Phishing is not only a problem for investors who have bet on Bitcoin or other cryptocurrencies. More generally, criminals are targeting sensitive data. Companies as well as consumers are constantly affected by this. Sometimes it turns out that a successful phishing attempt could often have been averted if the victims had followed certain rules. It is not necessary to follow a complex set of rules at all, but only a handful of guidelines.
Table of contents
What is phishing? Why are cryptocurrencies particularly interesting for the perpetrators and how can you protect your cryptos? We want to answer these questions for our readers in this article and show what to do if you have already become a victim of phishing.
What is phishing and how does it work?
The generic term "phishing" covers a number of methods used to steal data. The term itself is an artificial word made up of the English words "password" and "fishing". The idea is to fish for access data, which the perpetrators then misuse for other crimes.
Typical targets for the perpetrators fall into the following categories, which prove to be extremely lucrative for them:
- Login credentials: These are passwords and the corresponding email addresses of user accounts from a wide variety of platforms. Even if the accounts seem insignificant, the data is still valuable because many users use the same password over and over again. So if the perpetrators have access to a password and can associate an email address with it, this automatically creates new targets for them. In addition, there is a vibrant trade in the darknet with entire lists full of access data, which promise criminals added value.
- Credit cards: This involves the actual credit card number and the three- to four-digit verification number on the back of the card. In addition to the possibility of misusing the card itself, there are also digital black markets for this data, where it can be offered for sale.
- Cryptocurrencies: The perpetrators aim to gain access to the user's wallet. There are a number of different methods that tempt users to disclose their seed or private keys. Also popular are fake websites that prompt to make a transaction with the browser wallet, but after the user confirms it, it is used to steal crypto. Alternatively, criminals obtain access to exchange accounts such as Binance, Kraken or Coinbase. Although these cases belong to the category of access data, the focus here is mostly on looting the victims' exchange accounts.
The actual methods used to obtain the above-mentioned data differ drastically in individual cases. Extremely popular are spam e-mails that either redirect to malicious websites or include a file attachment with malware. Although many providers now have excellent filters and most users do not even see such e-mails, the perpetrators always manage to find a loophole. In these e-mails, the senders usually feign an urgent need for action. Sometimes the user is asked to act quickly because otherwise he will lose money, sometimes it is suggested that money is to be received but that something must be done first. The layout of the e-mails can be bungling, but also extremely convincing. Thus, such emails cannot always be recognized at first glance and can easily be mistaken for those of real companies.
Alternatively, the perpetrators promote fake websites via social media, where they create accounts that often resemble those of famous public figures. There, they write to other users or comment on posts. In doing so, they usually invite people to participate in a sweepstakes or pretend to give away cryptocurrencies.
What these methods have in common is that users end up revealing sensitive data because they believe that they are legitimate requests or websites.
Why is phishing so lucrative?
From the perspective of the perpetrators, these are different target markets where they can become active and earn certain margins. The trade in data may lead them to try to send masses of spam emails, for example. In this case, it is only worthwhile if they can sell as many and high-quality access data as possible. In this context, the global black market is gigantic. The German Federal Office for Information Security estimates the damage through phishingaine in Deutschland lone in Germany
However, the situation looks more complex when it comes to cryptocurrencies, because here the perpetrators are trying to enrich themselves directly. After all, they can hope to exploit the stolen cryptos directly. Additionally, there is a possibility that they will land a lucky strike and find particularly rich victims. For example, in June 2022, unknown hackers managed to take over the Discord account of Yuga Labs' community manager for unexplained reasons. After that, they used it to fake a lottery within the BAYC community. In addition to 32 NFTs from the Bored Ape Yacht Club and Otherworld collections, 145 Ethereum were also stolen. Just a few months earlier, criminals had taken over BAYC's Instagram account, causing around $3 million in damage.
It can therefore be seen that, depending on the chosen target, the perpetrators use different methods, target users more specifically and allow more elaborate preparatory actions to precede their crime.
How can I protect my cryptocurrencies from phishing?
The cryptocurrencies can be protected by using a hardware wallet. It manages the private keys and always keeps them separate from vulnerable computer systems. An attacker would then necessarily need physical access to the hardware wallet, which therefore makes all remote attacks impossible.
