4 tips to avoid phishing attacks

Published at: Nov. 23, 2020

Many crypto owners fall prey to common crypto theft schemes, including phishing traps. How can the average crypto user identify and avoid these attacks to prevent the potential loss of funds?

Know the source

Phishing emails are sometimes successful in their attempts to trick users into downloading programs, clicking on something they shouldn’t, or just linking them to a page where they can enter personal information like their seed phrase.

In July, hardware wallet Ledger reported a data breach that affected the personal data of many of its users, some of whom continue to be the target of phishing attacks. A number of users have reportedly received convincing-looking emails asking them to download a new version of the Ledger software. 

Users were able to identify the con by looking closely at the sender’s email address, ending in “legdersupport.io,” with the “G” and “D” letters switched. Emails arriving at unexpected times stating a user has already been the victim of a scam and requesting information — whether it’s over the phone, email, or through a link — should always be given extra scrutiny.

Authenticity of software updates

In September, an Electrum user reported the loss of nearly $15 million in Bitcoin (BTC) that appeared to be connected to a phishing scam which has been affecting users of the software wallet since 2018.

One of the first reported Electrum attacks — with nearly $1 million stolen — was the result of a user entering private data on a malicious website set up by a hacker. This scam involved a fake wallet update that downloaded malware onto the victims’ devices. When they accessed their wallet, the phony update transferred the entirety of their funds to an address controlled by the scammers.

Though the scam was relatively new two years ago, today a simple Google search or email to the software wallet company could confirm whether a hacker is targeting certain users.

Anti-phishing records often speak for themselves

Fake Google Chrome extensions have tricked many users into giving away the credentials needed to access their wallets. In March, a fraudulent Ledger Live scam extension got away with an estimated 1.4 million XRP — more than $800,000 with the token’s recent surge to $0.58.

However, legitimate companies have been working on ways to limit these attacks for users who rely on web browsers as part of managing their assets. In September, privacy-based browser Brave announced it would be adding anti-phishing solutions from cybersecurity firm PhishFort.

Sharing with the crypto community

Should any user successfully identify and thwart a phishing attack or be the unfortunate victim of one, one method of letting others avoid the same fate is to share their experience through Reddit, Twitter, a personal blog, or even an email to a crypto news publication.

Crypto users can sometimes find information on scammers’ tactics on websites for high-profile targets including Ledger and Trezor, but the pages are often buried deep within troubleshooting FAQ sections.

Spreading the word through social media — while not always reliable — has the potential to provide greater transparency and education in maximizing the security of everyone’s funds.

Tags
Related Posts
5 sneaky tricks crypto phishing scammers used last year: SlowMist
Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and trojan malware spread on messaging app Discord. It comes after the security firm recorded a total of 303 blockchain security incidents in the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to a Jan. 9 SlowMist blockchain security report. Malicious browser bookmarks One of the phishing strategies makes use of bookmark managers, a feature in most modern browsers. SlowMist said scammers have been exploiting these to ultimately gain …
Blockchain / Jan. 10, 2023
Crypto’s recovery requires more aggressive solutions to fraud
It’s hardly an exaggeration to say that our industry is facing tough times. We’ve been in the midst of a “crypto winter” for some time now, with the prices of mainstays, including Bitcoin (BTC) and Ether (ETH), tumbling. Likewise, monthly nonfungible token (NFT) trading volumes have fallen more than 90% since their multibillion dollar peak back in January of this year. Of course, these declines have only been exacerbated by the numerous black swan events rocking the crypto world, such as the FTX and Three Arrows Capital meltdowns. Taken together, it shouldn’t be a surprise that crypto is facing a …
Cryptocurrencies / Dec. 30, 2022
'Haunts me to this day' — Crypto project hacked for $4M in a hotel lobby
The co-founder of Web3 metaverse game engine “Webaverse” has revealed they were victims of a $4 million crypto h after meeting with scammers posing as investors in a hotel lobby in Rome. The bizarre aspect of the story, according to co-founder Ahad Shams, is that the crypto was stolen from a newly set up Trust Wallet and that the hack took place during the meeting at some point. He claims the thieves could not have possibly seen the private key, nor was he connected to a public WiFi network at the time. The thieves were somehow able to gain access …
Nft / Feb. 7, 2023
MetaMask issues scam alert as NameCheap hacker sends unauthorized emails
Popular crypto wallet provider MetaMask warned investors against ongoing phishing attempts by scammers attempting to contact users through NameCheap’s third-party upstream system for emails. On the evening of Feb. 12, web hosting company NameCheap detected the misuse of one of its third-party services for sending some unauthorized emails — which directly targeted MetaMask users. Namecheap described the incident as an "email gateway issue." ⚠️MetaMask does not collect KYC info and will never email you about your account! Do not enter your Secret Recovery Phrase on a website EVER. If you got an email today from MetaMask or Namecheap or anyone …
Blockchain / Feb. 13, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023