Texas School District Lost $2.3M to Phishing Email Scam

Por David Bisson em 13/01/2020 no site The State of Security

A school district in Texas announced that it lost approximately $2.3 million after falling victim to a phishing email scam.
On January 10, the Manor Independent School District (MISD) published a statement on Twitter and Facebook in which it revealed that it was investigating a phishing email scam that cost it $2.3 million.

In the statement, MISD Director of Communications Angel Vidal Jr said that the Federal Bureau of Investigations and the Manor Police Department were pursuing “strong leads” as part of their investigation but that their efforts were ongoing.
Vidal also took the opportunity to thank the Manor Police Department for working with MISD to notify the community about the security incident.
MISD’s statement didn’t disclose any information about the phishing email scam including how it occurred or how the school district, which serves 9,600 students, detected it.
Anne Lopez, a detective with the Manor Police Department, provided some details about the attack to television station KVUE:

It was three separate transactions. Unfortunately they didn’t recognize the fact that the bank account information had been changed and they sent three separate transactions over the course of a month before it was recognized that it was a fraudulent bank account.

Lopez’s insights suggest that the attack consisted of a business email compromise (BEC) scam in which digital fraudsters tricked an employee at MISD into changing the payment instructions for a vendor or supplier. Those attacks have individually cost companies like Nikkei and Toyota millions of dollars. Between June 2016 and July 2019, BEC scams were responsible for $26 billion in damages globally.
The attack described above highlights the importance of organizations taking steps to protect themselves against malicious emails. They can do so by educating their employees about some of the most common types of phishing attacks circulating in the wild today. This resource is a good place to start.

Internet Crime Complaint Center Impersonated for Malware & Phishing Scam

Por Wagas em 03/02/2018 no site HackRead

Another day, another phishing scam – This time, hackers are impersonating Internet Crime Complaint Center (IC3) to conduct malware and phishing scam.

The Federal Bureau of Investigation (FBI) has identified a new phishing scam where hackers have created a fake federal online crime complaint portal (Internet Crime Complaint Center (IC3) on social media to deceive users into giving out their private and confidential data. The FBI has also issued a security alert on 1st February informing that it has received complaints from numerous citizens who have reported about receiving emails from the Internet Crime Complaint Centre (IC3).

The FBI noted: “As of December 2017, the IC3 had received over 100 complaints regarding this scam. No monetary losses have yet to be reported.”

It must be noted that the IC3 forum lets users file a complaint to the FBI. The scam email has four different variations, according to the FBI, and each of them claims that the recipient has become a victim of cybercrime or fraudulent campaign and therefore, the complaint center requires private, sensitive data to compensate for the loss. The email has been created in a way that it looks legit; such as it contains hyperlinks to certain news articles that are related to capturing of an online scammer.

This fake email also contains a text document that is to be downloaded by the users in order to complete the task. However, this document is infected with malware, which is embedded to further extend the data theft process. In one of the emails, a fake IC3 social media page is also evident that asks recipients to enter personal data if they want to report about any online fraud or cybercrime.

In another email, the recipient was informed that he or she has become eligible to receive compensation from the IC3 for being a victim of a recent scam and recipient can claim up to $2m or £1.5m as restitution payment. The content of one of the emails read:

“The perpetrator and his group of co-offenders had over 2000 aliases originating from Russia, Nigeria, Ghana, London, and much more masking their original identities. Our records indicate that you have been a victim of fraud because your contact details were found on several devices belonging to the perpetrator.”

In another fake email, the recipient was informed that for being treated unfairly by courier companies and banks, the victim is found eligible for restitution. The fourth email contained a form from the Internet Crime Investigation Center/Cyber Division and also had a fake case reference number. The email informed the recipient that the IP address that is being used is involved in a federal cybercrime, therefore, the recipient is required to contact the sender through the phone.

Screenshots of fake emails sent by hackers (Open in new tab for better preview).

The US Department of Homeland Security has also issued a security advisory citing the ongoing malware and phishing scam in the name of IC3.

Remember, cybercriminals have become persistent and sophisticated in their phishing attacks which has allowed them to steal millions of dollars from unsuspected users. In just last one week there have been three phishing attacks in which scammers stole $900,000 from Harris County, Texas, $150,000 in Ethereum from Experty ICO and $1M worth of Ethereum in BeeToken’s ICO as a result of a phishing scam.

