With reported instances of the latest ploy for hackers to access user funds, photo scamming is further proof that cryptocurrency cold storage is by far the safest way to keep digital assets secure.
Doctored images are now for sale on dark web forums according to research by Hold Security and warnings from Bank Info Security, and can be purchased for as little as USD 50. A recent example published by the latter showed an anonymous individual holding up a passport and note showing the words “Reset 2FA” along with the date.
Hold Security, LLC is an information security company helping businesses of all sizes to stay secure. Its Chief Information Security Officer, Alex Holden, says that some exchanges’ security is far too lax, not requiring photographic ID at initial registration. He commented:
“Some companies have no ability to assert what their client looks like… It’s not like hackers publish success rates,…But because we know that [hackers who] we are monitoring are actually making money off of it.”
Most larger exchanges have far better security, which makes the success rate of such hacks uncommon, limited to smaller exchanges without rigid security procedures. Most exchanges require new clients to verify their identity with a passport or drivers license before trading on the platform, although with exchanges unwilling to talk about photo scamming events, it could be that even the larger exchanges have seen attempted security breaches through this method.
Hold Security has reported that the dark web is awash with some 10,000 doctored photos which are used as fake verification purposes. The idea is to convince the exchange that a request to reset the often-mandatory two-factor authentication security process required to gain access to accounts is a legitimate one and is coming from the owner of the account. Cryptocurrency exchange giant Binance admitted that they had seen some attempts to breach their security in this way, commenting:
“Unfortunately, we’re no stranger to these types of malicious attempts to gain access… Given the measures we currently have in place, I don’t believe this threat is something for Binance to be particularly worried about at the present time.”
Follow BitcoinNews.com on Twitter: @bitcoinnewscom
Telegram Alerts from BitcoinNews.com: https://t.me/bconews
Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.
Image Courtesy: bitcoinnews.com