CAUTION! PHISHING! HOW NOT TO BECOME A VICTIM OF FRAUDSTERS?
Fraudsters have always been around us at all times.
The entire history of humanity is inextricably linked with people whose goal is to deceive others’ property.
With advanced technology, fraudsters have begun to introduce new methods to steal personal data. Cryptocurrencies have contributed to a lot of online frauds, and many criminal groups have come to this area.
Today we will consider one of the methods of fraud — fishing (phishing).
Phishing means obtaining the personal data of a victim by any means to use it for their self-interests.
Phishing has been around for a long time as a scam. With its help, attackers gain access to social media accounts, bank cards, databases, etc. The whole scheme is straightforward: the fraudster sends the victim an email on behalf of the bank, website, or service representative and places a link to the fake website in it. The scammer’s goal is to gather all user information that was provided on the fake site.
Why phishing migrated to cryptocurrencies? There are many reasons — anonymity, possible quick withdrawal, and sale of almost any amount of cryptocurrency. Fraudsters hunt for logins and passwords of wallets address in which the owners keep their coins. Most often, attackers try to take private keys that give full access to all wallet assets.
There are several schemes for deceiving cryptocurrency owners. Each of them has its distinctions and tricks.
Mails from support
This method implies that the fraudster is pretending as an employee of the company with which the victim works. Let’s say the goal is to gain access to an online wallet. The fraudster composes an email on behalf of technical support, which contains a link to a fake site (phishing site).
For example, the original site: https://wallet.com
Scammers create a phishing site: https://walet.com
The original site name has two letters “ll”, and the phishing site has one letter “l”.
After that, emails are sent on behalf of the service, indicating the fake address. If the user believes what is written, he will use the link attached letter, where the standard login form will wait for him, where he will be required to enter a username and password. Entering this data will provide fraudsters with access to the wallet, and the user will lose all their assets.
Attackers not only create copies of the original sites but also invest in their promotion and promotion. In some cases, fake resources are higher than the original ones in the search results!
Mail of happiness
Such emails contain notifications of winnings, participation in promotions, bonuses, and gratitude for using “our service”. Their main goal is to make the user believe that he is lucky, go to a fake site and enter his information there.
AirDrop
AirDrop is a free cryptocurrency giveaway. In emails with similar content, holders of some coins are encouraged to get others for free. This scheme works well, as it is a common practice among developers of new tokens. The user is offered to receive tokens for free, but all they need to do is share the wallet’s private key. If the user does this, he loses all his funds. Never provide private keys from your wallets to others!
This uses addresses that are very similar to the original.
Fraudsters perform certain manipulations with the address so that it resembles the original, for example, the address of a common ERC20 browser wallet:
Possible phishing (fake) sites for obtaining private keys:
https://melamask.io (instead of “t” there is “l”)
https://metmask.io (the first “a” is missing)
https://metamaks.io (the combination “sk” is replaced by “ks”)
Some domains of the official websites have subdomains, which provide additional information.
For example, the exchange https://www.binance.com has several such subdomains.
Fraudsters can spoof such addresses as follows:
https://research-binance.com/, https://labs-binance.com/
Here we no longer see subdomains of the main domain binance.com, but completely independent domains that have nothing to do with the Binance exchange.
HOW TO NOT BECOME A VICTIM OF PHISHING:
✅ set the original site address in your browser bookmarks and go to the site only using this.
✅ do not go to the site through search engines by rush; you may not notice the changed address and fake phishing site;
✅ use a reliable paid antivirus that will protect your computer and phone from malicious software penetration and help block transitions to phishing sites;
✅ use one email only for one site or project, and this will allow you to limit the receipt of possible spam;
✅ Do not leave your personal information on social networks and instant messengers you use for authorization on other sites: email, phone numbers, wallet addresses with large balances, etc.
Besides phishing, there are other methods of deception.
We will regularly talk about them.
Praem Capital specialists analyze phishing and other fraudulent schemes and provide recommendations to their users on how to work with cryptocurrencies on the Internet safely.
✔️Join our English speaking community to learn more!
Official Telegram Group
Official Telegram Channel
—
Praem Capital
Facebook
