Cryptophishing – Cryptocurrency Exchange Site Targeted Schemes
Cryptocurrency is becoming mainstream. Even the mass media covers topics on the latest happenings in crypto markets and cryptocurrency exchange sites. Bitcoin seems to be a hip thing to own nowadays – so hip that it’s getting referenced in pop culture. There’s already a bandwagon effect and the sad thing is that investing in cryptocurrency is no walk in the park. A lot of prospective investors would often get lost along the way – mostly at the hands of phishers and scammers.
Since cryptocurrency became a buzzword with the word “money” attached to it, a lot of shady personalities immediately saw the opportunity to jump ship and focus their evil scheming on a new platform. They immediately identified the profit to be had and used one of cryptocurrency’s main selling point to their advantage: the luxury of anonymity.
It seems that everywhere you go, in the real world or online, some people will find a way to scam people out of their hard-earned cash – or Bitcoin. A lot of their tactics are similar to the ones were are all familiar with: spam, redirects, fake sites, and many more. But what’s surprising about this new breed of phishers is their aggressiveness. They seem quite hungry for coin, the more reason that you keep your guards up all the time.
But even if these schemes are familiar, what “innovations” did these miscreants cook? And how can you ensure your safety while investing in cryptocurrency?
Types of Cryptophishing Schemes and How to Avoid Falling into Their Traps
Spam Emails 2.0
This is probably the most common type of phishing that people of all walks of life encounter. You receive these e-mails disguised as official correspondence from banks or credit card companies asking for you to either provide your banking details or login details. It’s the same with crypto phishing but in this case, the e-mails are disguised to appear like they came from cryptocurrency exchange sites. Another difference is that these e-mails are somehow well put-together. Gone were the awkward wording and sentence structure. These emails really mimic official cryptocurrency exchange emails and even security alerts.
Users would receive important alerts via email saying that someone had tried to access their cryptocurrency exchange account or that suspicious account activity had been observed. Almost all instances of these e-mails include a link where users should login or just click to find out what the issue is about.
What makes this simple scheme tricky is that you should be paying close attention even to the tiniest detail. But if you don’t have a lot of time to just read every word, you may easily miss the red flags.
Other forms of emails used for phishing include incentivized surveys. Victims are asked to participate in a cryptocurrency survey with Bitcoin and cryptocurrency giveaways as incentives. They are then redirected to a convincing yet fake login screen mimicking cryptocurrency exchange sites. These sites are so convincing that victims are tricked into inputting their e-wallet credentials and basically handing out the coins they hold.
How to spot emails used for phishing:
- Always check the sender. It would be impossible for phishers to copy the exact emails used by cryptocurrency exchange sites. They would often try hard enough by creating spinoffs of either the legitimate sites’ domain name or its official support email address. Familiarize yourself with the email addresses used by cryptocurrency exchange sites to contact their customers. Save them to your contacts if possible.
- Never click the links within the body of the email. Sometimes, all it takes is one single click for phishers to access your data. They often use call to action (CTA) buttons like “Click here to Login” and “Cancel this transaction” to persuade you into subconscious following their commands.
- Use different emails for different cryptocurrency exchange sites and other cryptocurrency-related services. Most often, phishers obtain your email from Slack or by buying them in bulk from databases. Make sure that the email you use to sign up for newsletters, forums, etc., isn’t the same email that is connected to your e-wallet or crypto exchange login.
Fake Google Ads Search Results
Kucoin had been recently targeted by fake Google Search ad results. These search results pose as the official Kucoin website, luring unwary users. These results appear because they set these phishing sites and pages up to rank in Google’s search result pages. It won’t be beyond phishers to use black hat SEO strategies in order to rank very high up on the page – even higher than the legitimate cryptocurrency exchange sites themselves.
Another form of the scheme is posting ads for fake cryptocurrency exchange sites. These phishers buy ad space from Google just to execute their dastardly deeds but what’s really scary about these ads is that there’s a perceived legitimacy and authority on them. Who would expect phishers to actually pay real money just for their schemes?
How to spot ads and search results used for phishing:
- Check the URL. The website where these ads/search results would redirect you can often be easily identified as knock-offs. Check for minor spelling discrepancies and SSL certificates.
