- Hackers tried to scam Paraidgm’s head of security, Sam.
- Sam detailed his experience through a series of tweets.
- The tech leader explained how to spot and ensure protection from hackers.
Sam, the head of security at crypto investment firm Paradigm, tweeted earlier today that an anonymous account had tried to hack him with a crypto stealer.
1/ Today, someone tried to hack me with a crypto stealer, so I guess I’ve finally made it
Fortunately, they weren’t successful, but all it would’ve taken was three clicks. Read on to learn about how the attack works, how to protect yourself, and some basic malware analysis🕵️ pic.twitter.com/31qqUoATWL
— samczsun (@samczsun) July 5, 2022
Fortunately, the hackers were not successful. However, Sam says that all it would have taken was three clicks. He then went on to elaborate on how such an attack works and educated users on how to protect themselves.
Sharing a picture of the direct message which was sent to him, Sam says, “The first step is to create an urgent and compelling hook. When placed under pressure, even trained security professionals might act instinctively instead of rationally. This DM does both. If you clicked the link, then you’re only two clicks away from being pwned.”
Sam explains that clicking the link from such phishing messages automatically downloads files to the computer. The files then contain intriguing and curiosity-generating content that lures users.
“There are two files in the archive,” says Sam, sharing a screenshot of the archive. “If you have file extensions enabled, then you’ll see the first as a URL. If you don’t, then you’ll see the second as a PDF. Both of these are malicious, and opening either of them would give the attacker full access to your tokens.”
Elaborating on methods to protect oneself, the tech leader argues that the first step is to recognize when a message looks suspicious. The next step, Sam says, is to take a moment to gather one’s thoughts before making a decision.
However, his most important message is not to let curiosity win. “It might be tempting to snoop around, but threat actors know this and they’ll exploit it.”
Sam also discusses the malware analysis tech he uses to protect his data and tokens. Through this incident, the cybersecurity expert gives his followers insight into some of the common hacking methods and ways to stay safe.