DEV Community: Aditya Singh

Hacks/Chaos in crypto markets 2022

Aditya Singh — Wed, 23 Nov 2022 17:27:26 +0000

The crypto-economy of 2022

With a variety of things occurring, 2022 has been a particularly crucial year for the cryptocurrency market. These have happened as the market is going through yet another crypto winter, with the values of the majority of assets barely rising above support levels. As a result, several investors have grown despondent over the market's current position.
Even though 2022 has witnessed a lot of events, certain trends have emerged recently. These themes—crypto hacks, low volatility, and green tokens—seem to be continuing as we move closer to the end of the year. Hackers have always focused on the market, but there are sporadic periods of minimal volatility. The final issue regarding green tokens, however, might have the biggest long-term impact on the market.

Besides the crypto winter, one of the most frequently discussed events in the market in 2022 relates to hacks. Unfortunately, there have been several such incidents this year, resulting in billions of dollars lost. Blockchain analysis firm Chainalysis estimates that over $3 billion was stolen in 2022, which would put previous years to shame.

Market enthusiasts would have been hoping that there would have been fewer hacks in October, but that’s not the case. This month was the worst month yet for DeFi protocols, with over $700 million stolen across 11 hacks, according to Chainalysis.

Bad actors now prefer cross-chain bridges over any other option, accounting for 82% of all assets taken in October. The Binance Smart Chain bridge breach was a well-publicized incident that brought attention to these systems' weaknesses.

The year 2022's hacking history

According to a report by Immunefi, the web3 ecosystem had a "loss" of almost $1.23 billion in the first quarter of 2022.
According to the report, this amount is an increase of 695 percent over the quarter-ago quarter's losses of $154.6 million.

As of April 4, several DeFi protocols have around $230 billion in total value locked (TVL). According to information from DefiLlama, that TVL is 170% more than the date one year ago, when it was $84.91 billion.

According to a report by Immunefi, the web3 ecosystem had a "loss" of almost $1.23 billion in the first quarter of 2022.

According to the report, this amount is an increase of 695 percent over the quarter-ago quarter's losses of $154.6 million.
As of April 4, several DeFi protocols have around $230 billion in total value locked (TVL). According to information from DefiLlama, that TVL is 170% more than the date one year ago, when it was $84.91 billion.

With losses totaling over $718 million, October alone has become the worst month ever for crimes involving cryptocurrencies. The amount taken from various decentralized finance (DeFi) protocols across 11 different attacks was noted in data provided by Chainalysis last week.

Mango Markets Hack

The Solana blockchain's decentralized finance (DeFi) trading platform Mango Markets has been the most recent target of hackers, who stole $117 million from it. Mango Market said in a tweet that the hack was the result of price-fixing on the local MNGO token.

To lessen the impact of the attack, the platform stopped all operations and stopped all deposits and withdrawals.
Blockchain security company OtterSec, which discovered the assault, claims the attacker used the MNGO token's price oracle data to obtain "large" uncollateralized crypto loans from the Mango Treasury.

An oracle is a device that provides the blockchain with pertinent off-chain data so that smart contracts can use it. A price oracle displays a digital asset's price data.

The USDC stablecoin was used as the price reference for an MNGO perpetual swap, but there was little liquidity between MNGO and it on the exchange market.

Following the incident, the hacker who carried out the attack requested payment, considering any unpaid amount to be insurance and a bug reward. The community treasury, worth 70,000,000 USD Coin (or $70,000,000), will be used to pay for this.

In addition, the hacker has made a settlement offer, requesting that users who support it agree to pay the bounty, settle the bad debt with the Treasury, waive all claims against accounts with bad debt, and avoid any criminal investigations.

Gala Hacks

After what has been referred to as a "multi-billion dollar exploit," Gala Games (GALA) is attempting to allay "FUD" (fear, uncertainty, and doubt).

The blockchain gamefi business has assured its users on Twitter that this was only routine and the price is rising.

An alleged attacker created $2 billion worth of GALA on Nov. 3 and sold some of the tokens on PancakeSwap, earning a total of 12,977 BNB, which was worth about $4.5 million at the time. This reduced the value of the tokens and depleted a PancakeSwap pool.

