Phishing Attacks: How to Recognize and Avoid Crypto Scams

2022/02/11 10:55:25

With the global cryptocurrency market cap touching an all-time high of $3 trillion in 2021 at the height of the bull market, the interest in digital assets has risen high not only among retail and institutional investors but also among scammers. Crypto frauds in 2022 crossed $4 billion untill November 2022 — a 37% increase since 2021, as per data on PrivacyAffairs.

The crypto world has provided a lucrative opportunity to scammers, with phishing scams becoming quite common across different cryptocurrency exchanges. In this article, we discuss what phishing scams are, as well as the steps that you can take to prevent becoming a victim of such phishing attacks.

What Is a Phishing Attack?

A phishing attack is a form of social engineering attack that aims to obtain sensitive information about your accounts, such as your private keys, username, passwords, and other details about your wallet.

In the crypto industry, a vast majority of phishing attacks take place over email. Other popular means include social media and text messages (SMS) on users’ mobile devices. Hackers use crypto phishing scams to deceive investors and compromise their private keys, steal their crypto assets, or manipulate them into divulging other sensitive information.

According to CertiK’s Web3 Security Report 2022, HACK3D, scammers had successfully stolen millions of dollars worth of NFTs from unsuspecting Web3 users, targeted crypto investors with malware, and devised a new form of phishing — ice phishing. Ice phishing exploits the inexperience of Web3 users, tricking them into signing permissions that grant hackers access to their wallets’ holdings.

In late October 2022, for instance, a phishing scammer who operates under the pseudonym Monkey Drainer stole around 700 ETH (valued at $1 million at the time) in cryptocurrencies and NFTs in less than 24 hours. Monkey Drainer’s phishing scam had caused a loss of more than $3.5 million in total.

Different Types of Phishing Attacks

Users often fall victim to phishing attacks through a variety of methods employed by scammers, such as:

  • The use of email spoofing, where scammers create a lookalike email that closely resembles genuine emails from crypto exchanges and convince users to click on links.
  • The creation of a fake website with a design very similar to the original cryptocurrency exchange or wallet, but with a different URL.
  • Sending instant messages, emails, or text messages with a fake link.
  • Fake messages asking you to part with your private keys as part of an upgrade.
  • Social websites with fake links to exchanges and your wallet.
  • Chat with a fake support team that ask you to share details of your wallet’s or account’s private keys.
  • WiFi phishing attacks designed to obtain information about your cryptocurrency wallet.
  • SIM-swap scams that give scammers access to your phone’s SIM and entire data, to compromise 2FA access.
  • Fake investment opportunities, where scammers advertise platforms where you can buy crypto cheaper than market rates or they offer extremely high returns or profits.

How Does KuCoin Protect Its Users from Phishing Attacks?

Luckily, when you trade through the KuCoin cryptocurrency exchange, there are multiple ways to prevent phishing.

Official Media Verification

Whenever you get contacted by social media accounts or emails providing you with a link that you should use to login, you can click here to verify whether this actually belongs to KuCoin or is simply a scam link.

Bookmark the KuCoin Official Site

Every time you log into your account, we recommend double-checking that you are visiting the correct KuCoin website - You should bookmark it right away. Check the URL address. It should start with "https://."

Site Certificate

You can also check the Site Certificate to see whether a website is safe to visit. If you are using Google Chrome, you can click on the security status in the left part of the web address (a lock indicates that the website is secure) as below. If you are using a different browser, please look at how to view the Site Certificate in your browser’s settings.

Anti-Phishing Code

In addition, KuCoin offers a security service of Anti-Phishing Code - a customizable safety phrase you can set and use to verify if the communication is authentic. In order to avoid phishing emails and phishing websites, it's highly advisable to set a security anti-phishing safety phrase (such as a motto, etc.) on your KuCoin account.

That way, when you log into the website or receive an email, this Anti-Phishing Code will display in the email from KuCoin or the login window. If the safety phrase is not shown or incorrect, it means that you are on a phishing site or have received a phishing email, then please do not proceed any further.

You can configure such Anti-Phishing Codes from the Account Security section after logging into your KuCoin account. Set up Anti-Phishing codes for email, login, and withdrawal, to protect your KuCoin account and funds stored on it from phishing attacks.

These tools can only help with some cases. We recommend that you do your due diligence to protect yourself from attacks.

Other Tips to Avoid a Phishing Attack

With attackers becoming smarter and more advanced with how they carry out such attacks, it is important for you to know exactly how you can prevent yourself from becoming a target. Some tips and advice that you must definitely follow while accessing your cryptocurrency online have been discussed below.