Phishing Scam: Hackers Steal $150,000 in Ethereum from Experty ICO

Por Wagas em 29/01/2018 no site HackRead

Just a week after the biggest hack in the history of cryptocurrency business in which Japan-based Coincheck exchange was hacked to steal $534 million the much-awaited token sale called Initial Coin Offering or ICO by Experty has landed in no man’s land after a hacker tricked the ICO participants with a fake pre-ICO sale announcement and luring those who signed up for the notifications into sending Ethereum funds to wrong wallet address. Through this targeted attack, the hacker(s) manages to steal around $150,000 in Ethereum before ICO event was held.

ICO is quite similar to a conventional Initial Public Offering or IPO but what makes it different is that buyers receive a token from an online platform instead of getting stocks in a firm. Users are allowed to keep the token until the company that issues them is ready to repurchase them. They may even sell the tokens to others who us Ethereum.

Through ICO, Experty was looking to raise funds for a VoIP calling system that could facilitate voice and video conversations like Skype as well as allow secure cryptocurrency based payments via Blockchain. Experty had high hopes in this sale since Inc.com ranked this ICO as one of the top ten ICOs due to be held this year.

Phishing Scam

What actually happened was that between January 26 and 27, Experty users who receive the announcement and signed up for notifications were asked through email to send funds to an Ethereum wallet in order to buy EXY tokens and participate in the ICO. This was a fake email because the real ICO by Experty was to be held on January 31st; hence the email was sent by a hacker and the wallet address was also not owned by the Expert team.

Fake email address sent to Experty users

The fake Ethereum wallet address has at least $150,000 worth of funds that got collected through 71 transactions. It is worth noting that Experty has tied up with Bitcoin Suisse to initiate transactions. Now, both the firms are requesting users to not send money to the fake wallet.

According to the official statement, Experty and Bitcoin Suisse state that the hacker compromised the computer of one of the people who conducted the Proof-of-Care review for Experty. Initially, Experty stated that it will be giving 100 EXY tokens to every individual in its email database, which is equivalent to $120. However, now the company has announced additional compensation for users who managed to send the funds into the fake wallet.

Bitcoin Suisse also issued a statement claiming that the data that was submitted to Experty’s website has been hacked and compromised but nothing from Bitcoin Suisse has been exposed. Investors in ICO are recommended to double-check the wallet addresses sent by any project team before making transactions. They can use services like Clearify.io platform to verify the new address.

Refunds Due To The Data Breach

In a statement issued on January 28th, the company will be refunding its customers. 

“We will be contacting the victims that are in our database in order to distribute the proportional amount of EXY tokens to them, including the bonuses for their tier. If someone wishes to receive ETH instead, we ask them to please contact us privately about this.”

Any ETH sent to the scammer after this announcement [January 28, 2018, at 21:30 UTC] will not be refunded in order to prevent people purposely sending money to the scam address to receive EXY tokens.”

10th Breach Against A Cryptocurrency Platform In Last 6 Months

1: July 4th, 2017: Bithumb hacked and 1.2 billion South Korean Won stolen.
2: July 17th, 2017: CoinDash hacked and $7 million in Ethereum stolen.
3: July 24th, 2017: Veritaseum hacked and $8.4 million in Ethereum stolen.
4: July 20, 2017: Parity Technologies hacked and $32 Million in Ethereum stolen.
5: August 22nd, 2017, Enigma marketplace hacked and $500,000 in Ethereum stolen.
6: November 19th, Tether hacked and $30 million worth of tokens stolen.
7: December 7, 2017: NiceHash hacked and $70 million stolen.
9: December 21, 2017: EtherDelta hacked and $266,789 in Ethereum stolen.
10: January 26th, 2017: Coincheck hacked and $534 Million stolen

Phishing Scam: Hackers Steal $900,000 from County Office

Por Wagas em 28/01/2018 no site HackRead

Another day, another phishing scam – This time Harris County, Texas wired almost $900,000 after falling for a phishing email.

In normal circumstances, cybercriminals take advantage of the lack of knowledge of their victims but in this phishing attack, they have touched new lows by making a profit out of the devastation caused by hurricane Harvey.

Transfer $888,000 “She” Said

It all started on September 21st, 2017 when an estimated 30 percent of Harris County, Texas was submerged due to hurricane Harvey. The auditor’s office of the county received an email from a woman going by the supposed name of Fiona Chambers in which she posed as an accountant for D&W Contractors, Inc.