Huobi Global, a cryptocurrency exchange platform, stated the GALA event that happened on November 3 and caused a 20% drop in the price of the GALA token. The bitcoin exchange adds that this incident was a hostile hack motivated by profit and ill faith, not a "white operation."

Huobi Global said that pNetwork, the maker of the GALA tokens and a provider of DeFi routing infrastructure and gaming tokens, never informed Huobi of its plans to exploit the misconfiguration vulnerability by issuing worthless tokens valued at $1 billion.

As both the pNetwork and GALA teams were aware of the disastrous consequences of the operation, Huobi claimed that minting such a large number of tokens was "groundless and farfetched." The statement went on to claim that pNetwork's breach was concealed as a "white hat" to avoid legal repercussions.

The world's top virtual asset trading platform issued an apology to all exchange users who had been wronged by pNetwork's actions and promised to defend their rights and property by assembling the victims, acting as their representatives in class action lawsuits, and filing police reports to pursue criminal charges against the pNetwork perpetrators.

FTX Hack

Leading centralized cryptocurrency exchange FTX Exchange is known for its expertise in derivatives and leveraged products. It is the second-largest cryptocurrency exchange in the entire world.

According to Elliptic Enterprises, a crypto analytics company, the assets were removed from the network under "strange circumstances," according to a Wall Street Journal (WSJ) story that stated that more than $500 million (€482 million) in cryptocurrency funds looked to be missing.

ZachXBT noted in a message to The Washington Post, "The attacker removed assets from FTX/FTX U.S. and started selling them for assets that can't be blocked." The remaining assets appear to have thereafter started to be saved by FTX personnel.

The hacked assets were able to be frozen by some crypto companies, rendering them useless, he continued. The dollar-pegged cryptocurrency Tether was able to freeze around $31 million.

In his opinion, it is still unclear whether the attacker had insider knowledge of FTX's computer systems. (The blockchain, the analysis's chosen digital ledger, does not provide individually identifying information.) According to some experts, when a business shuts down swiftly, security may be left insufficient, giving opportunistic hackers an advantage.

Since a verified account was used at Kraken and FTX was advising customers not to use the app, outside security experts stated that an insider was likely involved, either as a perpetrator or as a victim whose credentials were compromised and used as a stepping stone in the attack.

Conclusion

Given that more than 300 bitcoin companies have entered the market as a result of DeFi's success, fraudsters now have access to a new, lucrative avenue. Even though smaller exchanges have been launched, which may not have the cybersecurity personnel required to secure their new ecosystems, blockchain is widely believed to be a secure technology. The code for these platforms is frequently publicly accessible, which provides attackers with plenty of time to plan attacks, as was the case with the Wormhole hack, which was the second-largest of its kind after the Poly Network heist, which cost that cryptocurrency platform more than $600 million (the dhacker later returned all of the funds).

DeFi-A safe approach to Finance

Aditya Singh — Sat, 12 Nov 2022 09:32:21 +0000

What Is Decentralized Finance (DeFi)?

Through "smart contracts," which are merely pieces of code that are deployed and executed on the blockchain, peer-to-peer value transactions can now be programmatically executed based on a set of conditions, thanks to the emergence of public blockchain networks like Ethereum. Decentralized applications, or "dapps," are applications created using smart contracts. They are a primary driving force behind the growing interest in using bitcoin, or digital currency, in industry. In practice, DeFi services are dapps that use the strength of smart contracts and the public blockchain's decentralized nature to offer globally accessible financial services.

Decentralized finance, also known as "DeFi," refers to the shift away from traditional, centralized financial systems and toward peer-to-peer financing enabled by decentralized technology based on the Ethereum blockchain.
DeFi technology generates decentralized money and does away with the need for central banks under the power of the government to produce and manage the currency. But DeFi technology can also offer a wide range of additional blockchain-based financial services applications. DeFi technology is used by fintech businesses to provide insurance, stock trading, savings accounts, and loans, among other services.
DeFi does away with the usage fees that banks and other financial institutions impose. Anyone with an internet connection can use DeFi, and users can store money in a safe digital wallet and transfer money quickly.

