{"id":154208,"date":"2024-01-22T17:00:08","date_gmt":"2024-01-22T17:00:08","guid":{"rendered":"https:\/\/www.techopedia.com\/?post_type=definition&p=154208"},"modified":"2024-01-24T15:49:14","modified_gmt":"2024-01-24T15:49:14","slug":"crypto-phishing","status":"publish","type":"definition","link":"https:\/\/www.techopedia.com\/definition\/crypto-phishing","title":{"rendered":"Crypto Phishing"},"content":{"rendered":"

What is Crypto Phishing?<\/span><\/h2>\n

Crypto phishing involves an attempt to trick people into revealing the recovery phrase or <\/span>private key<\/span><\/a> to their <\/span>crypto wallet<\/span><\/a>. Much like the <\/span>phishing<\/span><\/a> we know from the non-crypto world, scammers often pretend to be someone else, such as a representative from a trusted app or <\/span>crypto exchange<\/span><\/a>.\u00a0<\/span><\/p>\n

If they\u2019re successful in the ruse, your crypto could be gone forever.<\/span><\/p>\n

Kaspersky, a leading security software provider, prevented <\/span>more than 5 million crypto phishing attacks<\/span><\/a> in 2022, up 40% from the previous year. That\u2019s just one provider \u2013 in only one year. <\/span>Cryptocurrency scammers<\/span><\/a> are busier than ever, but what are crypto phishing scams, how do they work, and how can you protect yourself?\u00a0<\/span><\/p>\n

Because crypto transactions are irreversible, prevention is the only cure.<\/span><\/p>\n

How Does Crypto Phishing Work?<\/span><\/h2>\n

One of the most common types of phishing in cryptocurrency uses fake apps that look and act like the real thing.\u00a0<\/span><\/p>\n

For example, <\/span>MetaMask<\/span><\/a> provides its popular crypto wallet as a <\/span>browser extension<\/span><\/a>. You can get the download link from the metamask.io website, but phishers may attempt to get users to download a compromised version through an email link, web link, or <\/span>social media<\/span><\/a> post.\u00a0<\/span><\/p>\n

Using the fake wallet app likely reveals your private keys to whoever built the imposter application. The private keys control your crypto assets on the <\/span>blockchain<\/span><\/a>. So, if two people have the keys, either one can transfer the crypto to another wallet.<\/span><\/p>\n

MetaMask provides a <\/span>support page to help users identify the real MetaMask app<\/span><\/a> and avoid imposters that use a similar download URL or other trickery.<\/span><\/p>\n

Similar phishing scams exist for exchanges as well, wherein a scammer might try to gain access to your trading account on <\/span>Coinbase<\/span><\/a> or another exchange, often using official-looking emails.<\/span><\/p>\n

Once a scammer has access to your trading account, they can transfer the crypto in your exchange account off the platform. If you\u2019ve linked a payment method, they may be able to buy more crypto for themselves as well.<\/span><\/p>\n

5 Common Crypto Phishing Attacks<\/span><\/h2>\n

Crypto scams range from fake tokens to <\/span>rug pulls<\/span><\/a> in which the developers disappear into the digital ether. Crypto phishing scams focus on pretending to be someone else or duplicating a trusted app or site.<\/span><\/p>\n

\"5<\/p>\n

    \n
  1. Fake Software<\/b>: Many software apps like crypto wallets provide their <\/span>source code<\/span><\/a> online. While this makes the code available for review by users worldwide, it also creates a security risk: the software is easy to clone. Fake crypto wallets are simple to spin up for crypto phishing scams.<\/span><\/li>\n
  2. Fake dApps<\/b>: Similar to wallets, many popular <\/span>decentralized applications<\/span><\/a> (dApps) offer <\/span>open-source<\/span><\/a> code. This helps new projects get started with a tested base they can modify but also provides a ready-made copy for scammers to use.<\/span><\/li>\n
  3. Imposter Exchanges<\/b>: For exchanges, it isn\u2019t necessary for a scammer to recreate the entire site. Instead, they can just make an official-looking login page. Logins to the page won\u2019t work, of course, but the scammer is collecting login information to use on the real site.<\/span><\/li>\n
  4. Imposter Emails<\/b>: Similar domain names offer a sneaky way for scammers to make fake domains look legitimate. For example, a real email from <\/span>uniswap<\/span><\/a> likely uses uniswap.org rather than user-support-uniswap.org or other similar variations. Also, ask yourself whether an email address is part of how you use that app at all. Most dApps like Uniswap connect via a crypto wallet and don\u2019t collect email addresses.<\/span><\/li>\n
  5. Fake Support Reps<\/b>: Many decentralized platforms use <\/span>Discord<\/span><\/a> or <\/span>Telegram<\/span><\/a> for community support. These channels can be a hotbed for scammers who pretend to be official team members offering to \u201chelp\u201d users with questions or problems.<\/span><\/li>\n<\/ol>\n

