Phishing scams have been around for as long as the internet itself. They are one of the most common types of online scams, and they can be very costly for victims. Crypto holders are not immune to this kind of scam. In this article, we will discuss what phishing is, how to recognise it, and how to protect yourself from these scams.
What is phishing?
Phishing is a type of online scam where scammers pose as a trusted entity to try and trick people into revealing sensitive information. This information can be anything from passwords to credit card details or, in the case of cryptocurrency, wallet keys, or exchange logins.
The phisher may use any number of methods to try and get this information, including email, social media, or even phone calls. Once they have your information, they can use it to steal your money or commit identity theft.
Some of the most common examples of phishing include:
- Emails purporting to be from a trusted institution, such as a bank or cryptocurrency exchange, that ask you to click on a malicious link or download an attachment. These links and attachments often contain malware that can steal your information.
- Social media messages from fake accounts that look like they belong to friends or family members. These messages may ask you to click on a link or download an attachment.
- Phone calls from someone claiming to be from a trusted institution, such as a bank or government agency. They may try to get you to reveal sensitive information over the phone.
One of the earliest and most well-known email phishing scams was the “Love Bug”. This was a phishing email that claimed to be from a romantic interest that started circulating in 2000. It was simply titled ‘ILOVEYOU’ and claimed to include an attached love letter, but actually contained a virus that would attack the user’s files and send the same scam email to all the user’s contacts.
The different types of phishing attacks
Phishing attacks take many different forms, and crypto scammers are constantly coming up with new ways to phish people. Some common types of phishing include:
Since late 2021, phishing in the form of redirect links has been on the rise. This scam, like many, uses email with the purpose of stealing login details.
A scammer will send an email that, to an untrained eye, may look legitimate. It will ask users to click on a link that appears convincing. From there, the user will be brought to a phishing website that looks like the login page for their email, social media, or cryptocurrency exchange.
Once on this phishing site, the scammers just need the user to enter their login information. Upon entering their password this page will usually then time out, but in sophisticated scams may even redirect to the legitimate site.
Advertisements are a common way for phishers to reach their victims. They will often create fake ads that look like they are from a legitimate company or website. When you click on the ad, you will be taken to a fake website.
Did You Know?
Meta is being taken to court over allowing the placement of fake ads featuring notable Australian businessmen and figures supposedly promoting a cryptocurrency investment. These ads led to a fake article, encouraging investment in the project. The project has been revealed as a scam, with many victims of this phishing attack losing hundreds of thousands of dollars.
Spear phishing attacks are a type of phishing that is targeted at a specific individual or organisation. This can be done by finding information about the target online, such as their job title, the name of their company, or even personal details like their home address.
Once the scammer has this information, they will use it to create a phishing email that looks like it is from a trusted source. For example, they may pose as someone from the target’s company or as a customer of the target’s company.
Clone phishing is a type of phishing attempt where the scammer creates an identical copy of a legitimate email that has been sent previously. They will then replace any links in the email with their own malicious links.
When the victim receives this cloned email and clicks on the link, they will be taken to a phishing website where their sensitive data can be stolen.
Whaling is a type of phishing that targets high-profile individuals or organisations. The term “whale” is used to refer to these targets, as they are considered to be a big catch for the scammer.
Scammers will often do extensive research on their target before attempting to phish them. This research may include looking for information about their work, family, or hobbies. Once the scammer has this information, they will use it to create a personalised phishing email that looks like it is from a trusted source.
Important To Remember
It’s not uncommon to think that more well-established individuals aren’t prone to these sorts of phishing traps. This is not the case. In 2020 the co-founder of a successful Australian hedge fund fell victim to an attack that lost them nearly $1 million in fake invoices, along with plenty of reputational damage.
Impersonations and giveaways
Another common type of phishing is impersonation. This is where the scammer will pose as a famous individual or organization in order to gain the trust of crypto investors. They may do this by setting up fake social media accounts or creating websites that look like they are from a credible organisation or entity.
Scammers will often use impersonations to run giveaways. They may send phishing messages, promising their victims free money or cryptocurrency if they send them a small amount of cryptocurrency first. Of course, once the victim sends the cryptocurrency, they will never receive anything in return.
