The history of phishing scams on the internet predates the development of blockchain technology and the emergence of the cryptocurrency market. The first documented phishing attack occurred back in the mid-’90s. However, as users pour into the space in droves to profit from these new digital assets, this has created a new arena for opportunistic cybercriminals to use phishing scams as a method of attack.
In the cryptosphere, terms like “spear phishing,” “DNS hijacking,” “phishing bots,” and “fake browser extensions” are all too common. Therefore, it is crucial to know standard phishing techniques and ways to spot phishing to protect assets from this prevalent scam in the crypto space.
What is crypto phishing?
Before delving into the most common phishing techniques used in crypto, it is critical to understand what phishing is and what this scam seeks to exploit in the crypto ecosystem.
The overarching goal of phishing revolves around duping unsuspecting victims of their money or confidential information. In crypto, phishing involves tricking victims into surrendering their private key information or login credentials to their personal crypto wallets. To gain the victim’s trust, the attacker typically assumes the identity of a trustworthy entity or person. After successfully deceiving the victim, the attacker uses their personal information to obtain cryptocurrency funds.
Crypto phishing attacks typically involve the attacker disguising themselves as a trustworthy source (such as the administrators of the victim’s cryptocurrency wallets or exchanges) and sending unwitting victims emails or messages containing malicious links. These messages’ links redirect to fake websites or platforms that closely resemble the appearance of genuine ones.
Phishing emails and messages frequently share similar traits; they urge the recipient to act quickly while arousing emotions like fear, curiosity, and greed. For instance, the message might assert that the victim’s crypto exchange account has a problem and that they need to log in with their user credentials to fix it. Other attackers may use giveaways or airdrops to persuade their target to enter their personal credentials.
Due to the permissionless, trustless, and pseudonymous nature of cryptocurrencies and the large number of inexperienced crypto hodlers, hackers see the crypto sector as a secure base to conduct their illicit activities. Fortunately, for crypto holders, common phishing scams that are rampant in the space, as well as the ways to spot a potential phishing attack are being discussed in the community. Therefore, it is vital for all crypto sapiens to understand the scam in its entirety.
Common crypto phishing scams
Spear phishing is a deliberate attack on a specific person or organization. In the case of spear phishing, familiarity helps make it effective. The phisher or attacker has prior knowledge about their target (either through collating information through social media platforms or direct association with the potential target) and will use this to personalize the phishing email to appear genuine. As a result, spear phishing can frequently target large organizations because the source of the email is likely to be someone within the recipient’s own company.
DNS hijacking, also known as DNS redirection, is a more complex phishing tactic that is no longer a novel spoofing technique. By intercepting communication between a user and a DNS server, the attackers hijack genuine websites and reroute users to an illegitimate, malicious website disguised as the seized website. Last year, two DeFi projects built on the Binance Smart Chain, Cream Finance and PancakeSwap, were victims of this type of spoofing attack, which rendered the actual websites inoperable and deceived users into entering their seed phrases.
A phishing bot is an automated phishing attack designed by computer programs. The use of phishing bots in cryptocurrency aims at compromising users’ valuable seed phrases. These bots also send spoofed messages to prominent online platforms where users frequently interact, such as Twitter, Discord, and Reddit. Phishing bots send out massive volumes of phishing emails, create fake websites, and host them on servers.
Last year, the popular crypto wallet, MetaMask, was attacked by a phishing bot on Twitter that prompted unwary users to enter their seed phrases on google docs.
Fake browser extensions
Crypto users are accustomed to using browser extensions to store their cryptocurrency, communicate with a range of decentralized applications (DApps), and interact with the Web3 ecosystem as a whole.
Unfortunately, while browser wallet extensions provide flexibility to cryptocurrency users, they have also proven to be an easy target for attackers. Phishing emails or malicious websites are commonly used to spread fake browser extensions. The extensions aim to obtain sensitive data such as seed phrases and private keys.
Ledger’s popular hardware wallet appeared in the spotlight last year as its proprietary application (ledger live) was vulnerable to this scam. The false ledger live application appeared in the Chrome Web Store, and the malicious extension used Google Ads to create a further degree of false credibility.
Ways to identify phishing scams
As previously stated, phishers will go to considerable lengths to ensure that the fake dangerous website closely mimics the genuine website. However, fine details on these fraudulent sites can be a dead giveaway for users aware of phishing scams. As a result, users must become completely acquainted with the platform on which they perform crypto transactions regularly. Users can then tell when something is wrong with the website.
Grammatical errors and salutation inconsistencies
Grammar mistakes are a typical feature of phishing emails. Therefore, reading the entire email or message and checking for grammatical errors is essential.
Another telltale sign of a phishing scam is when the message or mail uses a greeting or salutation different from what has been used in other communications from the source.
Emails or messages with attachments should always be viewed with suspicion, particularly if they have an unfamiliar file extension or are associated with malware (.zip,.exe,.scr). Additionally, phishers frequently employ shortened URLs or embedded hyperlinks that conceal the actual destination website. These links must not be clicked; instead, hovering over them reveals the hidden URL, which can be used to confirm their validity.
Public email addresses
Phishers frequently contact potential targets using public email addresses, such as Gmail, because creating a fake email using a public domain is more accessible than a corporate domain. Therefore, it is best to be wary of communications from what appears to be an official source but arrives from a public email address.
Emails requesting login credentials, payment, or rewarding links
Communications urging individuals demanding immediate action from recipients to either claim a reward or fix a problem with their account by entering login information are often phishing scams. Attackers typically use this tactic to force recipients to react before they can study the email for errors or discrepancies.
While the Web3 ecosystem and underlying technologies that power this industry promote security for the future digital economy. Manipulation is humans’ kryptonite, which is why phishing remains a common attack vector. Therefore, apart from understanding how different phishing scams operate, taking necessary safety precautions to protect your crypto wealth from this common scam is vital. Some of the general rules to abide by to protect your funds include:
- Never open links or download files from an unknown source that claims to be a legitimate person or an organization.
- Bookmark the URLs of wallets, exchanges, and other relevant services.
- Use two-factor authentication
- Double-check crypto wallet extensions, and don’t rely on web stores to thoroughly assess the platforms they offer. Alternatively, download the wallet extension from its official website.
- Use a reputable cryptocurrency exchange and wallet.
- Learn about offline crypto wallets and storage options.