Crypto Phishing Scams and How to Avoid Them
One of the easiest ways for hackers to access your cryptocurrency is by phishing. Here are some tips on how you can avoid these common scams.
We've all been there. You're scrolling through your Facebook or Twitter feed when you see a post about a fantastic new cryptocurrency opportunity. They say they've already made a ton of money, and you must click on the link they provide to get started.
But you don't realize that this post is a phishing scam designed to steal your personal information or infect your computer with malware.
Cryptocurrency phishing scams are becoming more and more common, so it's essential to be aware of how they work and what you can do to avoid them.
What is Phishing?
Phishing is a type of online fraud wherein a scammer attempts to trick you into revealing personal information or installing malware on your computer through social engineering. Phishing scams can take many different forms, but they all have one goal: to steal your data.
Phishing comes from leetspeak, a form of online slang in which letters are replaced with numbers or other characters. Examples of leetspeak include "ph" replacing "f," the number "5" replacing "s," and most notably, the ampersand (@) replacing the letter "a." Phishing is thought to have originated on an AOL message board sometime in the 90s, and the term has stuck ever since.
Types of Phishing
As technology progresses, phishing only grows more sophisticated. While this is not an exhaustive list by any means, here are some of the most common types of phishing scams:
- Email Phishing — Email phishing is by far the most common type of phishing scam. In an email phishing scam, you will receive an email that appears to be from a legitimate source, such as a financial institution, online retailer, or even a government agency. The email will often trick you into clicking on a link or downloading an attachment that will either infect your computer with malware or redirect you to a fake website where you will be prompted to enter personal information.
- SMS Phishing (Smishing) — With the rise of smartphones, phishers have also started targeting mobile users with a type of phishing called smishing. In a smishing scam, you will receive a text message that appears to be from a legitimate source, such as your bank or delivery service. The message will often trick you into clicking on a link redirecting you to a fake website where you will be prompted to enter personal information.
- Voice Phishing (Vishing) — Vishing is a type of phishing that uses voice calls or voicemails instead of text messages or emails. In a vishing scam, you will receive a call or voicemail from someone claiming to be from a legitimate source, such as your bank or credit card company. The caller will often try to trick you into giving them personal information or even transferring money to their account.
How Phishers Get Your Crypto
While crypto liberates us from the traditional banking system, it also makes us more vulnerable to phishing scams. After all, crypto lives online, accessible to anyone with an internet connection. That access gifts humanity with great boons but also makes us more susceptible to online fraud.
There are a few different ways phishers can get their hands on your crypto:
- "Send Bitcoin, Receive More in Return" — This phishing scam is pretty straightforward and most popular on Twitter. The phisher will often pose as a well-known figure in the crypto world and tweet that they are giving away free crypto. For example, a phisher will pose as Elon Musk and tweet that he is giving away free Bitcoin to anyone who sends him a certain amount of BTC. Of course, the phisher keeps any crypto forwarded to them, leaving the victim with nothing. You'd be surprised how successful this type of scam can be. Things get more convincing when a hacker gets access to a real account (doesn't just pose as one) and tweets out the same message.
- "Double Your Crypto in 24 Hours" — This phishing scam is similar to the "send Bitcoin, receive more in return" scam, but with a twist. The phisher will claim to be running a crypto-doubling service and promise to double any crypto you send to their wallet address. These phishers often pose as expert crypto traders or run a well-known crypto website or service. Again, the phisher keeps any crypto sent to them, leaving the victim with nothing.
- "Get a Free Airdrop!" — Airdrops are when a crypto project gives away free tokens or coins to generate buzz and interest in their project. While airdrops can be legitimate, phishers have also used them to scam people out of their crypto. Phishers will create fake airdrop websites and promote them on social media, tricking people into sending them their private keys or seed phrases to "claim" their airdrop. Of course, if the phisher gets access to your private keys, they can access all your crypto.
- "Man-in-the-Middle Attack" — This phishing scam is slightly more technical but still reasonably common. In a man-in-the-middle attack, the phisher will intercept communications between you and a website or service. In this scenario, you'd likely use an insecure WiFi network at a coffee shop or airport. The phisher can set up their own fake WiFi network that looks identical to the real one. Then, when you connect to the phisher's network, they can intercept and redirect any traffic to a fake website that looks identical to the real one. It's a highly technical but supremely effective phishing scam.
How to Avoid Crypto Phishing Scams
The best way to avoid phishing scams is to be proactive and educate yourself on what they are and how they work. So by reading this blog, you're off to a great start. Here are a few more tips to avoid phishing scams:
- The most important, most effective way to protect your crypto is to never, ever, EVER give your private keys or seed phrase to anyone. No one. Not even a close friend or family member. Ever. If someone has your private keys, they have full access to your crypto. We can't repeat this enough.
- Use best personal security practices. That means using strong, unique passwords for every online account, enabling two-factor authentication when available, and being vigilant about phishing emails and websites.
- Don't click on links in emails or DMs from people you don't know. If someone you don't know sends you a link, even if it looks legitimate, don't click on it. Phishers are getting increasingly sophisticated and can make fake websites that look identical to the real thing. The only way to be sure you're not on a phishing website is to type in the URL yourself.
- Be extra careful on social media. Social media is a phisher's paradise. They can pose as anyone they want and reach thousands, if not millions, of people with phishing scams. Do your due diligence and triple-check social media accounts, even if they look legitimate. A rule of thumb — most crypto companies, will never reach out to you first on social media. If someone from a crypto company contacts you on social media, be very suspicious and do your research before engaging.
The most obvious rule is probably the most forgotten: if it sounds too good to be true, it probably is. This rule applies to not just phishing scams but to pretty much everything in life. Be very skeptical of anything that promises you free or easy money.
You can protect your crypto and keep your hard-earned money safe by staying vigilant and educating yourself on phishing scams.