Americans lost a combined $80 million USD (over $114 million AUD) in cryptocurrency to celebrity impersonators on Twitter between 2019-2020. These crypto scams claimed if you sent money to a wallet address, it would be sent back double as a way of “giving back to the community”.
Malicious applications, or malware, are another way that scammers can phish their victims. They will create fake applications that look like they are from a genuine source, such as a cryptocurrency exchange.
When the victim downloads and runs these applications, they will be asked to enter their login information. Once the scammer has this information, they may be able to access the victim’s account and steal their cryptocurrency.
Text and voice phishing
Text and voice phishing, also known as “smishing”, is a type of phishing that uses text messages or phone calls instead of emails.
Scammers will often pose as a customer service representative from a legitimate company in order to gain the trust of their unsuspecting victims. They may then ask for personal information such as login details or account numbers.
Phishing vs Pharming
Phishing is often commonly mistaken for pharming. While there are some similarities these two types of scams are different. With phishing, the attacker uses social engineering to lure their target to a malicious website without the user’s knowledge.
Pharming also involves acquiring private information and account details but does it by poisoning a DNS server or cache so that when an unsuspecting user goes to visit a legitimate website, they are instead redirected to a malicious one. This is often done by installing malware on the user’s computer.
Phishing red flags
As scammers become more sophisticated it is more important than ever to do your due diligence. There are some warning signs you can look out for, but when in doubt always err on the side of caution.
Too good to be true
If an offer or prize sounds too good to be true, then it probably is. Be especially wary of any offers that require you to send cryptocurrency first.
Offers that seem highly appealing are often used in a number of different cryptocurrency scams, such as Ponzi schemes, and should usually be regarded with a degree of scepticism.
Poor grammar and spelling
Scammers often have poor grammar and spelling in their phishing emails. If multiple grammatical or spelling errors are present in a single communication, beware.
Unusual sender address
The sender’s address is one of the easiest ways to spot a phishing email. Scammers will often use addresses that are similar to, but not exactly the same as, a legitimate address. For example, they may use an address that is one letter off from the real address.
When you hover your mouse over a hyperlink in an email, a pop-up window should appear that shows you the URL that the link will take you to. If this URL is different from the text of the hyperlink, then it may be a phishing email.
Scammers will often include attachments in their phishing emails. These attachments may be malicious applications that will install malware on your computer.
A sense of urgency
Scammers will often try to create a sense of urgency in their phishing emails. They may do this by saying that your account will be closed unless you take action immediately, or that to reverse a charge you need to act right away.
How to prevent phishing
There are some steps you can take to protect yourself from phishing scams.
Double-check the content
When you receive an email, text message, or phone call from a company or institution, take a moment to double-check the content. Make sure that it is not a phishing scam by checking for any of the red flags listed above.
Verify the URL
When you click on a hyperlink in an email, make sure that the URL that appears is the same as the text of the hyperlink. If it is not, do not proceed. Similarly, if the link isn’t the same as the company’s official website, don’t click on it.
Be cautious with attachments
Do not open any attachments that come from an unknown sender. If you must open an attachment, make sure to scan it for viruses first.
Even if it comes from a familiar source, check for the red flags above. As tempting as it may be to open that attachment from your boss or co-worker, resist the urge. Malicious attachments can be difficult to spot.
Use two-factor authentication
When available, always use two-factor authentication. This adds an extra layer of security to your account by requiring you to enter a code that is sent to your phone in addition to your password.
In instances where access to the account is the primary goal, this will help mitigate any damage the scammer could do and allow you time to change your login credentials.
Never share your private keys
Never share your private keys with anyone. Your private keys are the only way to access your cryptocurrency wallets. If you lose them, there is no way to recover them.
Phishing scams are one of the most common crypto scams. They can be difficult to spot, but if you know what to look for then phishing attempts are easier to avoid. By taking some simple precautions, you can protect yourself from phishing scams and other types of crypto fraud.
Look out for red flags such as poor grammar, unusual sender addresses, and hyperlinks that don’t match the text. If you’re ever in doubt, don’t hesitate to reach out to the company or institution directly to verify the communication. And always use two-factor authentication when it’s available.
Hopefully, these tips will help you navigate the world of cryptocurrency more securely and confidently.