Phishing attacks aren’t native to crypto and is a type of scam that is as old as the internet, but with crypto there are some new implications.
Phishing is a type of social engineering attack often used to steal user data, including login credentials and wallet info. The user is tricked into giving up their sensitive data, typically through a phishing website, in an attempt to trick a victim into disclosing sensitive information or connecting their wallet to a fake browser extension for example. The target of a phishing attack may be limited to an individual but in most cases the attacker’s broader goal is to compromise one or more systems the victim has access to. While the attacks have made their way to crypto, they affect the world outside of it as well. Studies show that 75% of organizations around the world experienced some kind of phishing attack in 2020, 96% of which came by email.
Different Types of Phishing Attacks
- Fake browser extensions
These days, especially in crypto, there are a ton of different browser extensions for various uses. One common and growing type of attack is scammers creating fake wallet extensions, similar to MetaMask, and stealing funds from users. Just because a web browser, such as Chrome, adds an extension does not make it legitimate! If downloading a crypto extension, be sure to check its profile page to ensure it has plenty of reviews and comes from a trusted developer.
- Fake Apps
Another common way scammers trick cryptocurrency investors is through fake apps available for download through Google Play and the Apple App Store. Thousands of people have already downloaded fake cryptocurrency apps, reports Bitcoin News. Just a few months ago there was a fake SaitaMask app on the Google Play Store after Saitama had grown rapidly and users were awaiting the real SaitaMask app. Some things to consider or watch out for when downloading such an app, are there obvious misspellings in the copy or even the name of the app, does the branding look inauthentic with strange coloring or an incorrect logo, and more. If so, take note and reconsider downloading.
- DNS hijacking
Some phishing schemes are more sophisticated than others. Take DNS hijacking attacks for example. With this decades-old scam, cybercriminals hijack legitimate websites and replace them with a malicious interface, before phishing users into entering their private keys on the fraudulent domain. This can be achieved by malware that overrides a computer’s TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.
In 2021 thousands of Coinbase users fell victim to this kind of attack. According to Bloomberg, over 6,000 Coinbase customers lost money to the scammers. The attackers sent Coinbase users emails, pretending to be from Coinbase and asking them to submit long-in credentials. The emails pretended that the user’s account had been locked and another with a fake URL that captured user login information when clicked. One message contained an app that then gave the criminals access to people’s email accounts. Once the attackers had stolen the Coinbase login details or accessed people’s email accounts, they could then go on to steal their funds.
Many phishing emails and text messages also come from scammers pretending to be from hardware wallet providers such as Trezor, or even exchange platforms, in an attempt to induce the recipient to ‘update’ their seed phrase or change their password, after which the thief can steal log-in credentials and drain the wallet in question.
BleepingComputer reported earlier in 2021 that threat actors hijacked Bitcoin.org, the authentic website of the Bitcoin project, and altered its parts to push a cryptocurrency giveaway scam that unfortunately some users fell for. Although the hack lasted for less than a day, hackers seem to have walked away with a little over $17,000.
How to Protect Yourself
- Don’t click on links in emails, even if they seem to come from a reputable source. Instead, bookmark URLs to sensitive sites, that way you’ll always know you’re going to a real site and not a fake one designed to steal your data.
- Look carefully at the content of the messages. Be on the look out for obvious typos, errors in the logo, and suspicious email addresses that don’t seem quite right. A crypto platform will not contact you from a Gmail address.
- Use two-factor authentication (2FA). This extra layer of security adds an additional verification step, such as a code you receive by SMS or email. Many sites also use apps that generate authentication codes.
- Don’t reuse passwords. As tempting as it may be, using the same password for multiple websites/logins makes you far more vulnerable if you become a victim. A study showed that 53% of people admitted to using the same password for multiple accounts. To help this, you can install a password manager on your computer or create your own system that helps you generate and remember them all.