Cryptocurrency Phishing Scams are Becoming a Thing: You Can’t Afford to be Ignorant

Cryptocurrencies are inherently more secure than fiat currencies because they are not readily accessible in physical form and they are cryptographically stored on the blockchain. However, when they are stolen, it is often practically impossible to recover them because blockchain cryptocurrency transactions are irreversible. In the last couple of years that cryptocurrencies (led by Bitcoin) has shot to the limelight; there has not been a shortage of attempts to steal cryptocurrencies from exchanges and individuals.

Cybercriminals intent on stealing cryptocurrencies from exchanges often need to commit huge time, resources, and energy to achieve their malicious intent. Thankfully, cryptocurrency exchanges are now proactively security conscious; hence, such attacks are no longer successful enough to worth the while of the hackers. Now, cybercriminals are coming up with creative ways to get people to unwittingly hand over their cryptos or their private keys. This piece provide insight on how to spot and avoid crypto phishing attempts.

Beware of impersonators

Crypto phishing attacks often take advantage of a people’s propensity to trust known brands to carry out their nefarious activities. They can send seemingly genuine emails attempting to originate from a cryptocurrency exchange – such emails tell you that you need to enter your password, private keys, or other private data. They often add a subtle threat hinting that you might be locked out of your account or lose your cryptocurrencies if you don’t take the suggested action.

Phishing attempts are not limited to cryptocurrency exchanges alone. Earlier this month, news broke that some hackers attempted a wallet phishing scam on the Trezor multi-cryptocurrency wallet device and service. The Trezor team observed that while the specifics of the attack are still sketchy, it appears that the criminals did a DNS poisoning that hijacked legitimate traffic from the wallet.trezor.io domain to a malicious server hosting a fake Trezor website.

The first thing that gave the criminals off was that the purported “error message” on their website was worded differently from the error message on the original Trezor website. The second thing that gave them up was that they asked users to provide a copy of their recovery seed, a sequence of 12 to 24 words which represents a “master key” that every user should obtain to use Trezor wallet. Trezor has severely warned against storing or entering the recovery seed in any digital formals because it can be used for accessing your wallets and rebuilding your entire wallet if your device is lost, damaged, or stolen.

Phishing attempts can also take the form of fake domains that look similar to the original except for an unnoticeable typo in the spelling. Last year, the Internet was awash with the story of an Ether Wallet phishing scam that saw the perpetrators walking away with about $15,000 worth of Ether in just two hours of running the scam. The scammers registered a fake myetherewallet,.com domain which looks very similar to the myetherwallet.com domain.

Cryptocurrency users who didn’t pay much attention to the domain unwittingly entered their personal details, which the hackers then used to access their wallets and transfer their funds.

Final words

Going forward, cryptocurrency scams, phishing, and hack attempts will only grow sophisticated as cybercriminals devote more time and resources towards bypassing security systems. The onus is on cryptocurrency users to consistently take proactive security measures to protect their funds from falling into the hands of these criminals. A smart way to protect your crypto funds from the hacking risks that exchanges face is to store your crypto in a hardware wallet that you own. Secondly, you may want to bookmark your favorite cryptocurrency websites or enter them yourself in your browser instead of following a link from a third-party site.


Posted

in

by

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *