The Security Alliance (SEAL), a nonprofit group focused on cybersecurity, has launched a tool to support those investigating crypto-related phishing scams.
The tool allows experienced users and researchers to confirm whether a suspicious website actually displays harmful content.
One major issue in phishing investigations is that attackers often use methods to hide the real content from security tools. These scams have caused over $400 million in losses in just the first six months of this year.
Did you know?
Subscribe – We publish new crypto explainer videos every week!
What Is Chia? | Crypto Finally Explained
To address this issue, SEAL has developed a system known as TLS Attestations and Verifiable Phishing Reports. It gives investigators a way to collect reliable, tamper-proof proof of what the website actually showed to the user.
The system uses a process where a trusted server, called an attestation server, becomes part of the secure connection between the user and the suspicious site. This trusted server performs all encryption-related tasks, while the user still connects directly to the website.
To use it, a researcher sets up a tool on their own computer that watches the internet traffic and shares the connection details with the attestation server.
This process produces what SEAL calls “Verifiable Phishing Reports”. These are digital records, signed using cryptographic methods, that confirm what a site delivered to the user.
SEAL can then confirm whether the site is malicious without visiting it directly, which reduces the risk and helps avoid tricks used by scammers to hide their true content.
Recently, SEAL uncovered a network of individuals posing as IT professionals to gain unauthorized access to crypto companies. How? Read the full story.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
