There’s a pandemic in the cryptocurrency world, and it’s not Covid-19.
It’s phishing scams.
As the crypto bull run charges upward, so too, does the number of phishing scams aiming to steal your precious coins and tokens.
If you’re HODLing or considering investing in some promising cryptocurrencies, you must beware of Cryptocurrency Phishing. This is a common and ever-growing problem that is plaguing the entire planet. We will go over the basics of this particular scam, as well as give you some basic rules on how to protect yourself from it.
Cryptocurrency Phishing starts with forgery. The key to running a credential-stealing phishing scam is creating an exact replica of a secure website that’s good enough to fool most people, or even just some people. With the classiest fakes, every link goes to the real site. Well, every link except the one that submits your username and password to the perpetrators. As icing on the cake, the fraudsters may try to create a URL that looks at least a little bit legitimate. Instead of paypal.com, perhaps paypa1.com, or paypal.security.co.
The fraudsters are ALWAYS going to try to make you think you’re entering your information at the genuine site, but – like counterfeit money – it only looks real. Instead of entering your password, date of birth, and social security number into the form at your bank’s website, you’d be entering that data into a site that looks identical to your bank’s website, but is actually a site set up by the scammers.
The same holds true for entering your password logging into your favorite crypto exchange or wallet.
If you want to protect yourself against these scams, there are a few rules that you must do.
- Never violate these rules! Ever! Never-Ever! NEVER-EVER!
- Never click a link from inside an email. Trojans and Malware could be just on the other side of that click. If you get an email from your financial institution claiming that security has been breached and you need to update your password or other information, direct navigate to your financial institution and do not EVER click the link in the email.
- Make sure that the website you visit offers a secure checkout process. Secure checkout ensures that only people authorized by the website can access your information. The “HTTP” communications system used for basic internet communication is a holdover from the early days of the world wide web. It’s not secure, because at the time there was no commerce done online. Well, the bad folks are here, and the only sensible way to connect is using the secure “HTTPS” protocol. Web browsers show a lock icon for HTTPS pages. Chrome takes a step beyond, actively marking HTTP sites “Not secure.” You should never enter any sensitive information into any site that doesn’t use HTTPS.
- If you have even the slightest gut feeling that something might be amiss, contact the website or institution directly and ask. Simple as that. Got an email from Ledger saying you need to update the software? DON’T CLICK THE LINK! Instead direct navigate to Ledger and check the FAQs. If you see nothing about an update, submit a support ticket.
- Go back and memorize these 4 rules, and make it a habit to always follow them.
Remember, Phishing is a method used to compromise the computers of and steal sensitive information from individuals by pretending to be an email from or the website of a trusted organization. For example, a person receives an email that appears to be from the recipient’s bank requesting that recipient verify certain information on a web form that mimics – and looks exactly like – the bank’s website. When captured by the hackers, the personal data allows them access to the recipient’s banking information. Alternatively, the web-link may contain malicious code to compromise the target’s computer. One of the things that makes phishing attacks tricky is that they can be distributed by compromising the email address books of compromised computers. So the phishing email you receive may appear to have been sent by a known and trusted source.
A subset and highly effective form of phishing attack is a spear-phishing attack in which a hacker will research an intended target and include details in an email that makes the email seem more credible. The details may, for example, reference a corporate social event from the previous month that was published on a public website. It can be exceedingly difficult to protect against these kinds of attacks as demonstrated by the notable and extremely costly breaches of sensitive information by Target, Home Depot, and other well known firms.
As the value of your crypto investments goes up, so too does the size of the prize for the scammers. The bigger the reward, the harder they’ll try to get it.
Use your best judgement and be safe out there.