Crypto phishing is jumping the shark — parents are now the target
Fee-paying schools were targeted in a cyber attack which accessed parents‘ email addresses, it has emerged.
Fraudulent emails sent from school accounts offered a 25% discount on fees for paying quickly via the cryptocurrency.
Newcastle‘s Royal Grammar School warned parents of the “sophisticated attack”.
In an email to parents, the grammar school‘s headmaster, John Fern, said it had reported the attack to police.
The emails, which included spelling, grammatical and punctuation errors, were sent on 29 December from the address of the school‘s bursar, who is responsible for fees.
The school told parents it was working with the company that provides its email systems, iSAMS, to “establish exactly what happened”. ISAMS said it would be issuing a statement.
It’s unlikely that the treat actors “hacked” their email system. It’s possible (but unlikely) that either an iSAMS employee feel for a phishing scam, allowing access to the main email system. What’s more likely is that a school teacher was targeted with a spear phishing scam — where they signed into a counterfeit website and had their credentials stolen. And like most people, the teacher probably used the same credentials for their email and at least one other service such as iCloud, iTunes, Dropbox, Facebook — the sites that are targeted by cybercriminals.
Mr Fern told parents the school would “never ask for money or bank details in this way” and apologized. But unfortunately the damage is already done.
More schools / parents are under attack
The ICO did not provide details of how many schools were affected but said:
We are aware of other phishing type attacks that have been targeted towards schools.
Crypto phishing is jumping the shark
For the past few years, crypto traders and investors have been the sole target for crypto-related phishing scams.
The lack of mainstream consumers and organizations reporting crypto related phishing scams, and the speed by which the crypto ecosystem is growing, it has been difficult/time consuming for incumbent cyber security companies to keep up with solutions to address the problem.
Now that one in five people play with some form of crypto, it’s time for the treat actors to target mainstream consumers with crypto phishing scams. What what’s worse, trying to detect every new crypto scam is like playing whack-a-mole.
Crypto phishing is 100 times easier and much more rewarding than stealing credit card details. Once you lose access to your crypto private key, your crypto assets are gone — FOREVER — uninsured — nothing you can do.
Yesterday I wrote about how a member of the EOS Telos Foundation community had $7M USD worth of EOS stolen in a phishing scam — that site is still live and not blocked by Google Safe Browser API or other security solutions.
What’s the solution?
Well, it’s impossible to stay ahead of every new threat. But there is a way to stay safe. While MetaCert detects and blocks known phishing threats like other security companies, it does one thing VERY different. MetaCert tells you with a Green Shield, when you are safe — it’s a new and better way of displaying website identity.
