Phishing is used to swindle money from unsuspecting victims. It is executed by hackers and although cryptocurrencies offer greater protection than fiat money, losses can occur.
Phishing is a type of cyber attack in which a malicious actor poses as a reputable entity or company to trick people and collect their sensitive information, such as credit card details, usernames, passwords, etc.
Typically, phishing attacks use fraudulent emails that convince the user to enter sensitive information on a fraudulent website.
While the overall goal is simply to swindle money from unsuspecting victims, the fact that these tactics are executed by tech-savvy hackers means they are increasingly being used to steal digital assets.
Cryptocurrency phishing
Phishing attacks are also being used against cryptocurrencies, where malicious actors attempt to steal Bitcoin or other digital currencies from users.
An attacker can do this by spoofing a real website and changing the wallet address to their own, giving users the impression that they are paying for a legitimate service when, in reality, their money is being stolen.
In the world of cryptoassets it is very common to use emails and text messages pretending to be from hardware wallet providers, or even cryptocurrency exchange platforms, attempt to induce the recipient to “update” their seed phrase or change their password, after which the thief can steal the login credentials and empty the wallet in question.
What are the types of phishing?
Clone phishing:
The attacker will use a previously sent legitimate email and copy its contents into a similar one containing a link to a malicious site. The attacker could then claim that this is an updated or new link, perhaps indicating that the previous one has expired.
Spear phishing:
This type of attack focuses on a person or institution, usually recognized by others. A Spear attack is more sophisticated than other types of phishing because it is profiled. This means that the attacker first collects information about the victim, then uses a message to convince the victim to visit a malicious website or download a malicious file.
Pharming:
The attacker will poison a DNS record (domain or name that we know of a page) which, in practice, will redirect visitors from a legitimate website to a fraudulent one that the attacker has made beforehand.
Whaling:
Aimed at wealthy and important people, such as CEOs and government officials.
Email Spoofing:
Website redirects:
They send users to different URLs that the user intends to visit, they seek to install malware on users’ computers.
Identity theft and sweepstakes:
Impersonating influential figures on social networks is another technique employed in phishing schemes, they may advertise sweepstakes or engage in other deceptive practices. Victims are more likely to interact and provide personal information to seemingly influential figures, creating an opportunity for phishers to exploit their information.
Announcements:
These paid (fake) ads use domains that attackers have typed and paid to have boosted search results. The sites may even appear as a top search result in searches for legitimate companies or services.
Malicious applications:
They can use malicious applications as a vector to inject malware that controls their behavior or steals confidential information.
How to protect yourself against cryptocurrency phishing
- The first thing to keep in mind is that nowhere do they give money without getting anything in return. If they promise free cryptocurrencies, it is most likely a scam.
- Always check each link with caution. Avoid clicking on messages from Internet services, instead, type the address of the service in the address bar of your browser.
- Configure privacy settings to avoid fraudulent strategies on Facebook.
- Use an antivirus with special protection.
- Beware if the email has alarmist language to create a sense of urgency, urging you to click and “act now” before your account is deleted. Remember, responsible organizations do not solicit personal details over the Internet.
- Messages containing unexpected or strange attachments. These attachments may contain malware, ransomware or some other online threat.
- Do not click on a link in an email unless you know exactly where it takes you.
- If you are asked to provide sensitive information, check that the page URL begins with “HTTPS” instead of simply “HTTP”. The “S” stands for “secure.” It is not a guarantee that a site is legitimate, but most legitimate sites use HTTPS because it is more secure.
- If you suspect an email is not legitimate, select a name or part of the message text and run it through a search engine to see if there are any known phishing attacks using the same methods.
- Do not share your private cryptocurrency wallet keys.
11. The best recommendation to avoid becoming a victim of this type of scam is to learn the urls you use most frequently, since the alteration is usually minimal, for example:
The original is https://www.bixxus.com the altered one could be https://www.bix.xus.com or https://www.bixus.com.
Therefore, stay alert and be aware of any suspicious activity, Phishing is one of the most common cyber modalities, so it is best to always be cautious before handing over personal data and passwords.
