Crypto Risks 101: Phishing for Coins
With any investment, risks are part of the game.
So, it pays to be cautious, especially when it comes to phishing scams and fake sites because some scams have cost crypto investors millions of dollars.
When it comes to crypto trading, there’s a tulip mania-frenzy.
It’s so wild that investors are quite literally taking out second mortgages and home equity lines of credit to buy them. But with popular trends come risks and the potential for fraud. In fact, since 2009, these markets have been slammed with cyber attacks and scams that have cost investors millions of dollars.
Phishing for Coins
A scam once referred to as Coinhoarder netted $50 million in crypto theft over three years using a phishing scam.
“The campaign was very simple and after initial setup the attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims," they wrote. "This campaign targeted specific geographic regions and allowed the attackers to amass millions in revenue through the theft of cryptocurrency from victims. This campaign demonstrates just how lucrative these sorts of malicious attacks can be for cybercriminals,” noted CoinDesk.com
To pull off this stunt, those behind the attack created fake sites similar to BlockChain.com, but with different domain names such as “block-chain.info” and “blockchien.info.”
Notice the misspelling of the sites in that last sentence.
That’s how the scammers get you. They create a convincing, but fake site.
Of all of the scams, phishing scams are some of the trickiest methods for stealing your coins. As we noted with Coinhoarder, phishing uses malicious sites disguised as legitimate links to popular, respected sites. To do so, a phishing site is misspelled. Instead of Blockchain.com, you may see Blockchien.info or even Block-chain.info.
But just what is phishing?
Let’s say for example, you open an e-mail update from the wallet where you store your coins. The message clearly states you must sync your wallet with a network immediately. To do so, you must unlock your account with your private key.
Otherwise, you may not be able to send or even receive new coins.
Thinking it’s a legitimate e-mail, you click the link provided, enter your information, and enter your data hoping you just synced your wallet.
But you didn’t update anything.
Instead, you just handed scammers using a phishing campaign, the keys to your coins.
And while you may frantically call support of the real site to tell them what happened, your coins may have vanished into thin air.
Granted this may sound ridiculous.
But it happens, spreading through e-mail, fake Twitter accounts asking you to send coins or provide data, and even fake Google Ad Word scams with misspelled URLs, such as MyCtherrwallet.com.
It’s amazing what folks will fall for these days.
But you can protect yourself.
- Realize that most wallet providers will never ask for your privacy keys, or even e-mail
- Pay attention to the URL you are clicking for potential typos – a dead giveaway
- Check your own spelling if you typed it yourself
- Check a token wallet address at Etherscan.com for example. If it is detected in phishing activity, you can find that information immediately
- Never, ever give any one your private key
There are many other scams to be aware of. Stay tuned for details on what to watch for.