- Don’t click on the first result you see. Check if a similar web address appears on the result. If so, one of the results is certainly a fake. The fake sites don’t usually have SSL certificates.
- Search for cryptocurrencies and crypto exchanges through trusted websites that offer crypto market and industry data. Websites like coinmarketcap.com aggregate data about crypto markets. If you are in doubt about an ad or search result, check them over the links and information by trusted crypto market sites.
- Use ad blocking services. Prevent yourself from seeing these ads in the first place. But if you don’t want to go to this extreme length, you can just opt out from seeing ads from these sites or similar sites.
Cryptocurrency Exchange Site Social Media Impersonation
Kucoin also became the subject of Twitter impersonation (also in Facebook and there’s a fake Kucoin app). Emerging cryptocurrency exchange sites and crypto services are often used by scammers and phishers because they know that the platform is known enough for people to search for information about them yet, not known enough for everyone to know their official website and social media accounts. Spotting a fake website is easier because phishers can’t register the same name but the same can’t be said in social media.
You can choose any name you want for your social media page. That’s the main problem, especially on Facebook where a lot of fake community pages had popped up over the years. These pages also employ somewhat innovative strategies in order to pull people into the page or even make them unwilling participants of the scam.
First, the fake pages gather contact information from the people that like their page. They can also create Facebook groups since to have more access to members. They would then single out one of these users, essentially targeting them for phishing schemes like raffles and giveaways where they win a certain amount of coins they can claim by clicking on a link.
The page tags real people into these posts, making it appear that these people really won or recommend these promotions. Other users are then tricked into thinking that the scheme is legitimate.
This scheme also happens in Twitter with the fake page posting fake promotions either making the users click on a link or causing outrage over the services’ failure to deliver the promised prices (as what happened with Kucoin). This can cause the cryptocurrency exchange site to be branded “fake” and “scam” by unwary users.
How to spot fake social media pages and posts used for phishing:
- Set your accounts to private and adjust your security and privacy settings. Make sure that you have control over who can tag you in posts and that you can review tags before they are posted in your timeline. If you are already tagged, immediately untag yourself, report the post to Facebook and block the poster. It won’t be advisable to contact these people. Do not engage them as much as possible.
- Get the links of the cryptocurrency or cryptocurrency exchange sites’ social media accounts through their official websites. Do not trust information coming from unverified accounts.
Targeted SMS Social Engineering Attacks
Social engineering attacks are far more sophisticated and most of the time they are too good at covering their tracks. These attacks often aggressive in persuading you to give up private information. One tactic that is growing in popularity is the use of SMS notifications.
There could be several ways for these attackers to access your personal information. One is through hacking an email password and accessing the contact list. They may email or send SMS messages to everyone in the contact list. And since you know the source of the email/message, you trust that the links or downloads attached to the message are safe and legitimate.
Cryptocurrency phishers use this type of attacks but instead of using a person’s identity, they use cryptocurrency exchange sites. They send notification SMS to cryptocurrency exchange site users – addressing them by name, mimicking the site’s tone of language. The linked site has an SSL certificate and they really look like the cryptocurrency exchange’s login page.
How to prevent falling victim to these social engineering attacks:
- As a precaution, do not click on links sent through email or SMS. Go to the currency exchange site and log in. Check your notifications and if there are any, perform requested actions from there.
- If the issue stated in the SMS is not specifically about your account but about any system issues, contact the cryptocurrency exchange site directly.
A lot of chat platforms had been affected by a recent “phishing wave.” This includes Slack channels, Skype, Telegram, and WhatsApp. The scheme uses bot accounts. Some users in Slack groups are sent phishing DMs in bulk.
This is a derivative of the phishing schemes in the above examples. They have almost identical tactics and use tools at their disposal, in this case, the chatbots. The advice and tips from above still apply especially the golden rule in a suspected phishing scheme: don’t click the links.
As they, at the end of the day your safety lies in your own hands. Aside from exercising caution, you can also use tools like the anti-phishing protection that is either sold on its own or as a part of an antivirus plan. This is important, especially that you are handling sensitive data on your computer. You are more vulnerable especially that your browsing activities and habits point to your interest in cryptocurrency. At most, you’d be targeted with many cryptocurrency ads or worst, cryptocurrency phishing ads. So if you find yourself in similar situations as the examples above, just don’t click the links.