Phishing is based on a simple principle: it uses malicious websites disguised as legitimate links of well-known services. Phishing scammers’ goal is to learn a login and password of your cryptocurrency wallet or the private key to get access to your assets.
There are several basic forms of phishing, and you simply must know how to identify them if you are serious about the safety of your crypto coins.
Letters from technical support team
A scammer steals someone’s private details by pretending to be an official representative of a company. They send victims letters from a “technical support specialist” containing a link to a fake site, be it a crypto wallet or an exchange, that is very similar to the original one. Such letters may contain some security alert messages, for instance, a request to change your account settings to fix a security issue.
You can tell the site is a fake one, because its name is slightly different from the original one. For instance, it could be myetherwallt.com instead of myetherwallEt.com. But when receiving such letters, people often fail to notice these minor differences. As a result, they click on the link, find themselves on a fake site and enter their logins and passwords, while scammers get access to their crypto wallets and crypto coins.
Scammers invest a lot into the website design and, even more, into promoting their sites and making them climb to the top of search engine results. For instance, blocklchain.info site was ranked higher than the original site even by Google search engine for some time.
Letters of award
Scammers like to play with our emotions. The easiest thing to make a person do what you want is to make them feel emotionally overwhelmed. So a person learns that they will be awarded a bonus for, let’s say, their loyalty to a certain cryptocurrency platform. To make their scam seem more realistic, fraudsters list all conditions of the award in detail, for instance, offering 0.1ETH for each 10ETH on the account. A happy user clicks on the link, visits the fake site, enters their login and password and loses all their money.
Such scams could work even for professional investors. It is not surprising, as airdrops are not a rare thing among developers.
Scammers announce that holders of a certain cryptocurrency will receive a certain amount of other tokens for free.
Last year users of cryptocurrency platform Raiden received an email with an offer to get RDN bonus tokens if they had a certain amount of ETH on their accounts. The Raiden Network is an infrastructure layer on top of the Ethereum blockchain, so the offer did not look suspicious for many.
Users were asked to visit the Raiden site, enter the address of their Ethereum wallet and the current amount of ETH and RDN. Unfortunately, many users failed to notice that instead of raiden.network.com they found themselves on raiden-network.com created by scammers.
Try these if you do not want to lose your money in a phishing scam:
- Use special plugins that help spot fake websites, like MetaMask and EAL
- Don’t be lazy! Check if the website address in the letter matches the real one
- Enter your account only through the main site
- Check if there is an official announcement containing information specified in the letter on
the official site or contact the technical support team
- And do not share your passwords and private keys with anyone
Take care of your tokens and good luck in trading!