More: Phishing Scam: Hackers Steal $11 Million from Canadian University

D&W Contractors, Inc. is a legitimate company that happened to be working that day to fix the damage caused by the hurricane in the county. In the email, Chambers asked the office to transfer a sum of $888,000 to the new bank account of the Contractors as part of its contract. 

“If we can get the form and voided check back to you today would it be updated in time for our payment?” according to the email content mentioned by Houston Chronicle.

In return, the county transferred $888,000 to the bank account provided by Chambers without verifying if the bank account actually belonged to D&W Contractors, Inc. or not. The very next day, it turned out that the county has fallen for a tricky phishing scam and that there was no one by the name of Fiona Chambers in the company neither was there a bank account belonging to the contractors.

Now, the incident is being investigated by the FBI (Federal Bureau of Investigation) and their prime suspect is a group that is known for targeting local governments worldwide. On the other hand, the county has learned its lesson and vows to increase its cybersecurity and overhaul and learn from how it handled the situation.

“We live in a rapidly changing world of technology that you can’t just sit pat and expect that the bad guys aren’t going to come after you. I think we need to look at all of our systems to be sure that somebody can’t get in and steal taxpayer money” said Harris County Judge Ed Emmett said.

Previous Scam Link Back To China

In June last year, a similar incident took place in which a state Supreme Court judge Lori Sattler, who was in the process of selling her apartment to buy another one received an email she believed came from a legitimate real estate lawyer.

In the email, the supposed lawyer asked her to transfer $1 million to a bank account. Following the instruction, she transferred a sum of $1,057,500 to the bank account, however, the money was sent to a bank in China, reportedly Commerce Bank of China rather than the lawyer.

It is unclear if both cases are related but what is similar in both cases is that attackers know the exact situation of their victims along with their business dealings. Nevertheless, phishing scams are becoming sophisticated and unsuspecting users need to remain vigilant, avoid downloading attachments from unknown emails and always confirm the authenticity of the email before giving away your personal information or wiring funds. 

Here are some useful tips to secure yourself from phishing attacks.

Scammers Disseminating Unverified PayPal Transaction Phishing Emails

DAVID BISSON em 04/12/2017 no site The State of Security

Scammers are pushing out fake PayPal emails that use the premise of an unverified transaction to phish for customers’ personal and financial information.

The attack emails lure in users with subject lines stating how PayPal couldn’t verify their transactions or complete their most recent payments. Here’s one example:

Example of unverified PayPal transaction phishing email. (Source: Malwarebytes)

We couldn’t verify your recent transaction

Dear Client,

We just wanted to confirm that you’ve changed your password. If you didn’t make this change, please check information in here. It’s important that you let us know because it helps us prevent unauthorised persons from accessing the PayPal network and your account information.
We’ve noticed some changes to your unsual selling activities and will need some more information about your recent sales.

Verify Information Now

Thank you for your understanding and cooperation. If you need further assistance, please click Contact at the bottom of any PayPal page.

Sincerely,

PayPal

Clicking on the “Verify Information Now” redirects the user to myaccounts-webapps-verify-updated-informations(dot)epauypal(dot)com/myaccount/e6abe. This fake landing page in turn attempts to direct them to a resolution center. There, they’re prompted to resolve the issue by providing “a little more information about [their] account transactions.”

A little more information? Try the user’s name, address, phone number, mother’s maiden name, date of birth, and credit card information.

Fake PayPal resolution center page where users are prompted to submit their personal information. (Source: Malwarebytes)

Christopher Boyd, lead malware intelligence analyst at Malwarebytes, explains the damage that submitting such data into the fake form can cause to users:

Sadly, anyone submitting their information to this scam will have more to worry about than a fictional declined payment, and may well wander into the land of multiple actual not-declined-at-all payments instead. With a tactic such as the above, scammers are onto a winner—there’ll always be someone who panics and clicks through on a “payment failed” missive, just in case. It’s an especially sneaky tactic in the run up to December, as many people struggle to remember the who/what/when/where/why of their festive spending.

Needless to say, this isn’t the first PayPal phishing campaign that’s targeted users, and it won’t be the last. Customers should therefore protect themselves by familiarizing themselves with some of the most common phishing attack types. If they come across a PayPal-related email that even remotely resembles one of those phishing scams, they should report it to PayPal here.