Centralized Finance vs. Decentralized Finance (DeFi)

Centralized Finance
In centralized finance, banks and other third parties hold the funds and enable the transfer of funds between parties; each party charges a fee for its use. An acquiring bank receives the card information from the merchant and passes it on to the credit card network to complete the credit card transaction.
The network authorizes the charge and asks the bank for payment. Because retailers typically have to pay for the usage of credit and debit cards, each link in the chain is paid for the services it provides.
CeFi is limited by banking hours for particular actions, and transactions can be cumbersome, requiring settlement times on the back end.
Centralized finance oversees all financial activities, including loan applications and local bank services.

Decentralized Finance
DeFi is a market segment that offers financial services and products that are available to anybody with an internet connection and run independently from banks or other third-party businesses. Since the decentralized financial market is always active, transactions happen in close to real-time and cannot be stopped by an intermediary. Your cryptocurrency is available for storage anywhere, including on computers, in hardware wallets, and in other locations.
By enabling individuals, businesses, and merchants to perform financial transactions through new technologies, decentralized finance eliminates middlemen. DeFi makes use of the connection, software, hardware, security protocols, and peer-to-peer financial networks.
People can lend, trade, and borrow using software that logs and validates financial transactions in distributed financial databases from anywhere there is an internet connection. A distributed database collects and aggregates data from all users and utilizes a consensus process to verify it, making it available from different locations.
By enabling anyone to use financial services wherever they are, regardless of who they are or where they are located, decentralized finance eliminates the need for a centralized finance model. Through individual-focused trading services and personal wallets, DeFi applications give users more control over their finances.

How Does DeFi Work?

DeFi goes beyond the generation of new digital money or value, even though it is commonly addressed about cryptocurrencies. The purpose of DeFi's smart contracts is to replace conventional financial systems.
The blockchain technology that cryptocurrencies employ is used in decentralized finance. A distributed and secure database or ledger is referred to as a blockchain. The blockchain is operated and transactions are handled by programs known as dApps.
Some of the ways people are engaging with DeFi today:
1. Lending: Earn interest and rewards for lending out your cryptocurrency every minute, rather than just once a month.

2. Getting a loan: Instantly apply for a loan without having to fill out any paperwork, even the incredibly brief "flash loans" that conventional financial institutions do not provide.

3. Trading: Make peer-to-peer cryptocurrency trades, just like you would if you were buying and selling securities without using a broker.

4. Saving for the future: Put a portion of your cryptocurrency into an alternative to a savings account to earn higher interest rates than you would ordinarily receive from a bank.

5. derivatives: Invest in specific assets, long or short. Consider them the cryptocurrency equivalent of stock options or futures contracts.

Is DeFi safe?

DeFi technology is relatively new, thus unanticipated negative effects are possible. Because startup failure is so common, new businesses that use DeFi technology run the risk of failing, and programming mistakes might give hackers access to lucrative systems. Your money could be completely lost if you invest in or store money with a DeFi enterprise that fails.
While DeFi platforms typically don't offer any method of recovering lost money, deposits with traditional, centralized financial institutions are covered by the Federal Deposit Insurance Corporation (FDIC). If a regular financial transaction goes wrong, a customer can register a complaint with the Consumer Financial Protection Bureau (CFPB), but if you fall victim to a fraudulent DeFi transaction, there is no such recourse available.
It's interesting to note that a different kind of DeFi program is becoming accessible to overcome these shortcomings. Those looking for a way to safeguard themselves against losses from other smart contracts are being offered decentralized insurance, which is produced by individuals pooling their money as collateral. The premiums paid by those who are insured are collected by the individuals who contribute to the bitcoin pools.

What are the downsides DeFi?

Active trading can become expensive due to the Ethereum blockchain's fluctuating transaction rates.
Given that this is a new technology, your investment may experience high volatility depending on the dapps you use and how you use them.
For tax purposes, you must keep your own records. Regional differences in regulations are possible.

A Complete Guide to NFTs

Aditya Singh — Sun, 06 Nov 2022 06:55:54 +0000

What are NFTs?

Non-fungible tokens (NFTs) are cryptographic assets on a blockchain that can be distinguished from one another by their distinctive identifying codes and metadata. A digital asset known as an NFT is a representation of a real-world item, such as artwork, music, in-game items, or films. They are regularly purchased and traded online in exchange for other cryptocurrencies, and they are typically encoded using the same software as many other cryptocurrencies.

The same kind of programming that is used to develop cryptocurrencies is typically used to create NFTs. These cryptographic assets are built on blockchain technology, to put it simply. They cannot be traded or exchanged in the same manner as other cryptographic assets.

