Cointribune Hit By Scam Mimicking Its Newsletter Design
In a digital context where threats are multiplying, unfortunately Cointribune is no exception to the rule. For the past few hours, our media has been the target of a phishing attempt directly targeting our audience through our newsletter. It is essential to quickly inform you of the situation and provide you with the keys to protect yourself.
In brief
- Cointribune alerts its readers following a phishing attempt targeting its newsletter.
- Phishing is a fraudulent technique aimed at extracting sensitive information by email.
- Cybercriminals used a hacked database to send a fake message in the name of Cointribune.
- The fake email falsely announces an airdrop of $CTB tokens, encouraging connection of a Web3 wallet.
What is a phishing attempt ?
Phishing is a cyberattack technique intended to deceive a user in order to extract sensitive information (usernames, passwords, banking data…) or encourage them to click on a malicious link. Most often, the attack takes the form of an email or message mimicking a trusted source, a company, an institution, or in this specific case, a media outlet.
These fraudulent messages are designed to appear credible. They use logos, colors, editorial tone, and sending addresses similar to those of the impersonated entity. Their goal is clear : to make you click on a trap link or push you to interact with content that will compromise your personal data or your crypto wallet.
Phishing is one of the most common threats in the Web3 sector, where assets are directly accessible through digital wallets. A single click can be enough to empty a wallet or compromise access to a platform.
🎯 An attack targeting the readers of our newsletter
The ongoing phishing attempt specifically targets subscribers to our newsletter. Cybercriminals, in all likelihood, gained access to our contact database, allowing them to send a fraudulent email almost perfectly imitating our official communications.
The email comes from the address [email protected] and announces the launch of a fake $CTB token, presented as native to Cointribune. Under the pretext of a free token allocation, recipients are encouraged to click on a “Claim Now” button to connect their Web3 wallet.
Here is an excerpt :
“You are eligible to receive tokens as part of the new $CTB distribution program! […] Please connect your Web3 wallet through our secure portal below.”
This is a scam. Cointribune has never launched a $CTB token nor conducted any distribution. The hackers’ objective is to get you to connect your wallet to a trapped interface to take control of it or empty your funds.
Their message perfectly copies our graphic charter, editorial tone, and even the visual header of our usual newsletters, making it particularly dangerous for unsuspecting readers.
In response to this attack, our team immediately took the following measures :
- Technical investigation to identify the exploited vulnerability ;
- Strengthening the security of our Substack infrastructure ;
- Awareness campaign to alert and protect our community.
How to identify and avoid the trap : our advice to stay safe
In this attack, cybercriminals use a fake domain name very close to ours to spread their fraudulent emails. This method is known as domain spoofing and aims to create confusion in the reader’s mind.
- The detected fraudulent domain is : [email protected] ;
- Our one and only official domain remains : cointribune.com.
This subtle difference, the addition of a hyphen and a letter, can go unnoticed during quick reading. This is exactly what the hackers are counting on: playing on trust and visual habit.
Some simple rules to protect yourself
- Do not click on any link contained in a suspicious email ;
- Never provide your personal information or credentials following an unverified solicitation ;
- Immediately delete any email coming from dubious or unofficial addresses ;
- Report these emails to us by forwarding them to : [email protected].
How to recognize our real emails ?
- Always verify the full sender’s address. Our official communications only come from @cointribune.com or via Substack, identifiable by the domain substack.com.
- If in doubt, click on nothing: go directly to our site cointribune.com to verify the information.
- Our social communications are made exclusively through our official accounts.
Need assistance ?
If you have any doubts or think you have been a victim of this phishing attempt, immediately contact our team at the following address : [email protected].
We apologize to our readers for this incident and assure you that everything is being done to restore the integrity of our service. Events like this remind us how essential vigilance is in the crypto ecosystem.
Cointribune remains more committed than ever to providing reliable, secure, and transparent information.
Maximize your Cointribune experience with our "Read to Earn" program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.
Diplômé de Sciences Po Toulouse et titulaire d'une certification consultant blockchain délivrée par Alyra, j'ai rejoint l'aventure Cointribune en 2019. Convaincu du potentiel de la blockchain pour transformer de nombreux secteurs de l'économie, j'ai pris l'engagement de sensibiliser et d'informer le grand public sur cet écosystème en constante évolution. Mon objectif est de permettre à chacun de mieux comprendre la blockchain et de saisir les opportunités qu'elle offre. Je m'efforce chaque jour de fournir une analyse objective de l'actualité, de décrypter les tendances du marché, de relayer les dernières innovations technologiques et de mettre en perspective les enjeux économiques et sociétaux de cette révolution en marche.
The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.