Steemit Crypto Academy | Homework Task 5 by Prof. @gbenga | All About Blockchain Security | written by @prolee

You're all welcome to my Homework, task 5 by Prof. @gbenga.

The Question concerns making a post about a security issue with Cryptocurrency and sharing a personal experience if possible.

Giving you a clear detailed answer to this question, I'll start by saying this.

Show me a network that concerns e-money without security issues and I will show you a network that concerns e-money without value. For the fact that cryptocurrencies are valuable there must be security issues.

Source

Before now Cryptocurrencies have suffered various blow concerning security matters, few of the cryptocurrencies have been modified to prevent some of the problems while some have not.

Over the past years cryptocurrencies had so many breakdowns due to problems they were facing. Some of the many but limited security issues are;

• DOS (denial of service attack)

• DDOS (distributed denial of service attack)

• Hacking a payment gateway

• Insecure ICOs

• Spoofing a user address

• Lose of a wallet file

• User address error

• Phishing

But I'll be treating on only one of the problems, Phishing.

What Is Phishing?

Source

The term "phishing" means a malicious or criminal act whereby a bad guy called the cyberthief or cybercriminal tends to get the personal informations - which may be passwords, wallet address, account details, of a person through the use of a deceptive email or website. It's a type of Cyber attack where a spiteful actor pretends to be a trusted personnel or company in other to collect the personal or sensitive details of the victim.

How Does These Really Work?

Source

This act are made easy for the cyberthieves by the help of a "Phishing Kit". The Phishing Kit is a software that contains many fraudulent websites and other phishing tools which just need to be installed in the server. When installed the only thing the criminals have to do is to send as many emails they can afford to the address of the potential victims.

This phishing kit gives the attackers a big chance of Spoofing a trusted website, thereby rising the probability of a victim to click the link or being tricked, hence, base on the set-up of the tricky email might put his secret details or information, which can be manipulated by the attackers.

In general, phishing attacks make use of corrupt or fraudulent emails that convince the victim to enter his personal informations into a fraudulent website, which perhaps can ask you of your credit card details or reset of password.

Many website were used as a source of these malicious act unknowing to them, examples are; Facebook, Pay pal, Amazon, WhatsApp, Telegram, e.t.c.

Source

Many institutions, personnel and organizations suffered from these act. Some examples include;

• the most consequential phishing attacks that occurred in 2016, when hackers managed to get Hillary Clinton's campaign chairman John Podesta to offer his Gmail password.

• a phishing act that occurred In 2016 also, when employees at the University of Kansas fell prey to a phishing email and gave the hackers access to there paycheck deposit information, resulting in them losing pay.

Types Of Phishing

Phishing are of different types, they include;

• Spear Phishing : this is when these attackers have a specific person in mind to attack. So they have to send the victim a spoofed website link so as to get his details.

• Clone Phishing : the attackers tend to get the victim by sending him a spoofed (manipulated) trusted email with link that redirects the victim to a website created by the attackers that looks like the main one, perhaps convincing him that he need to put his details to update him with the new site or maybe to download the corrupt file which can lead to a loss to the victim.

• Pharming Phishing

• Email spoofing

• Whaling, e.t.c

How Does Phishing Become A Security Issue In Cryptocurrency?

Phishing are not limited to Cryptocurrency. They also occur in Cryptocurrency ecosystems where a malicious or cybercriminal tend to steal someone's Bitcoin or any other cryto. A cybercriminal can achieve this by spoofing a real website and changing the wallet address to his own, without the consent of the users, they will continue sending there cryptocurrency to such wallet address thinking it's safe, not knowing that it has been changed, hence there money are been losed.

Someone might just receive a message that his account is being tampered by someone else through a different device, and ask him to login to a specified link in a created website by the attackers which seems to be real - maybe ask him to put his wallet credentials to confirm if it's really his account. Immediately he does that, his account will automatically be hijacked by the attackers.

Some of these attackers tend to manipulate a real Facebook Cryptocurrency community or group and start convincing the members to do some email work or maybe involve in some promo award of winning cryptocurrency bonus, thereby creating fake sites that looks like the original, when they've successful gotten what they want the site will automatically be blocked.

I haven't experienced such act before but I have seen other people complained about loosing a nice amount of cryptocurrency to an address, and I just fall pity for them.

In conclusion, the key point to note is that the vast majority of cryptocurrency security breaches are related to human errors. So when you keep yourself in line, you don't fall into this trap.

This junction marks the end of my assignment by Professor @gbenga.

Written and organized by the humble student, @prolee

Best regards to:

Cc:

@steemitblog
@steemcurator01
@steemcurator02

My last but not the least regards goes to my lecturer;
@gbenga