NFT stands for a non-fungible token, which means that because of its special characteristics, it cannot be changed or exchanged.

Almost everyone says "en eff tee" to spell NFT out. The brave refer to them as "nefts."

How do NFTs work?

The blockchain, a distributed public ledger used to record transactions, is where the majority of NFTs are found. NFTs are discrete tokens that contain priceless information. They can be purchased and sold similarly to other physical forms of art because their worth is mostly determined by the market and demand. Thanks to their distinctive data, it is simple to confirm and validate the ownership of NFTs as well as the transfer of tokens between owners.

NFTs are specifically stored on the Ethereum blockchain, although they can also be used on other blockchains.

Digital things that represent both tangible and ethereal objects are "minted" into an NFT, such as:

Art
GIFs
Videos and sports highlights
Collectibles
Virtual avatars and video game skins
Designer sneakers
Music

Even tweets count. Twitter co-founder Jack Dorsey sold his first
ever tweet as an NFT for more than $2.9 million.

What are NFTs used for?

NFTs and blockchain technology give artists and content producers a special chance to monetize their works. Making money with NFTs is not limited to the arts. To generate money for charity, companies like Taco Bell and Charmin have auctioned off themed NFT artwork. Nyan Cat, a GIF from 2011 depicting a cat with a pop-tart body, sold in February for about $600,000. And as of late March, sales of NBA Top Shot exceeded $500 million. LeBron James' single-clip NFT sold for more than $200,000

People interested in Crypto-trading and people who like to collect artwork often use NFTs. Other than that, it has some other uses too like:

Digital Content : Digital material is currently where NFTs are used most extensively. NFTs fuel a "creator economy," where creators cede ownership of their work to the platforms they use to promote it, boosting the profitability of content providers.

Gaming Items : Game makers have shown a lot of interest in NFTs. NFTs can provide players with a variety of advantages. Typically, the only thing you can do in an online game is purchase goods for your character.

Investment and Collaterals : The infrastructure is shared by DeFi (Decentralized Finance) and NFT. DeFi programmes allow you to borrow money with the use of security. Together, NFT and DeFi investigate the possibility of using NFTs as collateral instead.

Domain Names : NFTs give your domain a name that is easier to remember. By making an IP address more memorable and valuable—typically based on length and relevance—this functions similarly to a website domain name.

How to Buy NFTs?

Many NFTs can only be purchased with Ether, so owning some of this cryptocurrency—and storing it in a digital wallet—is usually the first step. You can then purchase NFTs via any of the online NFT marketplaces, including OpenSea, Rarible, and SuperRare.

Popular NFT Marketplaces

OpenSea.io : The self-described "purveyor of rare digital objects and collectibles" on this peer-to-peer platform. You only need to create an account to begin browsing NFT collections.

Rarible : Rarible is a democratic, open marketplace that enables artists and producers to issue and sell NFTs, much like OpenSea. Holders of RARI tokens issued on the platform can comment on aspects like fees and community regulations.

Foundation : On this site, artists must request or extend an invitation from other creators before they may upload their work. Assuming the demand for NFTs stays at present levels or perhaps rises over time, this community's exclusivity boasts higher-caliber artwork.

Can we copy or download a digital file?

Any digital file, including the artwork included with an NFT, may be copied as many times as you like.

However, NFTs are made to grant you ownership of the work, which cannot be replicated (though the artist can still retain the copyright and reproduction rights, just like with physical artwork). In terms of purchasing physical works of art, anyone can purchase a Monet print. But the original can only be owned by one individual.

I was preoccupied with downloading the identical file that the individual spent millions of dollars for by right-clicking on that nft image.

MAN IN THE MIDDLE ATTACK

Aditya Singh — Thu, 29 Sep 2022 04:20:56 +0000

What is Man In The MIDDLE (MITM) attack

A man-in-the-middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. In another way, we can say that a man-in-the-middle (MITM) attack is a type of cyber attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other. The attack is a type of eavesdropping in which the attacker intercepts and then controls the entire conversation.

The goal of an attack is to steal personal information, such as login credentials, account details, and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites, and other websites where logging in is required.

Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers, or an illicit password change.

Additionally, it can be used to gain a foothold inside a secured perimeter during the infiltration stage of an advanced persistent threat (APT) assault.