Tip #1: Identify and Avoid Fake Ads in Search Engines

When typing ‘KuCoin’ into a search engine (i.e., Google) or heading to any link sent to you from an external source or website, make sure to double-check if the URL is legitimate. Exercise extreme caution when clicking on Google Ads, and make sure that you check the URL is legitimate as phishing sites have been known to place fake advertisements.

Tip #2: Create Strong Passwords

One of the most important ways in which you can keep your wallet safe from malicious hackers is to create and use strong passwords for all your crypto-related accounts and wallets. This will prevent hackers from using brute force attacks to try and guess your password so that they can steal your money. According to the Microsoft Digital Defence Report 2022, the volume of password attacks is up by 74% in one year, to 921 attacks per second.

Whenever you create an account on a cryptocurrency exchange (or a wallet of any kind) in order to trade, make sure that your password and code are not something that can be easily guessed.

Bitwarden’s 2022 password management survey reveals that 32% of global respondents reused their passwords across 5-10 websites. Such a practice makes it easier for scammers to gain access to your details, and subsequently your wallet.

A strong and secure password or code usually has over 10 characters, with a combination of letters, numbers, and special symbols. Most password generators on the Internet can easily provide you with such passwords that will keep your data secure and ensure a high level of security on your wallet address.

Tip #3: Use a Password Manager

When you decide to use a variety of complex private keys and passwords to keep your cryptocurrency accounts secure, it might not be easy to remember them all. This is where software such as password managers come into play.

By using a password manager, you can ensure that you never have to remember the credentials for your wallet, while still maintaining a high level of security. This will prevent malicious scammers from being able to steal your cryptocurrencies.

Bonus tip: Install good antivirus software on your device to ensure that you can easily detect any email which contains malware or leads to sites that could put your PC at risk by introducing malware.

Tip #4: Use Autofill to Prevent Phishing

An additional advantage is that since most password managers have Autofill options to enter your credentials whenever you wish to sign in, they can help you spot fake websites with a page that may have been designed to look like your crypto exchange.

Therefore, since your manager will not Autofill your credentials on such sites, you could spot such schemes and be safe.

Tip #5: Enable Two-Factor Authentication

At the same time, another important measure that you should take is to enable two-factor authentication on your account, so as to add another layer of security to protect your data and your digital assets.

This will ensure that no one can access your account or withdraw funds from your crypto wallet without entering a code sent to your phone or any other device of your choosing.

Doing this will require the phishing hackers to have access to your phone even if they somehow gain access to your key and other data.

Tip #6: Question Everything

Lastly, an important way to ensure that you do not fall victim to such scams is to simply question everything. Here's what you can pay attention to:

Suspicious Emails

As an example, if you get an email telling you that your account has been locked, make sure that it is from the official email address of your crypto exchange.

Similarly, before clicking on any links to a page that you might receive via the site or through social media, make sure that they are legitimate.

Don't Provide Your Code and Login Details

The same also applies to providing your login details on any website. Usually, people who fall victim to phishing do not check to see if the website to which they provide their data is legitimate or not, which leads to them losing money.

Additionally, make sure to use a secure and trustworthy email service provider, and if you use a self-built email server, be sure to enable DKIM, DMARC and SPF.

Do not send any cryptocurrencies to users you do not recognize. No exchange will ever contact you to say that your account has been blocked and can be fixed in exchange for money. If you get an email like this, it is probably sent by malicious attackers who wish to steal your funds by accessing your wallets.

Can Phishing Be Completely Stopped?

A lot of research has been conducted into whether a digital company can actually be secure to the point wherein phishing is impossible - however, the overall consensus is that phishing attacks cannot be completely stopped, but rather prevented by users themselves.

There are several reasons why making a site or a crypto wallet fully immune from phishing is impossible, and the largest among these is that the form of attack used is constantly changing. For example, as email providers sought to prevent users from receiving scam emails by creating a good spam blocker, attackers just improved the quality of their emails to bypass such spam filters.

While exchanges can boost their security measures to ensure that the data of users is protected and no breaches occur, phishing is more likely to target users than it is to target digital companies, since the likelihood of them falling for the scam is much higher. Therefore, it is up to you as the user to ensure that your crypto wallets are secure and that you are safe from scams.

Sign up on KuCoin, and start trading today!

Follow us on Twitter >>>

Join us on Telegram >>>

Download KuCoin App >>>

Subscribe to our Youtube Channel >>>Listen to 60s Podcast