Kraken Phishing Warning - blog.kraken.com

in #kraken8 years ago

We have received many reports lately of clients falling victim to phishing sites appearing in the ads, above the organic search results, of all of the major search engines.

Unfortunately, it seems to be easier to get an ad up than it is to have one taken down. Our efforts at reporting the malignant ads have, so far, only resulted in temporary removal. The matter is now in the hands of our legal team, who are seeking a more permanent cure.

Other services in the ecosystem are suffering the same scourge:

https://www.reddit.com/r/ethereum/comments/4xpj0u/malicious_phisher_is_running_google_ads_for/

Clients who have reused their Kraken password on their email accounts (and other services) likely have had those accounts compromised as well. If an attacker also has control of your email account, you will not receive alerts about the suspicious activity on your Kraken account. This is why it is imperative that passwords not be reused across services.

When dealing with financial services, it is always important to practice safe browsing.

  • Assume ads in search results are phishing
  • Assume that you can’t tell the difference between an ad and organic search result
  • Set yourself bookmarks and rely on those for navigating to the desired site
  • Type the desired domain in the address bar yourself
  • Verify that you are on the correct domain before entering credentials

Here is a screenshot of the website responsible for the recent phishing attempts.
...

Continues: http://blog.kraken.com/post/148976188862/kraken-phishing-warning

#phishing #warning #hack #exchange
8 years ago in #kraken by
$0.00
    2 votes
    Reply 1
    Sort:  
  • Trending
    • [-]
     8 years ago 

    Thanks for passing the warning along. One habit I've cultivated: whenever I see a link in an Email, I hover my mouse arrow over it and look carefully at the little bar which shows the URL. If it's not exactly the same as the raw link, that's a danger sign. I immediately delete any Emails like that, and so should everyone.

    Also: read the domain and subdomain very carefully if you get an official-looking Email with text instead of a raw URL. A favorite phishing trick is to replicate the apparent sender's domain with a subdomain of a different domain that they control. Read right to the first "/"; if you see a different top-level domain, delete the Email.

    I don't open attachments at all. If you have to, it would be wise to place a confirmatory phone call to your sender before opening any. Emails can be spoofed or hacked fairly easily; that's not the case for a phone.

    Coin Marketplace

    STEEM 0.16
    TRX 0.15
    JST 0.028
    BTC 55758.52
    ETH 2348.78
    USDT 1.00
    SBD 2.31