Nova Zelândia utiliza chatbots para 'enganar' golpes de phishing

Da Redação Computerworld

14 de Novembro de 2017

Milhares de golpistas online em todo o mundo estão sendo enganados por chatbots com inteligência artificial utilizados pelo governo da Nova Zelândia para proteger os internautas de golpes de phishing.

O crime cibernético custa aos neozelandeses cerca de 250 milhões de dólares neozelandeses por ano. Diante disso, o governo contratou a Netsafe, cujos programadores passaram mais de um ano projetando os bots como parte da iniciativa batizada de Re:scam, lançada na semana passada.

Os programadores desenvolveram chatbots que usam gírias locais como "aye" em uma tentativa de engajar golpistas em trocas prolongadas de e-mails, de maneira a reunir inteligência e atrair os golpistas para longe das vítimas. "Além de gírias locais, os bots também usam humor e erros gramaticais para tornar a conversa mais crível", disse o CEO da Netsafe, Martin Cocker ao The Guardian. "À medida que o programa envolve mais conversas falsas com golpistas no exterior, seu vocabulário, inteligência e traços de personalidade irão crescer."

Dados obtidos pelo jornal britânico revelam que, em 24 horas, 6 mil e-mails fraudulentos foram enviados para o endereço de e-mail Re:scam e houve cerca de mil conversas entre golpistas e os chatbots. Até agora, a maior troca entre um golpista e um chatbot que fingia ser um neozelandês era de 20 e-mails.

O CEO da Netsafe observa que, se os golpistas não são astutos ou prestam atenção, as trocas de mensagens podem continuar por muito e muito tempo. "Estamos realmente preocupados com o crescimento do phishing de e-mail, à medida que as vítimas permanecem essencialmente impotentes", disse Cocker.

"Todo mundo é suscetível a esquemas de phishing online e, independentemente do nível de tecnologia, os golpistas estão se tornando cada vez mais sofisticados. O Re:scam irá se adaptar à medida que os golpistas atualizam suas técnicas, coletando dados que nos ajudarão a manter e proteger mais pessoas na Nova Zelândia", diz o executivo. "O bot faz um trabalho muito bom de personificar quantos neozelandeses se envolveram com golpistas, os termos utilizados por eles, a linguagem a abordagem, por isso é bastante realista", disse.

Cibercriminosos começaram a explorar a popularidade do Blockchain

Por IDGNow em 10/11/2017

Cryptocurrencies tem sido um tema regular na mídia há vários anos. Os analistas financeiros prevêem um grande futuro para eles, vários governos estão pensando em lançar suas próprias moedas, e as placas gráficas são varridas das prateleiras assim que elas estão à venda. Claro, os spammers não conseguiram resistir aos tópicos da tecnologia de criptografia, mineração e cadeias de blocos.

De acordo com o relatório Spam e Phishing, Kaspersky Lab, no terceiro trimestre de 2017 os criminosos usaram, com sucesso, vários truques para enganar usuários e roubar seu dinheiro. Passaram até a explorar o grande interesse pelo Blockchain. Blockchain: Saiba com a SONDA o que é e como essa tecnologia pode ser utilizada Patrocinado  

Geralmente, os fraudadores começam por motivar as pessoas a investir mais e mais dinheiro e, em seguida, simplesmente desaparecem, deixando a vítima ler críticas irritadas na Internet de outros depositantes enganados.

Em um dos esquema de fraude observados por pesquisadores da Kaspersky Lab, oc criminosos ofereceramm aos internautas mais informações sobre criptografia do BitCoin e como poderiam se beneficiar com ela, através de treinamento online. Os usuários enganados pagam um preço alto, acreditando ser diante de um anúncio legítimo.

Em outro golpe, os usuários receberam um convite por e-mail para instalar um software especial de negociação no mercado de moedas criptografadas, mas, ao clicar no link, eram redirecionados para diversos sites que promovem opções de investimentos, inclusive negócios com opções binárias. O objetivo dos cibercriminosos, nesse caso, foi motivar os usuários a investir cada vez mais dinheiro e a transferir moeda para a conta comercial dos criminosos.

Mais primitivas, mas não menos eficientes, as táticas usadas para explorar as vítimas também incluem a distribuição de e-mails com ofertas para transferir dinheiro para uma carteira criptografada específica, onde o usuário receberia seu dinheiro de volta com juros – mas é claro que isso nunca acontece. Inicialmente, os usuários transferem dinheiro para uma carteira desconhecida, e o criminoso virtual é beneficiado.

