When trying to regain your access Kraken account, you may be asked to hop on a video call with a support agent to verify who you really are.
Last month, the centralized exchange said it caught a man wearing a Halloween-style rubber mask trying to fool an employee on the other side of the call—but it didn't work.
The attacker raised several red flags on the first round of checks, such as not naming the assets the account held. These flags cause the agent handling the case to request a video call to grant access to the account. During the call, the Kraken employee asked some more questions and checked the man's ID.
The striker failed at this stage – spectacularly.
“Our agent was like, ‘This is absolutely ridiculous. This is the rubber mask that the man is wearing,” said Kraken's chief security officer Nick Percoco They spoke Decrypt.
The mask didn't even look like the person he claimed to be the attacker, Percoco said. The victim was a Caucasian male in his early 50s, so it appeared to Percoco that the assailant was wearing a mask that easily fit the description.
And this isn't the first time someone has tried to trick the Kraken.
“[We] “Look at things where people are wearing fake beards from time to time,” he said. Decrypt. “They show [ID] And they look close because they wear the same style glasses, have beards, and have blond hair. We see this from time to time. They will never pass.”
“But this is the first time that someone has gone out to a clothing store to get a mask,” he added.
To make matters worse, the attacker didn't even have reliable identification. Despite having the correct information, it was “clearly” Photoshopped and printed on card stock, Percoco explained.
Although this is not a sophisticated attack, it highlights that even fraudsters can access the personal information of everyday people. Even with such an unfiltered attempt, Percoco believes, attackers can see success.
I think it should be. [work]He told Decrypt: “I think people in suits, people hacking somewhere else and getting a copy of a government ID and then printing it on shiny paper… For some exchanges, that probably works..”
He said some exchanges lacked the attention to detail Kraken required from his team. Percoco specifically points to companies that offer their support, which is likely to lead to a mistake.
If he's right, it means people using a centralized exchange don't always have to rely on the company to protect against bad actors. Percoco says users should deploy to protect themselves. Two-step verification “Everywhere” – from your email to good – to prevent bad actors from gaining access to any personal information at any cost.
Even if such protection methods are used, users can still fall victim to phishing scams. For the highest level of safety, it is recommended to use FIDO2 And Password keysYour phone or laptop are hardware keys that allow you to change the password for your account.
“Passwords are encrypted with the websites and applications you use, so you can't be fooled into thinking you're getting into Kraken,” he said.
Edited by Andrew Hayward.
Daily Debrief Newspaper
Start every day with top news stories, plus original features, podcasts, videos and more.