Broadly speaking, a MITM attack is an equivalent of a mailman opening your bank statement, writing down your account details, and then resealing the envelope and delivering it to your door.

How do MITM attacks work?

During MITM attacks, cybercriminals insert themselves in the middle of data transactions or online communication. Through the distribution of malware, the attacker gains easy access to the user's web browser and the data it sends and receives during transactions. Online banking and e-commerce sites, which require secure authentication with a public key and a private key, are the prime targets of MITM attacks as they enable attackers to capture login credentials and other confidential information.
Typically, these attacks are carried out through a two-step process known as data interception and decryption.

Interception Phase
Data interception entails an attacker intercepting a data transfer between a client and a server. The attacker tricks the client and the server into believing that they are exchanging information with each other, while the attacker intercepts the data, creates a connection to the real site, and acts as a proxy to read and insert false information into the communication.
Decryption Phase
The decryption phase is where the intercepted data is unencrypted. This essential step enables the attacker to finally decipher and use the data to their advantage; for example, they can carry out identity theft or cause disruptions to business operations.

Example:

What are the types of man-in-the-middle attacks?

Some of the attacks are:

Internet Protocol spoofing

It involves an attacker disguising himself as an application by altering packet headers in an IP address. As a result, users attempting to access a URL connected to the application are sent to the attacker’s website.

Domain Name System spoofing

This is a type of man-in-the-middle attack where cybercriminals alter domain names to redirect traffic to fake websites. Users might think that they are reaching a secure and trusted website, but instead, they land on a website operated by cybercriminals. The main aim behind DNS spoofing is to reroute traffic to a fake website or to capture user login credentials.

Address Resolution Protocol (ARP) spoofing

It is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is connected to an authentic IP address, the attacker will begin receiving any data that is intended for that IP address. ARP spoofing can enable malicious parties to intercept, modify or even stop data in-transit. ARP spoofing attacks can only occur on local area networks that utilize the Address Resolution Protocol.

HTTPS spoofing

In this attacker uses a domain that looks very similar to that of the target website. With this tactic, also known as “homograph attack”, the characters in the target domain are replaced with other non-ASCII characters that are very similar in appearance. The unsuspecting user is very unlikely to notice the difference and is rest assured by the browser’s secure connection indication.

Secure Sockets Layer (SSL) hijacking

SSL is a protocol that establishes an encrypted connection between a browser and the web server. During SSL hijacking, a cybercriminal might use another computer and a secure server to intercept all information traveling between the server and the end user's computer.

Email hijacking

This is a type of MiTM attack where cybercriminals gain control of email accounts of banks and other financial institutions to monitor any transactions that users conduct. Cybercriminals may even spoof the bank's email address and send instructions to customers that lead them to unknowingly transfer their money to the cybercriminals.

Wi-Fi eavesdropping

This MITM attack is one of the many risk factors posed by public Wi-Fi. During this attack, public Wi-Fi users get tricked into connecting to malicious Wi-Fi networks and hotspots. Cybercriminals accomplish this by setting up Wi-Fi connections with names that resemble nearby businesses.

Session hijacking

Also known as stealing browser cookies, this malicious practice takes place when cybercriminals steal personal data and passwords stored inside the cookies of a user's browsing session. Sometimes, cybercriminals can gain endless access to users' saved resources. For example, they might steal users' confidential data and identities, purchase items or steal money from their bank accounts.

PHISHING ATTACK

Aditya Singh — Thu, 25 Aug 2022 18:14:08 +0000

What is Phishing?
Phishing is a type of cybersecurity attack during which malicious actors send messages pretending to be a trusted person or entity. Phishing messages manipulate a user, causing them to perform actions like installing a malicious file, clicking a malicious link, or divulging sensitive information such as access credentials. Phishing is the most common type of social engineering, which is a general term describing attempts to manipulate or trick computer users. Social engineering is an increasingly common threat vector used in almost all security incidents. Social engineering attacks, like phishing, are often combined with other threats, such as malware, code injection, and network attacks.

Can you spot a phishing attack?

