{"id":41538,"date":"2021-09-01T08:02:57","date_gmt":"2021-09-01T12:02:57","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=41538"},"modified":"2021-09-17T07:24:02","modified_gmt":"2021-09-17T11:24:02","slug":"cryptophishing-in-luno","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/cryptophishing-in-luno\/41538\/","title":{"rendered":"Cryptophishing on the Luno exchange"},"content":{"rendered":"

Since the advent of cryptocurrency, scammers of every stripe have sought to get rich from stealing virtual coins. With cybercriminals duping both buyers of mining equipment<\/a> and cryptoinvestors<\/a>, we spotlight a scam targeting users of the Luno cryptoexchange.<\/p>\n

About Luno<\/h2>\n

The Luno cryptocurrency exchange has been in existence since 2013, and today it serves more than 5 million clients<\/a> in 40 countries. Luno\u2019s primary focus is on emerging markets, allowing users from countries such as Singapore, Malaysia, Indonesia, South Africa, and Nigeria to purchase tokens with local currency.<\/p>\n

Luno is a centralized exchange (CEX), meaning clients\u2019 cryptowallet keys are stored on the exchange. Typically, such sites are well protected against hacking and leakage. However, account protection becomes much harder when owners spill their credentials to cybercriminals.<\/p>\n\n

A simple phishing scheme<\/h2>\n

The attackers who targeted Luno did not reinvent the wheel.\u00a0Rather, they employed the tried-and-true method of playing on people\u2019s desire for free cryptocurrency, sending potential victims e-mail messages, seemingly from the Luno team, saying that an incoming payment has been \u201cplaced on hold due to error(s)\u201d in their profile data. The message includes a link for users to follow and solve the problem.<\/p>\n

\"Fake<\/a>

Fake incoming transfer notification with link \u2014 just not to Luno<\/p><\/div>\n

As per usual with a phishing attack, the scammers forged the sender\u2019s address, making the message look plausible. The strange address of the link lurking under the button, which looks nothing like luno.com and is located in the .ar domain zone (Argentina), might arouse suspicion.<\/p>\n

If the victim doesn\u2019t notice this discrepancy and simply clicks, the link takes them through a chain of redirects to an illegitimate Luno login page. The fake resource is very similar in design to the real Luno site, but the cybercriminals did not even try to disguise the URL, apparently counting on user carelessness.<\/p>\n

\"The<\/a>

The fake login page looks like the real one, although with an entirely different URL<\/p><\/div>\n

To keep the cryptoinvestor victim from suspecting anything is amiss, the scammers even set strict security requirements. For example, to log in to the fake site, you need to enter a strong password with the same strict requirements as the official platform.<\/p>\n

\"The<\/a>

The password requirements on the fake exchange are as strict as on the real Luno site<\/p><\/div>\n

Next, if the victim enters their credentials and tries to log in, the screen will display a 403 Forbidden error, and that\u2019s it, the attackers now have the password \u2014 and access to the victim\u2019s cryptocurrency.<\/p>\n

\"Error<\/a>

Error message on the fake exchange<\/p><\/div>\n

How to guard against cryptophishing<\/h2>\n

Phishing remains a viable method of stealing accounts and money on cryptocurrency platforms. That said, knowing a few simple rules will help minimize the risk of getting hooked.<\/p>\n