Crypto Phishing Scams. What are they? In this article, we explore Phishing Scams and how it affects you. This article has nothing to do with your local tackle shop. However, if you do allow yourself to be phished, you will only be telling stories of “the one that got away”.

Crypto Phishing Scams: What are they?

Crypto Phishing Scams range from basement computer operations to multi-billion dollar operations. Successful operators plan these crypto phishing scams very well. As a result, they make millions. This is in stark contrast to the anguish and suffering that it brings to the victims. Phishing is a big problem for legitimate cryptocurrency exchanges. This is due to the fine balance that they have to strike between convenience and security. Users naturally can only contact the company (where their compromised details have been used). Users have no other recourse if they have been victims of crypto phishing scams. If the company’s services have been used or a user’s funds held on an account have been moved, the instant human reaction for the user is to seek help. The problem here is that the service company can not assist the user, as their compromised credentials have been used.

These scams come in many forms

1. Email Phishing

   This is the one most of us are familiar with. You receive an email that looks like it’s from your bank or building society, but in fact, it is a very well-crafted fake email simply wanting you to click on a link that subsequently installs malware on your device which records everything your device does. It then transmits this information to the entity which sent the email to you. You are not special, no one is sitting and looking at you specifically. Usually, these gangs get a database full of internet email addresses from the dark web or scrapers. They then send hundreds of thousands of emails and get lucky when people are not protected.

   Did you know you can simply add anything after the first part of your Gmail address to create an instant alias email address that you can use as disposable email addresses? For example [email protected]. When you register on a website, let’s say binance.com, simply use [email protected]

2. Influencing search results and Google ads

   This is a scary one. You do a google search for the SARS website to do taxes and a “sponsored ad” pops up, you do not notice the spelling in the domain is slightly different and proceed to log in, but nothing happens… You have just entered all your security details on a phishing site, which is probably using it to transact online using your money.

3. Social media, chat groups and forums

   They catch you because you think you are amongst friends and you drop your guard ever so slightly. We have all become used to grabbing our phones every five minutes to check our messages. You can not blame yourself for clicking on a link in a group or chat you regularly visit. This is due to social media and newer trends such as Facebook or lately Telegram groups.

4. Targeted phishing

   This is where criminals target you specifically. Hackers use a collection of methods along with social engineering to gain access to information about you through friends and family, LinkedIn contacts and leaked databases.

Why do we call it “Phishing”?

It goes back to 1996. Online scammers were “fishing” for AOL account passwords via email. At the time no one knew how to use email or what exactly it was supposed to do). “Ph” is a common hacker replacement for “f” tipping the hat at the original hacker culture known as “phreaking”. The first “hacker” John Draper, also known as Captain Crunch, coined the term. He is credited with the invention of the BLUEBOX, which was used to hack phone systems to make free long-distance calls. Yes, this is a far cry from today’s crypto phishing scams.

Victims of a crypto phishing scam

The easier it is for you to access your crypto using technologies such as custodial wallets, the easier it is for a phisher to help themselves to your Catch!

Data Breaches

There are millions of records all over the internet which contain sensitive data. Simply using an email and password for account security is like leaving your house to go on holiday and just pulling the front door shut. (GP – We all know you spend half a day welding the burglar bars shut. Planting booby traps in the house and getting out the barbed wire to drag across the gate after the Hilux gets chased out by the overloaded Venter.)

Have a look at this website www.haveibeenpwned.com just to get an idea of the sheer amount of leaked data out there.

How to protect yourself against crypto phishing scams?

Being vigilant and paying attention is your first line of defence. Make use of technologies such as encryption, firewalls, malware protection and 2-factor authentication to create a robust defence. Scammers go for easy targets and vulnerable internet users. Always be suspicious if you receive an unexpected email and verify the email addresses of companies you regularly deal with.

You wouldn’t buy a gun and just put it in a safe without learning how to use it, would you?

When you place too much trust in mobile security

Mobile Apps are great and have many uses. They have enriched our lives and have simplified many things. Apps are also to blame for removing a natural layer of suspicion we possess as humans. In its convenience, an App can also pose many problems which we do not consider until it’s too late. For example, if you use a custodial crypto wallet to store your cryptocurrency. What will happen if a Court orders the operators of the platform to freeze the accounts? Gone is your cryptocurrency. So much for independent wealth or private money…

What will happen if hackers gain access to the platform? Imagine a rogue employee leaking personal information… Gone is your crypto. These Apps are incredibly convenient, extremely well designed and easy to use, but they make you stupid. Be your own bank, understand where and how you store your assets yourself. It is easy to fall victim to such a crypto phishing scam.

Alternative defence strategy against crypto phishing scams

This post is by no means exhaustive (and we are not in the business of writing manuals for crooks). We do not cover all the types of attacks in existence here. The scammers think of new methods every day. Interesting read about sim-swapping (https://medium.com/@CodyBrown/how-to-lose-8k-worth-of-bitcoin-in-15-minutes-with-verizon-and-coinbase-com-ba75fb8d0bac).

The simplest way to defend yourself, above and beyond the basic security precautions, is to use your common sense. Now let that sink in for a minute. Ask yourself this, “Why would I try and find some clever convenient way to have my long-term investments accessible to me at all times”? Unless you are already on the run from the authorities or an angry ex, there simply is no valid reason for anyone not to store their private keys OFFLINE using a secure device such as Trezor to spend crypto when the need arises. If you are a victim of crypto phishing scams it will not matter as much. Your crypto is safe. The worlds most secure cryptography protects it. The idea of accessing your crypto at any time creates more problems than the perceived benefits thereof.

This may sound like counterintuitive advice against falling victim to crypto phishing scams, but consider this: The easier it is for you to access your crypto using technologies such as custodial wallets, the easier it is for a phisher to help themselves to your Catch!

The 10 best basic tips to protect yourself from crypto phishing scams:

1. Do not click on email links sent to you unless you are already expecting to receive the link.
2. When you have the option to copy and paste a URL, do so, instead of clicking on the “confirm” / “submit” links.
3. Install a security filter such as Mcafee SafeSearch or similar on your browser.
4. Make use of security, virus and malware software such as Mcafee or MalwareBytes. Furthermore, Get familiar with these products. You wouldn’t buy a gun and just put it in a safe without learning how to use it, would you?
5. Keep your crypto offline by using a paper wallet or hardware wallet.
6. Make backups of your private keys and have your crypto saved across multiple wallets.
7. Use 2-factor authentication. It’s free, it’s quick and it’s easy.
8. Never sign up for HYIP or MMM programs, this is how you become a target in the first place.
9. Do not brag about your crypto holdings on chat groups and social media.
10. Be wary of cloud mining programs offering high returns. Scammers set many of these up as honeypots.

We always like to hear from you so please leave us a comment below.

16/01/2024