Explanation of phishing in cryptocurrency sphere and how to avoid phishing attacks
We all remember cryptocurrency golden years when even grandmothers were interested in Bitcoin (BTC) purchase. Back at that time, the crypto industry attracted lots of attention bringing new users to the world of FinTech. However, cryptocurrency hype is also a magnet for scammers.
Changelly cares about your security and continues to provide you with educational materials regarding the crypto and blockchain industries. What is phishing? How is it different from pharming? How to protect yourself from phishing attacks? We are going to cover them all.
What Is Phishing?
Have you ever received a weird message that claimed to provide you with a discount, offered a suspiciously lucrative deal, etc.? Most likely, the answer will be yes. At the dawn of the Internet, such messages weren’t something extraordinary. The webspace has been moving forward, and so have bad actors. Ingenious scammers started to email on behalf of trusted companies while confusing naive users.
Phishing is a type of cyber attack aimed at obtaining sensitive information from Internet users.
Most of the time, bad actors strive to collect usernames, passwords, bank card details, and so on. By sending a scam email, bad actors want you to interact with the message so that they can steal your private information. Fraudsters use multiple psychological attacks to make you believe you can safely share your information with them. Scam emails always look flawless, so you have to be attentive when examining the message.
Types of Phishing
Phishing is a widespread technique of a cyber attack. Therefore, it has multiple ways to get users on the hook. We’ve collected five essential phishing attacks that are frequently used.
Email phishing is the basic, yet the most common one. As described above, a bad actor pretends to be a legitimate company that offers you some kind of service. For example, you’ve received a message from a giant crypto exchange. The letter provides a link, that once clicked redirects you to a website that can collect your data. The email address might look unsuspicious at first glance. However, it most likely has character substitution or strange domains.
This type of phishing technique requires preparatory works from a scammer side. Spear phishing is targeted at institutions or individuals. Hackers collect private information about a well-known person in the company to use his/her tone of voice in order to create malicious emails and send them out. Victims believe in the letter’s credibility and share passwords or other sensitive data with the bad actors.
For the past two years, a group of hackers, also known as ‘CryptoCore’, has managed to steal around $200M from several cryptocurrency exchanges. The last attack took place in June 2020. The gang used a spear-phishing method to access a crypto exchanges’ wallets
Whaling is a sub-type of a spear phishing. If the latter tries to use the impersonation of any employee, then whaling targets top management like CEO, CTO, and others. The emails sent from such a ‘CEO’ also provide dangerous links with bad scripts put in them.
Another sophisticated type of phishing is a watering hole. Hackers determine websites that are preferable by a victim. After that, attackers search for vulnerabilities within the website to infect it with a malicious script. The last one aims to redirect the victim to a site that poisons his/her device with malware.
Phishing via advertisements is quite a popular way to install malware on your devices or steal private information. Attackers implement bad script into an advertisement for many reasons. One of them is cryptojacking. Another one is to get access to your data. Fake ads may look harmless and can be reflected in the top of Google requests.
We’ve decided to put one of the most dangerous sub-type of phishing in a separate section. Pharming is a cyber attack that redirects a user to fraudulent websites. In this case, the victim’s computer is probably already infected.
To perform pharming, attackers have to install malware on your server or computer. The code sends you to a false website, which makes you provide your sensitive data. Pharming corrupts Domain Name System (DNS) servers, and in that way, it extremely difficult to fix the situation as users do not have control over DNS records.
There are several basic rules to stay safe on the web and crypto spaces:
Do not open suspicious emails. If you haven’t requested particular information from the crypto exchange but received a letter from it, it might be a phishing attack;
Pay attention to the email address. Phishers may use the weird domain names to trick you;
Do not click any links or open attachments. They might contain infected code;
Use anti-phishing software. Most browsers offer anti-phishing extensions;
Do not trust emails that promise mountains of crypto golds.
We do hope this article helped you understand the basics of such a cyber attack as phishing. Please pay close attention to the safety of your personal information while being on the Internet. Stay tuned for more crypto basics with Changelly and take care.
Changelly is a non-custodial instant cryptocurrency exchange service that acts as an intermediary between crypto exchanges and users, giving the latter an opportunity to exchange over 160 cryptocurrencies at the best market rates. Changelly offers its API and a customizable payment widget to any crypto service that wishes to broaden its audience and implement new exchange options.