A phishing scam targets DuckDuckGo users by imitating Etherscan and asking them to connect their wallets, only to drain the funds.
Cybercriminals recently launched a phishing campaign via the privacy-centered browser and search engine DuckDuckGo to separate users from their crypto holdings. A malicious site, posing to be Ethereum explorer Etherscan, ranked on DuckDuckGo’s search. Users mistook it to be the real deal and ventured into the site.
Like Etherscan, the fraudulent site asks users to connect their MetaMask wallets. Not realizing they are on a malicious site, users approve it, only for the bad actors orchestrating the scam to withdraw their wallets’ contents.
Web3 security platform Scam Sniffer reported the scam on X on September 11, warning ETH users from falling for it. “Attention all DuckDuckGo users! The second result for “Etherscan” is a phishing site,” it said.
DuckDuckGo is not the only search engine exposed to phishing scams. Google, Bing, and others face it frequently as well. Cybercriminals take one of two approaches to get users from search results—one being organically ranking their scam websites or, if they lack the patience, advertising it. Verifying URLs before clicking on anything on the web is necessary.
Phishing scams are on the rise. Scam Sniffer mentioned an incident in which a user lost over $500,000 worth of PENDLE-LPT tokens by unknowingly signing a phishing transaction. The security platform also mentioned how August was a massive month for cybercriminals relying on phishing techniques. 9,145 victims waved goodbye to a collective $63 million last month. One user alone lost $55 million in DAI on August 20.
Australian Law Enforcement Upping Its Game Against Phishing Scams
The nuisance caused by phishing attacks is causing law enforcement authorities to step in and protect their citizens’ interests. The Australian Federal Police (AFP) is collaborating with Chainalysis and a group of crypto exchanges and service providers to tackle the phishing problem Australian crypto holders face. About 2,000 Australian wallets were affected by such scams.