacks. By following the above tips, you can protect your money from hackers. And, of course, it is worth remembering that store is worth the money on cold wallets, not on exchanges or in the online services.