However, phishing involves several other aspects because, as the above example shows, the perpetrators aim to lure users into a trap. They therefore agree to the transfer voluntarily and fully, which can ultimately also happen with the hardware wallet. In order not to give the perpetrators a chance, a number of security standards should be adhered to, which reduce the attack surface for criminals:
- Secure passwords:Preferably, you use a password manager, which makes it much easier to randomly assign and store a new password for each application or service. We recommend KeePass or Bitwarden as free and open source options.
- Two-factor authentication: Most crypto exchanges have made it standard anyway. Nevertheless, it should be used everywhere if it is available. The password manager can help here as well, because it allows to secure the recovery data in case the designated 2-FA device is lost.
- Use different wallets: It is recommended to use a separate wallet for DeFi applications and NFTs. Only cryptocurrencies and other digital assets that are directly needed for interaction should be stored there. All other assets belong on a hardware wallet or directly on cold storage.
- Never enter your seed: The Mnemonic Phrase, commonly called the Seed, is the master key to any wallet. Therefore, all prompts should be cancelled immediately. It is never necessary to disclose the seed of a wallet to a website or third party!
- Check URLs and certificates: Even well-made forgeries of websites are quickly discovered when checking the SSL certificate and viewing the URL. In this context, links from external sources should not be accessed in connection with cryptocurrencies. This is where the criminals plant the fake links on the victims. It is best to bookmark crypto exchanges or DeFi applications in the browser.
- Block unknown users: Phishing is also initiated by comments on social media or direct messages. The picture here is similar to that of crypto romance scam. If in doubt, cancel the contact and block and report the user in question.
Cryptocurrencies stolen through phishing: How to get your money back
The first step to get your money back is to start a targeted investigation. Crypto-Tracing specializes in using blockchain forensics to track down the perpetrators, contacting law enforcement agencies as well as exchanges, and arranging help from a lawyer in legal matters. The measures taken make it difficult for the perpetrators to hide behind the supposed anonymity of the Internet and cryptocurrencies.
Every hacker leaves traces and the blockchain, figuratively speaking, never forgets. This allows us to create a basis for identifying recipients and demanding the return of stolen cryptocurrencies by legal means.
You are welcome to describe your individual case to us via our contact form. We will get in touch with you promptly and will be happy to give you an initial assessment and explain what measures can be taken next.
Phishing FAQ
How can I recognize phishing e-mails?
Phishing messages often contain spelling mistakes, grammatical errors or phrases that are not at the level of native speakers. They often suggest that haste is required or threaten consequences if you do not respond to the e-mail immediately. In many cases, the sender of an e-mail provides the crucial clue, because the scammers naturally do not have the official e-mail addresses of the companies whose names they misuse.
What is spear phishing?
Spear phishing is a specific form of phishing in which an attacker specifically targets a particular individual or organization. This often involves the use of personalized information to gain trust and increase the likelihood of a successful scam. A special form of spear phishing is known as whaling. This also targets an individual, but one who has a particularly high position within a company or authority.
What is smishing?
Smishing is a form of phishing in which fraudsters use SMS messages to obtain personal information. They ask recipients to click on links or enter personal information, often under the pretext that urgent action is required. Currently, SMS messages are circulating in which the perpetrators pretend to be the recipient's child and urgently need financial help. This is preceded by the claim that the relative's smartphone is damaged, justifying the use of an unknown number.
What is vishing?
Vishing is a subtype of phishing in which scammers rely on phone calls to obtain personal information from their victims. For this purpose, they often pose as employees of banks, government agencies or an IT support team and ask victims to reveal sensitive data. It is important to note that no government agency or reputable company will request sensitive information such as passwords over the phone or in any other form.
How can I securely check file attachments of e-mails?
Depending on the e-mail provider and the e-mail program, these already include a preliminary check. Nevertheless, attackers manage to mask file attachments in various ways and evade these measures. Therefore, you should install up-to-date virus protection and generally refrain from opening file attachments that originate from unknown senders.
Are there any authorities that deal with phishing?
Yes, there are various organizations, private companies and authorities that deal with phishing and try to protect the general public from fraud attempts. In Germany, the Federal Office for Information Security (BSI) takes on this role. However, consumer centers also regularly provide information on the subject and publish warnings regarding new fraud methods. Information is also available on which antivirus programs are recommended or how one's own IT can be hardened against attacks.
English 
German