In the Cryptocurrency environment, the use of specialized terms or language plays an important role in conveying information and helping to communicate more effectively. For those new to the market, reading and hearing these terms can be difficult.
However, in this article Weakhand will clarify a term that is what Phising is and how to prevent the risk of phising in the Crypto market.
Overview of Phishing
What is phishing?
Phishing is a term that describes a form of fraud that attackers use to steal victims’ personal information, login information, and account information. Playing on subjectivity, attackers often impersonate websites or applications of cryptocurrency exchanges, cryptocurrency wallets, or other reputable organizations to trick victims into providing wallet passwords or Private Key.
Phishing is a combination of two words:
- fishing used because attackers are like fishermen, using lures to lure victims into providing their personal information or crypto assets.
- Phreaking is used because attackers often use phishing techniques to gain access to victims’ systems or accounts.
Along with the flow of money being poured into the Crypto market, there are a series of Hackers participating for the purpose of personal gain. With many sophisticated scams, these people will create fake websites similar to the official website so that victims can trust them and fall into the trap they set.
History
Looking back at the history of the Internet, the first phishing cases appeared in the 90s of the last century, when AOL was one of the leading internet service providers and had more than one million customers registered for its services. Surname. The widespread popularity of AOL attracted the attention of scammers, who gathered and formed a group called the warez community, from which they specialized in planting the first seeds of phishing.
During the initial operation, members of the warez community began stealing user information, including usernames, passwords, and other personal information. Using this stolen information and along with the algorithm they had developed, they began generating countless random credit cards. These credit card numbers are used to open new AOL accounts and are used for various nefarious purposes such as spamming other AOL members and further fraud. However, after some time AOL finally put an end to this scam story by updating its security measures.
Statistics of Phishing cases
According to the latest statistics from security unit Beosin, about $181.3M USD of Crypto was stolen by Phising between Q1 and Q3 of 2023. Cryptocurrency exchanges are still the top targets of scams. phishing. Therefore, more than 75% of phishing cases in the crypto market target cryptocurrency exchanges, 20% are e-wallets and the last 5% are organizations.
Some other statistics:
- The most stolen cryptocurrencies are Bitcoin, Ethereum, and USDT.
- The most attacked countries are the United States, United Kingdom, and Japan.
- The most attacked cryptocurrency exchanges are Binance, Coinbase, and Bybit.
Common types of Phishing
Email Spoofing
Sending fake emails from cryptocurrency exchanges, attackers often notify that the victim’s account needs Verification. If you don’t pay close attention to the sender’s name
In addition, scammers also have content such as:
- Notification that the victim’s account is locked or hacked.
- Invite victims to participate in an airdrop or giveaway.
- Persuade users to download fake PDF files, which are actually malware, viruses, Trojans.
Fake website
Is a common form of fraud in the cryptocurrency market. Attackers create fake websites that look like real websites of cryptocurrency exchanges and then trick victims into visiting these fake websites, where they will be asked to provide information. their login or password. Once the victim provides information to the attacker, they can use this information to gain access to the victim’s account or steal the victim’s money.
Attacking the subjectivity of not carefully checking the link from the victim, the attackers create a website
Voice Phishing
This is a form of online fraud in which the attacker uses phone calls to trick victims into providing them with personal information or login information, with the goal of appropriating the victim’s assets. The people who are easily caught in the trap are new investors and subjective people.
Commonly used tricks:
- The attacker pretends to be an employee of a cryptocurrency exchange, calling the victim and informing them that the victim’s account has been locked or hacked. They will then ask the victim to provide the victim’s login information or password to protect the account.
- In addition, the attacker can also pretend to be an employee of an investigation agency, they will call the victim and inform that they are investigating a cryptocurrency fraud. They will then ask the victim to provide personal information or login information to cooperate with the investigation.
- In a more sophisticated form, the attacker uses AI technology to impersonate a friend or family member of the victim to request a password or simply transfer money to the attacker.
Social Network Phishing
Social network phishing, also known as social network phishing, victims will receive messages from impersonators or impersonators of the victim’s relatives with strange links via Facebook or Twitter. When the victim logs into their exchange account or wallet on these links, everything will be saved and sent to the attackers. The only thing left for them to do is transfer the victim’s assets elsewhere.
Useful tool to help fight Phising
SpoofGuard: is a security feature that works by checking email addresses and url domains to determine whether they are valid or not. If spoofguard detects an invalid email address or url domain, it will warn the user about possible phishing. The technique that spoofguard uses is to compare the domain name of the website linked in the email with the domain name of the organization or individual that the email claims to be official. If the two domains do not match, spoofguard will warn immediately.
Anti-phishing Domain Advisor: is a Panda Security utility that helps detect, warn and prevent fake websites. It works by using a database of known phishing websites. When a user tries to visit a website, Anti-phishing Domain Advisor checks the website in its database. If the website is known to be fake, Anti-phishing Domain Advisor will warn users and prevent them from accessing the website.
Netcraft Extension: is a free browser extension that helps protect users from fake websites. This platform also researches various aspects of the Internet.
It works using a number of different techniques, including:
- Analyze the content of the websites people are visiting for factors such as spelling or grammar errors or the presence of links to other untrusted websites. If Netcraft Extension detects any of these factors, it will prevent anyone from accessing it.
- Netcraft Extension will verify the SSL certificate of the website people are visiting. If the SSL certificate is invalid or absent, Netcraft will warn everyone.
How to Prevent the Risk of Phishing in the Crypto Market
Verify the website address Before visiting any crypto-related website, double check the URL address and make sure it is correct. Pay attention to every smallest character in the url because the attacker may add a very subtle dash or dot that is difficult for people to notice.
Be cautious with emails, never give out personal information or passwords through email. If people are unsure about an email, contact the sender directly to confirm its authenticity.
Using anti-virus and anti-phishing software helps identify and block fake websites, phishing emails, and other forms of attacks related to personal information fraud. It provides alerts and filters to prevent fraud and protect people from revealing sensitive information and losing assets.
Enable two-factor authentication (2FA) for personal accounts, when an attacker has obtained everyone’s login information but that is not enough to access the account. An attacker needs both the login information and the authentication code (e.g. Google Authenticator code or OTP) taken from people’s mobile phones to access accounts.
Summary
Phishing is one of the cyber security threats and has a negative impact on users globally. For this reason, it is important for everyone to raise awareness to avoid becoming victims of these attacks.
Above is all the information to help everyone understand what Phising is? And how to prevent the risk of phishing in the Crypto market from Weakhand. Hopefully this article can bring everyone useful content.