=> Sometimes you can spot a phishing attack and avoid trouble by just deleting the message. Some of the signs might include:

Suspicious looking source email address
Generic greeting like “Dear customer” – instead of the customization most organizations offer
Spoofed hyperlinks – if you can hover your mouse over the link, the destination displayed in the preview might be completely different than the destination displayed in the message
Poor spelling, or sloppy layout
Suspicious or unusual attachments – treat all attachments and links with caution

How to avoid being tricked by phishing

Always be suspicious of any message that requests you to click a link or open an attachment.
Be cautious of any message communicating a sense of urgency or dire consequences should you fail to take immediate action.
If you are concerned about a message, contact the person or the organization using a different, validated method like a phone number you already had or check the organization’s website ‘Contact Us’ information. Never use the links or contact information in the message you are concerned about.
Be careful not to provide personal or sensitive information in response to a message.

What should you do if a phishing attack is successful?

=> If you believe you may have fallen victim to a phishing attack, here are some suggested steps:

Change any affected passwords – If possible, immediately change the password for any affected accounts. If this password was also used for other online accounts, change the passwords for those accounts to something unique and strong.
Contact the fraud department of the breached account – If the phishing attack compromised your company’s account at a financial institution, contact the bank immediately to report the incident. Monitor for unauthorized transactions to the account. If a personal account was involved, contact the 3 major credit bureaus to enable fraud alerts.
Notify appropriate people in your company – follow your company’s incident response plan to ensure the appropriate personnel are aware of the incident.
Notify affected parties – if personal data of others (e.g., customers, suppliers) was compromised, be sure to notify them. The compromised personal data could be used for identity theft. Check the website of your state’s attorney general for information on data breach notification requirements.

Above image shows how to check/analyse that how phishing email looks like.

Types of phishing attack

-> Email Phishing
Most phishing attacks are sent via email. Attackers typically register fake domain names that mimic real organizations and send thousands of common requests to victims.

For fake domains, attackers may add or replace characters (e.g. my-bank.com instead of mybank.com), use subdomains (e.g. mybank.host.com) or use the trusted organization’s name as the email username (e.g. mybank@host.com).

Many phishing emails use a sense of urgency, or a threat, to cause a user to comply quickly without checking the source or authenticity of the email.

Email phishing messages have one of the following goals:

Causing the user to click a link to a malicious website, in order to install malware on their device.
Causing the user to download an infected file and using it to deploy malware
Causing the user to click a link to a fake website and submit personal data.
Causing the user to reply and provide personal data.
Spear Phishing
Spear phishing includes malicious emails sent to specific people. The attacker typically already has some or all of the following information about the victim:

Name
Place of employment
Job title
Email address
Specific information about their job role
Trusted colleagues, family members, or other contacts, and samples of their writing

This information helps increase the effectiveness of phishing emails and manipulate victims into performing tasks and activities, such as transferring money.

-> Whaling
Whaling attacks target senior management and other highly privileged roles. The ultimate goal of whaling is the same as other types of phishing attacks, but the technique is often very subtle. Senior employees commonly have a lot of information in the public domain, and attackers can use this information to craft highly effective attacks.

Typically, these attacks do not use tricks like malicious URLs and fake links. Instead, they leverage highly personalized messages using information they discover in their research about the victim. For example, whaling attackers commonly use bogus tax returns to discover sensitive data about the victim, and use it to craft their attack.

-> Smishing and Vishing
This is a phishing attack that uses a phone instead of written communication. Smishing involves sending fraudulent SMS messages, while vishing involves phone conversations.

In a typical voice phishing scam, an attacker pretends to be a scam investigator for a credit card company or bank, informing victims that their account has been breached. Criminals then ask the victim to provide payment card information, supposedly to verify their identity or transfer money to a secure account (which is really the attacker’s).

Vishing scams may also involve automated phone calls pretending to be from a trusted entity, asking the victim to type personal details using their phone keypad.

-> Angler Phishing
These attacks use fake social media accounts belonging to well known organizations. The attacker uses an account handle that mimics a legitimate organization (e.g. “@pizzahutcustomercare”) and uses the same profile picture as the real company account.

Attackers take advantage of consumers’ tendency to make complaints and request assistance from brands using social media channels. However, instead of contacting the real brand, the consumer contacts the attacker’s fake social account.

When attackers receive such a request, they might ask the customer to provide personal information so that they can identify the problem and respond appropriately. In other cases, the attacker
provides a link to a fake customer support page, which is actually a malicious website.