Phishing is a type of cyber attack where hackers steal sensitive information from unsuspecting victims by posing as someone they know, such as an online retailer or bank. Phishing scams are designed to trick people into handing over their personal information and passwords, which can be used for identity theft and other nefarious purposes.
Unfortunately, the crypto space has seen its share of phishing attacks, one recent example being the MyEtherWallet scam in March 2018. We will explore what crypto phishing is, how it's done, and ways you can avoid becoming a victim.
Crypto Phishing Methods
The simplest type of cryptocurrency phishing is the good old spam mailing of emails, allegedly sent by one or another web service. In this case, emails are sent on behalf of the sites of cryptocurrency wallets or exchanges.
These fake emails look noticeably more detailed, neat, and cleverly written than phishing emails on average. Let's say it might be a security alert that says that someone recently tried to log into your account from such and such an address and such and such a browser - follow the link to check if everything is in order. The user could configure himself to receive such messages on the wallet website - and thus would not notice anything unexpected or alarming.
It also may be an invitation to participate in a survey dedicated to specific events in the world of cryptocurrencies for which not an incredibly large but very generous reward is promised. "Follow the link to start the survey." Do not follow such links!
Recently, a more sophisticated phishing scheme was discovered, directly related to cryptocurrencies and some, let's say, exciting features of the interface and how Facebook works.
Fraudsters find a particular cryptocurrency community and create a Facebook page with the same name as the official community page and with an identical design. The address of the fake page is very similar to the address of the real one - it differs by only one letter. It is not so easy to see because, on Facebook, the names of organizations and people are always displayed much larger and more noticeable than real addresses.
The scammers then send phishing messages to members of the natural community on behalf of the fake page.
Another way of deception is the schemes of scammers with offers to transfer bitcoins or part of them to a separate wallet with the further possibility of allegedly receiving a percentage of this amount. It may seem that this method has already been "used," and no one will take such a proposal seriously, but as practice shows, people are still deceived even in such seemingly ridiculous ways.
In connection with the popularization of social media, attackers direct their forces to them. In these sources, more and more cases of deception and theft of accounts of cryptocurrency owners began to be recorded. Separate groups or chats are created with the owners of crypto wallets, in which communication takes place, including discussion of various information related to the activities of crypto amateurs. At one point, the creators of this group throw off fake pages of cryptocurrency exchanges, in which unsuspecting users leave their data.
You need to understand that cryptocurrency exchanges are not some charitable foundation and don't give away money to anyone. You should check the quality of the specified links and, in no case, go to suspicious ones. It would be safer to manually enter a link to an already verified site in the browser bar.
How to Avoid Being Scammed
- Be wary of scams. When dealing with uninvited contacts – whether it's over the phone, by mail, email, in person, or on social media – always consider that you could be faced with one. Remember this: if something looks too good to be true, then it probably is!
- Remember that cryptocurrency services are not charitable organizations, and they do not give money left and right. If you are promised a cryptocurrency for free, there is likely something suspicious there, so watch out.
- Always check all links carefully. Do not click the links from messages from Internet services at all. Manually enter the address of the desired service into the address bar of your browser.
- To avoid scams on Facebook, set up your privacy carefully: choose the password carefully and don't share it with anyone. Don't use simple passwords like "password123!" because they're easy to guess; update your passwords regularly, and make sure they're difficult for others to think of by using a mix of upper case letters, numbers, and symbols.
- Be cautious when opening random texts, pop-up windows, and links in emails. If this is not something you should do, or if it's suspicious to you for whatever reason, delete the text/email right away. To verify that an email contact (or any other type of contact) is legitimate, don't use information from a message sent by them; instead, find your answer through another source such as looking up their name via an online search engine like Google.
To Sum It Up
We hope you'll avoid being one of the millions that have fallen victim to these scams. If your gut tells you something is wrong, it probably is, so be careful when clicking links and don't rush into anything.