The phishing scam involves tricking people into thinking they are being contacted by a legitimate entity in an effort to get them to hand over their money or other personal information. It only makes sense that in the crypto world, phishing involves getting victims to turn over their personal information, private keys, or anything else that might give a hacker access to their crypto wallet.
The attacker usually acts like they’re trustworthy in some way by posing as a government or commercial entity or as someone you may know. Once you’ve given up your personal information, the attacker uses that information to steal your crypto.
Cyber attacks continue to become more sophisticated over time, so targeting crypto platforms, users’ wallets, or initial coin offerings (ICOs) is pretty common.
It all starts with a simple email. The email looks like it’s from a legitimate source. It could be a platform you already use or the company that holds your wallet. The email almost always contains a clickable link to a fake website. The problem is, the URL and the website look nearly identical to the real one.
All it takes is clicking the link and entering your login information for the attacker to save those keystrokes and obtain access to your real account. And they send these emails out in large quantities, so someone is sure to fall victim. They’re counting on a small percentage of recipients to be tricked into thinking it’s real.
These mass emails appeal to your sense of fear and urgency by claiming there’s been suspicious activity or a problem with your account. Some will even entice you by offering a fake airdrop if you log in right away.
Because the links and websites in these emails look so much like the real thing, they can be hard to spot, but there are some things you can look out for to make sure it’s legitimate before you click.
This is a big one for all scams, not just phishing! If you notice an abundance of spelling errors, typos, incorrect grammar, or lack of punctuation, you can be sure it’s not legit.
Attackers are in a hurry to send these emails out, and they don’t take a lot of time to proofread. In many cases, the language they’re using isn’t their first one, so they’re not always fluent.
Everyone makes mistakes, and it’s possible that a legitimate crypto company may have missed a thing or two, but they’re going to be more diligent about ensuring accuracy. If you see more mistakes than you feel comfortable with, it’s probably a scam.
While we’re on the subject of content, another way to spot these emails is by diving into the details. If you regularly get emails from a real company, check to see if the style or tone of the email matches.
You may even find some inconsistencies between words and images. If they ask you to log into your account to confirm your details but the button says “Click Here to Sign Up”, you should probably be suspicious.
If there’s any type of misalignment, it’s probably not real.
If you’re receiving a real email from a well-known crypto platform, you can expect to see the recipient’s email address ending in platformname.com. However, it’s much easier to create a fake email address using a public domain like Gmail. If you see an email from firstname.lastname@example.org, steer clear!
There are a few different types of phishing attacks that target the crypto space. We don’t have time to cover them all, but here are some of the most common.
Attackers create crypto malware that infects your computer when you attempt to log in as usual to your wallet or crypto platform. It infects your files and requires a ransom payment to decrypt them again.
However, you can’t get this malware from a legitimate crypto site. It only comes from malicious websites, phishing emails, or fake browser extensions.
This type of phishing scam involves infecting the DNS server of a legitimate website in order to redirect users to a fake website. Even if you do type in the correct address, you’ll be redirected to a website that is not real. Unfortunately, it looks nearly identical, and as you enter your information, it’s being stolen.
These are more difficult to spot and are more likely to happen to you, even if you do intend to go to the correct website, making them a bit more dangerous than the aforementioned crypto malware attack.
In this phishing attack, hackers target public Wi-Fi networks by setting up a network of the same name as the legitimate network. When you connect to the network and surf the web as usual or log into your accounts, you’re prompted to enter your credentials, at which point the attackers gain access to your accounts.
This, among many other reasons, is why you should never be logging into your personal accounts while using a public network.
The ice phishing scam is a pretty enticing one, which makes it easy to fall victim to it. An attacker sends a fake transaction, prompting you to sign in. Who doesn’t want more crypto? That’s the idea!
Victims get excited about the potential deposit into their account and click the link to log in with their private key. Too bad the transaction was fake, there is no crypto, and now your information is compromised.
So here’s the real deal. How do you avoid these scams altogether? The most important thing is to be vigilant. Protect your crypto at all costs and pay attention to what you’re doing. Here are some other proactive things you can do:
We get it. It’s not always easy. Luckily, there are fast, simple, and convenient Bitcoin ATMs (BTMs) out there that you use to purchase Bitcoin. Look for a Bitcoin Depot BTM near you and add some Bitcoin to your wallet today!