--- title: "IPFS Phishing Attacks: Phishing Campaigns Using IPFS Network Protocol on the Rise | Phish Protection" description: "IPFS Phishing Attacks: Phishing Campaigns Using IPFS Network Protocol on the Rise: There is a significant rise in IPFS phishing attacks in 2023, causing a." image: "https://phishprotection.com/og/blog/ipfs-phishing-attacks-phishing-campaigns-using-ipfs-network-protocol-on-the-rise.png" canonical: "https://phishprotection.com/blog/ipfs-phishing-attacks-phishing-campaigns-using-ipfs-network-protocol-on-the-rise/" --- Quick Answer There is a significant rise in IPFS phishing attacks in 2023, causing a considerable stir in the digital landscape. Read on to learn about IPFS phishing attacks, including their \*\*types and modus operandi\*\*, and how to stay secure from their clutches. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fipfs-phishing-attacks-phishing-campaigns-using-ipfs-network-protocol-on-the-rise%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=IPFS%20Phishing%20Attacks%3A%20Phishing%20Campaigns%20Using%20IPFS%20Network%20Protocol%20on%20the%20Rise&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fipfs-phishing-attacks-phishing-campaigns-using-ipfs-network-protocol-on-the-rise%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fipfs-phishing-attacks-phishing-campaigns-using-ipfs-network-protocol-on-the-rise%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fipfs-phishing-attacks-phishing-campaigns-using-ipfs-network-protocol-on-the-rise%2F&title=IPFS%20Phishing%20Attacks%3A%20Phishing%20Campaigns%20Using%20IPFS%20Network%20Protocol%20on%20the%20Rise "Share on Reddit") [ ](mailto:?subject=IPFS%20Phishing%20Attacks%3A%20Phishing%20Campaigns%20Using%20IPFS%20Network%20Protocol%20on%20the%20Rise&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fipfs-phishing-attacks-phishing-campaigns-using-ipfs-network-protocol-on-the-rise%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/06/spear-phishing-protection-7470.jpg) There is a significant rise in IPFS phishing attacks in 2023, causing a considerable stir in the digital landscape. Read on to learn about IPFS phishing attacks, including their **types and modus operandi**, and how to stay secure from their clutches. [IPFS](https://docs.ipfs.tech/concepts/what-is-ipfs/#defining-ipfs)(InterPlanetary File System) is a modular suite of protocols and is a decentralized technology that makes an integral element of the Web 3.0 ecosystem used to transfer and organize data. Malicious actors have laid their hands on IPFS, too, for their nefarious purposes, as is the fate of any **emerging technology**. _They have started utilizing IPFS widely in their mass phishing campaigns._ The IPFS phishing attacks started in 2022 but have kicked into another gear recently and are being used in **mass-targeted** phishing scams. Below are more details about these IPFS [phishing](/resources/what-is-phishing) attacks, how they occur, IPFS phishing attack types, statistics, and how to protect yourself from such attacks. ### IPFS and Phishing _IPFS is a beneficial protocol for storing, handling and moving data._ It is an **open-source technology** that allows individuals to share and store information on the Internet, but in a decentralized way, focusing on efficiency and reliability. IPFS connects individual systems within a network and allows them to **share information directly**. These systems are secured using [P2P (Peer to Peer) networks](https://www.tutorialspoint.com/peer-to-peer-networks) without requiring any third party between them. ![Spear phishing protection](https://media.mailhop.org/phishprotection/images/2023/06/spear-phishing-protection-7470.jpg) However, the **decentralized nature** of the IPFS is a bane as much as a boon since malicious actors have taken a liking to using P2P data sites to spread [malware](/content/protection-against-malware/types-of-malware). Scam artists began using IPFS for phishing attacks in 2022, where they would place HTML (HyperText Markup Language) files with **phishing forms** in IPFS and employ gateways as proxies so that the victim would end up opening the file. They shared file access links through [phishing emails](/content/protection-from-phishing/how-to-prevent-phishing-emails) sent via the gateway to the victims. ### IPFS Phishing Attack Statistics > “Zero-day phishing URLs have an average lifespan of just 12 hours before they’re added to blocklists. During that window, traditional signature-based filters are blind. Our real-time behavioral analysis catches these threats by pattern, not by signature - which is how we detect attacks that no database has seen yet.” - **Adam Lundrigan**, CTO, DuoCircle Since the detection or deletion of links does not take place as quickly at the gateway level as it does as a blocking of a **phishing website** or document, these attacks are more severe . Furthermore, these attacks are not limited to mass email phishing campaigns but are employed in complex [targeted attacks](https://www.teiss.co.uk/news/brazilian-hackers-launch-targeted-attacks-on-portuguese-financial-institutions-12267). Researchers at Kaspersky[shared](https://www.kaspersky.com/about/press-releases/2023%5Fscammers-go-interplanetary-using-decentralized-file-system-in-their-campaigns)a press