"Enquanto no segundo trimestre do ano observamos ataques de phishing e o spam WannaCry, nos três últimos meses observamos a exploração ativa da popularidade e do interesse nas moedas criptografadas por criminosos. Mais uma vez, isso mostra que a maneira mais confiável de atacar as vítimas é utilizando as modas atuais e tirar vantagem de um mercado que os usuários ainda não conhecem bem, mas desejam muito explorar”, diz Darya Gudkova, especialista em análise de spam da Kaspersky Lab. “Não há dúvida de que os ataques desse tipo continuarão, então é extremamente importante que os usuários prestem muita atenção, estejam alertas e em dia com os fenômenos globais.”

Phishing em alta

Além disso, durante o terceiro trimestre do ano, os pesquisadores detectaram um aumento de 13 milhões nos ataques de phishing. O sistema antiphishing da Kaspersky Lab foi disparado 59.569.508 vezes nos computadores de usuários da Kaspersky Lab. No geral, 9,49% de usuários únicos de produtos Kaspersky Lab em todo o mundo foram atacados por phishers no terceiro trimestre de 2017.

Ao mesmo tempo, os criminosos têm focado mais os aplicativos de mensagens em dispositivos móveis para realizar golpes populares. Frequentemente, os golpistas tentam roubar dinheiro sob pretexto de atualizar o WhatsApp ou pagar uma assinatura. Scammers oferecem uma escolha de assinatura - por um ano, três anos ou cinco. No entanto, as vítimas perderão muito mais do que o montante indicado se inserirem os detalhes do cartão bancário em tal site.

Os usuários da Netflix são outro alvo popular de phishers. O número de ataques contra eles aumentou no terceiro trimestre. Os criminosos costumam pedir detalhes do cartão bancário dos usuários sob o pretexto de uma falha no pagamento ou outros problemas relacionados à renovação da assinatura.

O Brasil foi o país com maior porcentagem de usuários afetados por ataques de phishing (19,95%), como no trimestre anterior. Em geral, 9,49% dos usuários da Kaspersky Lab em todo o mundo foram atacados por phishing.

Os principais alvos de ataques de phishing continuaram os mesmos desde o início do ano. Estão principalmente no setor financeiro e incluem bancos, serviços de pagamentos e lojas virtuais.

New Netflix Phishing Attack Goes after Users’ Credit Card Credentials

DAVID BISSON

Em 11/10/2017 no site The State of Security

A new Netflix phishing attack leverages fake emails from the streaming service to trick users into handing over their credit card credentials.

The attack starts when a user receives an email from what appears to be Netflix warning them that they need to update their membership information.

An example attack email received in the Netflix phishing campaign. (Source: PhishMe)

“Dear Valued Customer, We Would like to inform you that you have to update your account details. Your membership will automatically continue as long as you choose to remain a member, we won’t charge you. Update Cheers, The Netflix Team.”

You can see that the sender email address, support@onlineorders[.]desk-mail[.]com, has nothing to do with Netflix. So it’s not surprising that clicking on the “Update” link leads somewhere other than the streaming service. In fact, it directs the user to hxxp://see-all[.]norafix[.]com/, a location which immediately redirects them to the subdomain hxxp://account[.]norafix[.]com/ch/customer_center/customer-IDPP00C274/js/?country.x=&locale.x=en_.

That page prompts the user to enter in their Netflix credentials followed by their payment card details.

The Netflix phishing scheme’s credit card info-stealing page. (Source: PhishMe)

Once it’s succeeded in stealing that information, the scam confirms that the user’s account is now updated. It then provides them with a link to Netflix’s actual homepage.

So what happens then?

Well, the attacker could abuse the user’s stolen credentials to gain access to Netflix content for free. They could also leverage the credit card information to make fraudulent purchases. But they could also reuse the stolen login details in an attempt to gain access to some of the user’s other accounts.

PhishMe senior threat analyst Chase Sims elaborates on this scenario:

“So now the attacker hopes that you reuse the same password for your personal email account or, if the attacker is very lucky, for your work email account. In either case, they can now reset passwords for various other online services—banking, healthcare, social media—to pivot and carry their attack forward.

“One reason this tactic could succeed: a lot of companies might not enforce two-factor authentication for their single-sign-on services, which means reused credentials might be a skeleton key for multiple corporate services.”

