How to Avoid Falling Victim to Crypto Phishing Scams
Learn what crypto phishing scams are and how you can protect yourself (and your digital assets) against them.
Phishing scams are one of the most popular ways cybercriminals try to get their hands on your crypto. Read on to learn what phishing scams are, how they work, and you can protect yourself.
What Are Phishing Scams?
Phishing scams involve a cybercriminal imitating or faking affiliation with a trustworthy entity to obtain your personal information for fraud or to trick you into sending them funds.
Phishers send emails pretending to be from a service you trust.
Some pretend to be moderators of trustworthy groups in messaging app, such as Telegram or Discord, while others may create a fake Facebook page or website imitating a product or service.
Although scammers are present in all industries, the crypto world is a ripe playground as many inexperienced individuals are exploring the new space.
So, let’s have a look at the most common crypto phishing scams you need to be aware of.
Popular Phishing Scams Targeting Crypto Users
Here are the layouts of popular phishing scam methods.
This is the most common phishing scam since it’s the easiest to deploy.
All that an email phishing scammer needs is a mailing client that emails many at once, fake stories to lure victims, and a list of potential victims.
Despite the simplicity, these scams vary in the story told.
Examples of what a phisher may falsely claim:
There’s suspicious activity on your account that needs to be verified.
There’s a crypto giveaway or airdrop that you are eligible for.
There’s a security vulnerability on your account.
The phisher needs you to believe they are contacting you from the service they are claiming to be.
Phishers demand you address their false claims using a method they present. Their email links lead you to pages requesting personal information that will compromise your funds or malware that installs itself on your device.
Prevent Email Phishing by:
Confirming the sender of an email is who you think it is.
Setting up an anti-phishing code on crypto services you use.
Never giving away sensitive information via email.
Carefully check the sender’s email address by clicking on their name. It must match the official email addresses of a service you use. Otherwise, it’s a scammer communicating with you.
Some crypto services have started to offer an **anti-phishing code. This code is a dedicated password typically displayed on all email communication from the service. So when you receive an email from a crypto service where you have set up an anti-phishing code, you will know that the communication you receive in your inbox is authentic.
Since it’s possible for cybercriminals to engage in email spoofing, which involves sending an email to you that looks like it is from an authentic service, it’s essential to avoid handing over any sensitive information, such as passwords or recovery keys, via email.
Phishing websites mimic the look and feel of a legitimate business. They often make false claims of being affiliated with a trustworthy entity or service.
You can arrive at fake websites through:
An ad imitating a genuine website.
A phishing email that links to a phishing website.
Links in your social media or text messages.
For example, if you search ‘Trust Wallet,’ you could see an ad at the top of the results pretending to be from us, but it actually leads you to an imitating website. If you enter personal information on such sites, your security will be compromised.
Prevent Falling Victim to Fake Websites by:
Confirming the website URL is the correct one.
Avoiding links unless you have verified the sender.
Links don’t always display the URL they’re linking to. The link examplelink.com, for example, goes to trustwallet.com and not examplelink.com.
No two websites can ever have the same URL. Phishers hope to get around this by making their fake website’s URL very similar to the real service.
Examples of how they could achieve URL similarity:
replacing the letter O with a zero, e.g., duckduckg0.com instead of duckduckgo.com
by omitting a period in the URL, e.g., ssoduckduckgo.com instead of sso.duckduckgo.com.
Only use URLs from official sources. You could also use databases that list known phishing URLs and point you to legitimate ones. One such database is cryptoscamdb.org.
What’s more, make sure to look out for the part of the URL after the .com (or .io, or .finance, etc.) to ensure that the domain is legitimate. For those of us who read from left to right, it’s easy to just quickly check that the ABC.com part is correct without looking at the rest of the domain. In the case of the Trust Wallet phishing site, http://trustwallet.com.erc20-tokens-gift.com, which appears a while ago, you could have fallen victim to a phishing scam if you had not thoroughly inspected the full URL.
Fake Social Media Profiles
Fake social media pages work similarly to fake websites. You’ll typically find these as Facebook pages or Telegram groups imitating to be a group or service you trust.
Prevent Falling Victim to Fake Social Media Pages by:
Using social media profiles from official sources.
Verifying the profile or page you’re using has the correct name.
If a service already has a profile on a social media platform, then the phisher may still make one imitating the service. They would do this by altering the name slightly, just like altering the URL for a fake website.
Fake Wallet App
Typically, it takes a large amount of time to develop an app, even one that’s just an imitation. However, the open-source nature of most crypto software makes this easier.
A scammer can take a wallet like Trust Wallet, clone the publicly available code and make the changes their fraud requires. This results in a wallet similar to a legitimate one, except it’s meant to steal any funds deposited.
Many fake wallets have made their presence on the Android and Apple app stores.
Prevent Falling Victim to Fake Wallets By:
Navigating to the app download page through official sources.
Considering the app reviews, ratings, and release date.
For example, instead of searching ‘Trust Wallet’ on the App or Play Store, use the official website to download the app.
Quickly going over an app can reveal suspicious details if it’s a phishing scam. The release date may not make sense, and there may be bad reviews and ratings warning you of the awaiting danger.
Identifying Phishing Attempts: What to Look For
Experienced crypto users tend to recognize scams immediately. As a result, phishers often prey on crypto newcomers. Look out for the following things to identify crypto phishing scams.
Is a get-rich-quick scheme being offered?
Inexperienced users inspired by the rise of bitcoin may not know this, but any service offering high returns in a small time frame will most likely be a scam.
Are funds or personal information being requested?
Noteworthy crypto figures do not ask for funds to be sent to them. If an airdrop is offered, you shouldn’t have to send money to receive it.
If anyone asks for personal information, be sure of who they are before you reveal information and never proceed otherwise.
Is a sense of urgency being portrayed?
Phishers try to get you before you have time to think; always take time to investigate instead.
Are there misspellings, odd-looking pictures, or false information?
Although phishers make their fake websites, pages, and apps look very professional, there will be false information somewhere.
Is someone contacting you from a crypto service?
Contact that service from officially listed channels and confirm it isn’t a phisher. Any information they provide can be looked up and verified.
If they claim to be from a website, platform, or app you trust, their email address should have the website’s domain in it. If the information doesn’t match, do not proceed.
While phishing is not the same as hacking, cybercriminals involved in this practice have the same goal; getting their hands on your crypto. So while phishing “only” tries to exploit user behavior as opposed to vulnerabilities in systems, processes, or code, it poses the same dangers to crypto users as hacking.
Since it’s essentially impossible for crypto companies to prevent malicious parties from engaging in phishing attempts, it’s vital for crypto traders, investors, and users to stay vigilant when it comes to handling cryptocurrency.
Finally, remember that no legitimate crypto service will ever ask you for your password or your private keys. If anyone ever asked you for those, you know it’s a phishing attempt.
Securing Your Digital Assets with Trust Wallet
Trust Wallet is the most trusted mobile crypto wallet that enables anyone to safely buy, store, and trade a wide range of digital assets.
The app does not collect personal information and is non-custodial, which means only you control the private keys to your crypto holdings, making it a highly secure crypto storage solution.
However, that does not mean you are safe from crypto phishing scams as they prey on your behavior and decision-making. So keep your eye out for potential phishing scams trying to get hold of your crypto!