release with statistics about IPFS phishing attacks. The attacks showed a **significant spike** this year, with more than 24,000 phishing attempts every day in January and February, a number which was less than 15,000 in 2022\. February 2023 was the busiest month witnessing the most IPFS phishing attack activity, reaching 400,000 phishing messages. ### Types of IPFS Phishing Attacks Threat actors host **phishing kit** infrastructure on the IPFS network to camouflage their malicious activities. IPFS phishing attacks work in three significant ways, including: - **_Malicious URLs:_**Malicious actors use phishing messages, emails, pop-ups, and other channels that include links to **redirect victims** to malicious IPFS gateways. - **_DNS Spoofing:_** [Threat actors](/phishing-awareness/threat-actors-breach-reddit-and-access-internal-documents-code-and-business-systems) also create fake DNS (Domain Name System) that redirects individuals to malicious IPFS gateways. - **_SSL Certificates:_**Phishing scam artists employ a **fake SSL (Secure Sockets Layer) certificate** to show you that you are visiting a trusted website even when you’re on a malicious one. Using the distributed IPFS system, malicious actors can create a **permanent and untraceable** [phishing website](https://therecord.media/chatgpt-phishing-fake-websites-hackers-malware) that remains active even after removing the source. ![Phishing Attacks Statistical Overview 410x1024](https://media.mailhop.org/phishprotection/images/2023/06/Phishing-Attacks-Statistical-Overview-410x1024.jpg) ### What Makes IPFS Phishing Attacks Different? The threat actors scout a target and lure them with a phishing email that redirects them to a **fake page** designed to steal their credentials or financial information. The [phishing page](https://www.bleepingcomputer.com/news/security/phishing-page-embeds-keylogger-to-steal-passwords-as-you-type/) is **hosted on the IPFS** and is accessible using a gateway. Such a system allows the adversary to reduce the hosting cost and makes removing fraudulent content from the Internet challenging as it resides on **multiple systems** simultaneously. ### How to Protect Against IPFS Phishing Attacks? Kaspersky’s researchers also shared what individuals and businesses can do to protect against IPFS phishing attacks, including: - **_Cybersecurity Hygiene Training:_** Organizations should train the staff with [cybersecurity hygiene](https://snyk.io/learn/cybersecurity-hygiene/) training and conduct **simulated phishing** attacks so their workforce knows how to tell phishing emails apart. - **_System/Network Protection Tools:_** Individuals and organizations should invest in endpoint and mail server protection tools with [anti-phishing](/content/anti-phishing-software/anti-phishing-techniques/content/anti-phishing-software/anti-phishing-techniques) capabilities to avoid phishing emails and the chances of phishing infections sliding through. - **_Cloud Protection Tools:_** Users must also adopt **anti-spam** and anti-phishing tools dedicated to the cloud to protect applications, communication, and storage associated with the **cloud data**. ### Final Words Threat actors have been using the IPFS file distributions in phishing, leading to IPFS phishing attacks since mid-2022 . Even a technology that is supposed to be safe, reliable, and decentralized and a **significant technological marvel** of Web 3.0 could become a tool of [malicious actors](/phishing/malicious-actors-exploit-commenting-feature-in-google-docs-to-send-phishing-emails)! The IPFS phishing attacks indicate to what extent these threat actors could go and how they **constantly update** their tactics. It would be best to always stay on your guard with robust [phishing protection](/) measures and look out for phishing emails to protect your digital lives. ## Topics [ Phishing ](/tags/phishing/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Foundational 5m 0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[ Foundational 4m 13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[ Foundational 4m All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[ Foundational 4m 2021 Phishing Trends You Need To Be Wary Of Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"IPFS Phishing Attacks: Phishing Campaigns Using IPFS Network Protocol on the Rise","description":"IPFS Phishing Attacks: Phishing Campaigns Using IPFS Network Protocol on the Rise: There is a significant rise in IPFS phishing attacks in 2023, causing a.","url":"https://phishprotection.com/blog/ipfs-phishing-attacks-phishing-campaigns-using-ipfs-network-protocol-on-the-rise/","datePublished":"2023-06-06T09:03:38.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-06-06T09:03:38.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/ipfs-phishing-attacks-phishing-campaigns-using-ipfs-network-protocol-on-the-rise/"},"articleSection":"foundational","keywords":"Phishing","wordCount":871,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/06/spear-phishing-protection-7470.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"IPFS Phishing Attacks: Phishing Campaigns Using IPFS Network Protocol on the Rise","item":"https://phishprotection.com/blog/ipfs-phishing-attacks-phishing-campaigns-using-ipfs-network-protocol-on-the-rise/"}]} ```