How to Protect Your Crypto From Vishing (Voice Phishing) and Smishing (Text Message Phishing)

2023/07/07 13:25:39

The age-old rule of “wherever there’s money, there’s scammers” that applies to anything of value has quickly included cryptocurrencies into the scope.

As cybercriminals get more skilled, phishing scams are becoming more widespread and imaginative. In order to safeguard yourself and your money, you need to understand how scammers operate and act in a way that protects you from any exploits.

Here at KuCoin, we place top priority on user security, which is why we've started the #ThinkBeforeYouInvest campaign — your one-stop shop for crypto security education.

Stay tuned to be informed on Smishing and Vishing, their operation, consequences, and what you can do to protect yourself.

Crypto Phishing: The Basics

Generally speaking, a crypto phishing scam includes deceiving those targeted into revealing their private keys or personal data.

The process is actually a very straightforward one — in order to win over the victim's trust, the attacker frequently poses as an honest company or person.

In essence, a phishing attack begins with the attacker sending an enormous number of emails or text messages to possible targets in hopes to convert a small percentage of them.

Frequently, it will appear that these emails, phone calls, or messages, will be coming from a reliable source, like a wallet or a reputable exchange.

A link to a faux website that resembles the actual one is commonly included as part of the message. The attacker (mis)uses the victim's login information when they click the link and enter it to access their account.

The attacker uses the victim's details to take their funds after the victim has been deceived.

Let's dig a bit deeper, and discuss vishing (voice phishing) and smishing (text message phishing).

How to Protect Your Crypto Against Vishing and Smishing

Crypto Vishing: Deceptive Phone Calls

The words "voice" and "phishing" are combined to form the term "vishing." Vishing scam is another form of mobile device scam. In the case of crypto, scammers use it as a method to obtain their victims' money or other personal data stored on the blockchain.

The Vishing Process

When looking at a typical vishing scam attack, a scammer will:

Call you or leave a voicemail with the intention of getting your personal information in order to access your money or other benefits.
Often use social engineering techniques to convince you to divulge personal information.
Persuade you that working with the attacker is the proper thing to do, making it similar to classic phishing (based on email messages) and smishing (based on text messages).
Often posing as a representative of the police, the government, the tax authority, the bank, or the victim's chosen crypto exchange personnel.

Since vishing is (primarily) based on social engineering, it is typical to receive calls from scammers even posing as friends or family members that are in danger or need information.

Speech synthesis software is nowadays also frequently employed by phishing scammers to record voicemails alerting potential victims of their fraudulent behavior.

Crypto Smishing: Deceptive Text Messages

Smishing is a type of phishing that utilizes text messages (SMS) in order to trick people into, again, disclosing their private information or unintentionally downloading malicious malware onto their devices. This kind of deception relies on psychological manipulation, with individuals changing their sender identity to make their communication appear to be from a reputable source.

Smishing, which combines the words "SMS" and "phishing," because it is a scam in which con artists utilize text messages sent to mobile devices to persuade you to click on a harmful attachment or link.

The Smishing Process

In a typical smishing attack scenario, the scammer will do the following:

Usually, the texts make a credible claim about who they are coming from, such as your bank, card issuer, a service provider like your mobile phone carrier, or even, in some cases, the government.
An unsuspecting victim falls for the con and gives away their private data.
The attackers can now gain unauthorized access to their cryptocurrency wallets and steal money, manipulate transactions, and engage in other fraudulent activity.
They can be challenging to recognize and may even appear in a real "thread" of texts you may have received from a reliable source.

This practice's legality is somewhat unclear on a global scale. While some nations have enacted outright bans on SMS deception, others have not yet addressed the problem of changing the sender's identity.

It's critical to notify your local police enforcement or cybercrime unit immediately if you ever receive a questionable text message. Be cautious!

Spotting And Protecting Yourself Against Vishing and Smishing

In order to stay safe and navigate the crypto world in a secure and reliable way, here are some of our tips for spotting bad actors and acting in a relevant manner.

Spotting Voice Phishing

Watch out for "vishers;" their goal is to draw you in with unbelievable deals so they may steal your personal information or credit card information. What you need to watch out for is as follows:

If a business you've never heard of or done business with suddenly bombards you with offers.
If they guarantee you the best possible (and often unbelievably high) return on your money.
If they pressure you into making quick choices.
If you're threatened with fines or penalties until you hand over money or personal information.
If they use vulgar or abusive language.
If you receive calls out of the blue offering assistance with your debt, tax problems, or prior fraud cases.

Spotting SMS Phishing

The methods of this type are similar to e-mail or Voice phishing.

Be wary of:

Receiving any questionable messages via a suspicious number.
Messages that ask you to disclose confidential information via SMS.
Again, similar to Vishing — if anyone offers you unsolicited help about anything crypto — do not accept, answer the message or visit the links.

How to Protect Yourself Against Vishing and Smishing

Beware of any offers that sound sketchy and always research the company you work for. In the case of KuCoin, you can always use the Media Verification service to do your due diligence.
Enhance your account protection by enabling two-factor authentication, trading password, anti-phishing code, and even a login IP restriction.
When something sounds too good to be true — it usually is. Inform yourself about the services your chosen crypto exchange provides and do not accept any new favors without checking the provided information first.
If they demand any rapid financial transfers, private information, or even the names and contact information of your employees — do not provide any of the data. Keep it to yourself and inform authorities about the breach.
If anyone threatens you or uses any kind of inappropriate language or other kind of anti-social behavior — you’re probably dealing with a scammer.
If you receive an offer that provides you with any unwanted help — do not perform any actions requested from you.
Avoid simply clicking on the contact information in the questionable message. Instead, visit their official website to find the right contact information.

Final Words

In their ongoing effort to outwit users and even institutions who find it difficult to keep up with the crazily quick speed of the cryptocurrency sector, crypto scams are constantly developing.

Keeping yourself informed is essential for defending against cryptocurrency scams. Use common sense advice, such as being wary of unsolicited offers, checking the legitimacy of websites, wallets, and exchanges before moving money,

and maintaining antivirus software. As a last resort, use a cold storage device to protect your assets.