This isn’t the first Netflix phishing scheme to surface on the web, and it certainly won’t be the last. With that in mind, users should make an effort to familiarize themselves with some of the most common social engineering ruses out there so that they can spot a potential attack. They should also exercise caution around suspicious links and email attachments, verify the legitimacy of a web domain before entering in any login or financial information, and enable multi-factor authentication on any and all accounts that allow it.

Explorações, hacks, phishing e Ponzi estão crescendo no Ethereum

Por  

Wassim Bendella

Em 20/08/2017 no site The Cointelegraph

ALTCOIN WATCH

Em essência, o Ethereum se estendeu sobre o meio de pagamento do Bitcoin, adicionando uma rica linguagem de programação que permite a execução de contratos inteligentes.

Embora esta tecnologia inovadora tenha atraído uma grande quantidade de entusiastas de criptomoeda que tenham tido um grande potencial, também tornou-se o lar do cibercrime de forma significativa.

Como é frequente no caso das novas tecnologias, os hackers o abraçaram e roubaram milhões de dólares nos últimos anos.

O primeiro grande incidente de cibercrime

Muitos entusiastas da criptomoeda recordam o mês de junho de 2016 como o mês do primeiro grande incidente de cibercrime no Ethereum. A rede começou a ganhar impulso quando O Projeto DAO foi anunciado, e a ICO conseguiu levantar US$ 150 milhões.

Tal montante inevitavelmente atingiu o interesse dos hackers que começaram a explorar o código do projeto e, finalmente, encontraram um "bug". Ele foi usado para drenar US$ 74 milhões do total arrecadado, que representa quase 40% do total de fundos da ICO.

Enquanto alguns deles foram recuperados, o incidente soou um primeiro alarme vermelho e exigiu mais segurança e cautela ao lidar com o Ethereum.

O surgimento dos ladrões de Ether

Uma vez que o Ethereum se torna relativamente fácil para os desenvolvedores construir contratos inteligentes complexos e aplicativos autônomos descentralizados (DApps) e, dado o aumento do preço do ETH, tornou-se a plataforma de escolha para essas vendas de token que se tornaram mais populares do que nunca.

"O aumento do cibercrime no Ethereum aumentou em conjunto com o grande financiamento de ICOs, com a receita total de cibercrimas aumentando de US$ 100 milhões em junho para US$ 225 milhões em agosto deste ano".

Fonte: Chainalysis

Não só essas ICOs paralizaram o Blockchain regularmente, mas também há um risco de segurança significativo associado a tais projetos. A Chainalysis estima que, dos US$ 1,6 bilhão investidos nas ICO neste ano, US$ 150 milhões acabaram nas mãos dos cibercriminosos.

Em outras palavras, 10 por cento dos fundos levantados vão parar em mãos erradas. Isso representa aproximadamente 30.000 vítimas, perdendo uma média de US$ 7.500 cada.

Explorações, hacks, phishing e Ponzi

Os cibercrimes comuns no Ethereum podem ser categorizados em quatro categorias: explorações, hacks, esquemas de phishing e Ponzi.

A maior exploração de arrecadação foi o DAO, mas outros US$ 30 milhões foram roubados da carteira Parity em junho de 2017.

Enquanto alguns cibercriminosos optaram por hacks e explorações de alto perfil, o phishing atualmente está gerando mais receita.

Atualmente, ele representa mais de 50 por cento de todas as receitas cibercriminais geradas este ano a frente das explorações que às vezes recebem a maior cobertura na imprensa devido à sua natureza.

Cybercrime	Stolen funds	Number of victims
Phishing	115,000,000	16,900
Exploits	103,000,000	11,000
Hacks	7,400,000	2,100
Ponzi	4,000	260
Total	225,400,000	30,260

Cibercrime - Fundos roubados - Número de vítimas

As estatísticas sobre o cibercrime no Ethereum são possíveis devido à natureza pública do Blockchain que permite a análise e auditoria de transações feitas na rede.

Mais e mais soluções são lançadas para manter as abas nas tendências Blockchain e extrair a inteligência delas.

A tecnologia Ethereum está melhorando, e os desenvolvedores estão escrevendo contratos mais seguros que são tendências positivas. No entanto, proteger os usuários do phishing é uma questão diferente.

O Ethereum Scam Database, que foi criado em 2017 pela equipe MyEtherWallet, identifica e lista regularmente os golpes em andamento, e vale a pena verificar antes de investir em um ICO.