    5 Ways to Recognize a Crypto Phishing Attack<\/span><\/h2>\n
    \n\n\n\n\n\n\n\n\n
    Recognition Method<\/b><\/td>\nDescription<\/b><\/td>\n<\/tr>\n
    Misspellings or inaccuracies<\/b><\/td>\nScammers may not speak your language natively, so spelling errors, peculiar phrasing, and grammatical errors often become potential clues of a scam.<\/span><\/td>\n<\/tr>\n
    Pressure to act quickly<\/b><\/td>\nBe wary of messages that insist you must act immediately to download a new version or log in to update your information. If you want to check to see if an update or request is real, navigate directly to the site by typing the correct URL in your browser.<\/span><\/td>\n<\/tr>\n
    Missing encryption or browser warnings<\/b><\/td>\nScam sites and look-alikes often take shortcuts, such as not providing an <\/span>SSL certificate<\/span><\/a>. Look for the lock in your browser. Also, known scammer sites may be blocked by browsers or ad blockers. Heed the warning.<\/span><\/td>\n<\/tr>\n
    Requests for personal information<\/b><\/td>\nBe leery of any requests for personal information, including passwords, security codes, or anything else that could help a scammer put together the puzzle pieces to complete an attack.<\/span><\/td>\n<\/tr>\n
    Offers to \u201creset\u201d your wallet<\/b><\/td>\nParticularly common on Discord support channels, scammers often impersonate support staff. To resolve issues, a common ruse is to \u201creset\u201d your wallet by asking for your private key or recovery phrase. Another common tactic is to ask you to connect to a malicious <\/span>smart contract<\/span><\/a> that can then drain your wallet.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

    How to Avoid a Crypto Phishing Attack<\/span><\/h2>\n

    Wondering how to avoid crypto phishing attacks? Crypto safety relies on two words: be vigilant.\u00a0<\/span><\/p>\n

    Crypto enables financial sovereignty but comes without many of the safeguards we find in traditional finance. Treat every transaction, link, or message with appropriate suspicion.<\/span><\/p>\n

    Use Discernment<\/b><\/p>\n

    One common scam, sometimes called the 2x <\/span>Bitcoin scam<\/span><\/a>, offers to send back double your crypto. As in the analog world, if it seems too good to be true, it\u2019s probably not true.<\/span><\/p>\n

    Find the Official Source<\/b><\/p>\n

    Don\u2019t trust links sent to you by email or provided on outside websites. Instead of following a link for Coinbase, for example, avoid the link offered and visit Coinbase directly by typing coinbase.com in your browser or searching Google for the correct link.<\/span><\/p>\n

    Enable Two-Factor Authentication Whenever Possible<\/b><\/p>\n

    Text-based or email authentication is a start, but authenticator apps like Google Authenticator offer a safer solution if it\u2019s supported.\u00a0<\/span><\/p>\n

    Use a Hardware Wallet in Conjunction With Software Wallets<\/b><\/p>\n

    A <\/span>hardware wallet<\/span><\/a> is a separate offline device that protects the private keys to your crypto wallet. If an app wants to move funds or requests a signed transaction, you\u2019ll need to approve the transaction on your hardware wallet.<\/span><\/p>\n

    Don\u2019t Reuse or Share Passwords<\/b><\/p>\n

    Using the same passwords<\/span><\/a> for exchanges and crypto applications that you use elsewhere could give someone else access. A phishing attack for Facebook, for example, might also reveal your logins for crypto apps if you reuse your password.
    \n<\/span><\/p>\n

    Do Research on the Cryptos You Invest In<\/strong><\/p>\n

    Choosing the right cryptocurrencies can also help avoid phishing attacks. Stick to reputable crypto projects<\/a> that have strong communities and established security practices.<\/p>\n

    FAQs:<\/span><\/h2>\n
    <\/time>

    Can a crypto scammer be traced?<\/h3> <\/div>\n

    In some cases, law enforcement or well-funded organizations may be able to trace crypto scammers using a combination of blockchain history breadcrumbs and perhaps IP addresses. However, for average users, tracing a crypto scammer and identifying the perpetrator is nearly impossible. <\/p>\r\n <\/div><\/div><\/section>\n

    Can you get crypto back from a scammer?<\/h3> <\/div>\n

    Cryptocurrency transactions are irreversible. If you sent crypto to a scammer or they gained access to your funds, there\u2019s little hope of recovery.<\/p>\r\n <\/div><\/div><\/section>\n

    Can you go to jail for crypto scamming?<\/h3> <\/div>\n

    Yes. Crypto scams are illegal if the scammer is committing fraud. In some cases, perpetrators can also be extradited to answer charges in other countries.<\/p>\r\n <\/div><\/div><\/section>\n

    \n
    \n

    References<\/span><\/h2>\n<\/div>\n
    \n