Fraudulent operations continue to plague the crypto industry, and cyber manipulators shift their focus to the ENS ecosystem.
More specifically, they increasingly deploy sophisticated strategies to feast on decentralized domain enjoyers.
Looming Phishing Strategies Threaten ENS Users
Recent phishing alerts have seen attackers devising unique strategies to deceive ENS users into losing their funds. Blockchain security company Blockfence has blown the lid off a looming email phishing scheme that saw bad actors sending email messages to ENS domain owners about the expiration of their domains.
These attackers send fake email alerts to ENS domain owners to lure them to a fake renewal site where their funds can be extorted. The emails were sent under the disguise of this domain “https:// subscriptions-ens. domains/pablito.eth?renewal=33136eaa”.
These developments come just a few days after a tricky phishing trend associated with ENS domains was uncovered. The attack involved impersonating genuine Ethereum wallet addresses with ENS domains to scam crypto users.
Twitter Data Breach Favors Scammers
Although it is unclear how these attackers managed to pull off such a deceitful phishing scheme, popular crypto veteran Nick Bax traced this to the distressing Twitter data leak earlier this year.
According to him, sourcing the email addresses of ENS domain owners would have been “very easy” for these scammers since the data leak is associated with Twitter names and email addresses. Hence, they could quickly identify real ENS domain owners through the “.eth” extension attached to their usernames on Twitter and map out email addresses that correspond with the victims’ real names.
Nonetheless, Nick Bax has warned ENS domain owners to keep their eyes peeled over attacks such as this, warning that they are prone to more such attacks as privacy data protection is compromised.