How clipboard hijackers change copied account details in "address poisoning" attack: Internet Scambusters #1,071
Clipboard hijacking happens when malware on your PC enables scammers to alter text and other information you've copied and then paste the doctored info without you noticing.
Scammers are actively using this and other tactics to divert cryptocurrency payments into their own coffers.
In this week's issue, we explain how this trick works and its result - "address poisoning" - and we'll tell you the best ways to protect yourself.
Let's get started…
Clipboard Hijackers Divert Crypto Payments
Copying and pasting text is everyone's friend when it comes to saving time. But what if someone has access to the temporary area where your copied text on your computer - the clipboard as it's known - and alters it?
This trick is called clipboard hijacking. And while you may wonder why anyone might want to do this, think of the times you use this trusted method to copy information like web addresses or, even worse, account numbers.
This scam is happening right now and has reared its ugly face in the field of cryptocurrency trading. It exploits the fact that addresses used in crypto transactions consist of a long, unique chain of letters and numbers - something that's easy to get wrong if you try to copy it by retyping.
So… copy and paste is the favored solution. But scammers who've hacked their way into your PC can change this complex address so that any currency you send, say, to a friend or as part of a business transaction, ends up in the crooks' digital wallets.
Clipboard hijacking is just one of the tactics fraudsters use to alter the destination of crypto payments, a scam aptly known as address poisoning. They can use several other tricks, such as
- Data interception - for example, intercepting an email and altering its content
- Creating fake websites and emails with doctored addresses
- Impersonation - pretending to be a legitimate contact and providing poisoned address details
How Clipboards Get Hijacked
Scam gangs use a number of tried and tested ways to take control of your computer clipboard. Most commonly, they use malware that users unknowingly download and install on their PCs, often via adult sites, fake websites, and by tacking it onto legitimate programs and apps on disreputable free software and file-sharing sites.
The malware continuously monitors the clipboard. When it detects a copied wallet address or any sensitive information, it alters the contents of the clipboard by replacing the legitimate address with different information controlled by the attacker.
When pasted, the changed address or account details may appear to be similar to the original, making it difficult for users to notice the change.
To protect yourself from clipboard hijackers, the number one rule is to use up-to-date security software that analyzes any intended download, checking for malware.
Equally important is to avoid visiting the sorts of untrusted sites we mentioned above, where scammers constantly lurk.
How To Protect Yourself Against Address Poisoning
As we mentioned, clipboard hijacking is just one of several ways scammers use to poison the confidential information you may want to paste, especially crypto payment addresses.
Crypto users, for example, often store their own account address and addresses of people to whom they send money in their digital wallet. The wallet also contains transaction history, so for a repeat transaction users simply copy and paste each time they use it.
When you copy and paste any confidential information, it's obviously important to cross-check that what you paste is identical to what you copied. It's tedious but you should check any crypto address character by character.
The crafty crooks may simply change just one character in the middle of the string of letters and numbers you usually use.
Alternatively, consider manually typing in the information, avoiding copying and pasting completely. But that, of course, relies on the accuracy of your typing. So, do it slowly and, again, cross-check it with the original.
One of the leading crypto publications Coin Telegraph reports that digital wallet providers are advising against using transaction histories for copy and paste in case these have been poisoned by more complex technical tactics.
To play things even safer, especially where large sums of money are involved, it's worth actually contacting the intended recipient to double check the address or account information you received in case it has been tampered with somewhere along the line.
Also, be cautious when responding to unsolicited requests that involve sharing your wallet or other confidential information.
As seasoned users know, once you send money using a cybercurrency, it's virtually impossible to trace it or get it back.
Russian Cyber Attack
A Russian hacking gang have hacked file transfer software used by federal and state departments and large organizations such as airlines and universities, giving them access to all manner of confidential information.
In the latest incident, transportation agencies in Oregon and Louisiana say the crooks have stolen millions of driver's license details including names, addresses, and Social Security numbers.
The official website of the State of Oregon says: "Some publicly available information was included as well as some personal information (PI). Individuals should assume information related to their active license or ID card information is part of this breach."
Both states say residents should closely monitor their credit reports with the major agencies - Equifax, Experian, and TransUnion - for evidence of opening of loan accounts, other unrecognized financial activities, and identity theft.
Get a free copy of your report annually from each of these agencies.
As an extra precaution, consider changing passwords on sensitive accounts, although, at the time of writing, there was no indication that passwords had been stolen in the Oregon and Louisiana incidents.
But don't think you got off lightly if you live in another state. Hundreds of other organizations worldwide have been compromised. Expect to hear more in the coming weeks
Be vigilant!
That's it for today -- we hope you enjoy your week!