Cybersecurity Alert: The New Phishing Scam Hitting OpenSea Users

Originally published on my blog.

TL;DR

A new phishing scam is targeting OpenSea users through email. Exercise caution and stay vigilant.

!TL;DR

I recently encountered an email that surprisingly bypassed my spam filters. The subject line read: "Your asset has recently received a new deal [C02aaA]".

The email included an image, showcasing what appeared to be a legitimate notification from OpenSea:

The email read:

​New Offer Detected

Your asset has recently received a new deal.

Details:
Offer TxID: C02aaA
Buyer ID: Jamesmatic02

Review The Offer

This email is being sent to you as you have agreed to receive information from us. If you wish to stop receiving this type of information, please opt-out using the available unsubscribe option. Kindly avoid responding directly to this email. For any questions, reach out to our Support Center using the provided contact details.

Best regards.

Update your email preferences or unsubscribe here
© 2024 Sale Team
228 Park Ave S, #29976, New York, New York 10003, United States
beehiiv logoPowered by beehiiv

Clicking the Review The Offer button redirects users to a phishing site, an exact replica of OpenSea, which then prompts for login credentials, effectively stealing them.

How to Protect Yourself

In situations like these, here are some crucial steps to ensure your online safety:

• Verify the Email Sender
  • Always check the sender's email address. Phishing attempts often come from email addresses that are misspelled or use different domains.
• Inspect the Domain Link
  • Be meticulous about the URL. Phishing sites usually have URLs closely resembling the legitimate site, with subtle misspellings or different domain extensions. For instance, instead of https://opensea.io/, it might be https://openseasecure.io/
• Avoid Clicking Suspicious Links
  • If an email asks you to click a link, hover over it first to preview the URL. If it looks suspicious, do not click it.
• Use Two-Factor Authentication
  • Always enable two-factor authentication (2FA) on your accounts if possible, as this adds an extra layer of security
• Regularly Update Your Passwords
  • Change your passwords frequently and avoid using the same password across different platforms.
• Install Security Software
  • Use reliable anti-virus and anti-malware software. These can often detect and alert you to suspicious websites and emails.
• Check Official Websites Directly
  • If you receive an unexpected offer or alert, go directly to the official website by typing the URL into your browser, rather than clicking on links in emails.

Conclusion

By staying informed and cautious, you can significantly reduce the risk of falling victim to phishing attacks. Remember, in the digital realm, vigilance is your best defense. Stay safe out there!