Introduction to Phishing

Bitcoin was first introduced in 2008 and as of June 2020 there are more than 50 million Blockchain wallet users. The Blockchain world has grown over the last decade and so have the scams in this sphere. Unlike other valuable assets, cryptocurrencies are easy to steal. Even when everything is on a distributed ledger and people know where the stolen cryptocurrencies are sent, it is almost impossible to undo it. There have only been few incidents where cryptocurrency scams have been undone. Moreover, the decentralized nature of cryptocurrencies makes it difficult for any legal institution to protect its users or catch the scammers. 


Phishing (a very common way of scamming) is a way through which scammers use psychological manipulation to trick us into revealing our username, password, or billing information. The scammers simply send links to their fake sites through legitimate-looking emails or through SMSes. These fake websites look exactly similar to any legal crypto-trading service. In most cases, the users are asked to send a certain number of Bitcoins or Ether to a spiked MyEtherWallet.

The only way to protect oneself from getting duped is to stay informed. Learning about the technical aspects of cryptocurrencies might be difficult for some people but learning how to protect them is surely not. This article explains the different ways of phishing and how people can protect themselves from it. 


Email Phishing

The most common way for phishing has always been through emails. Scammers send emails claiming to be your cryptocurrency exchange or wallet with a message that forces you to click on the link mentioned in the email. Once you click on the link, you are taken to a fake website that looks similar to the original website of your crypto exchange or wallet. The email might suggest something like – “You have won a lottery of xx BTC and to claim it you have to enter your credentials in the website by clicking on the link” or “You have made a transaction of xx BTC and if you haven’t then please click on the link to undo it.” These are one of the many ways in which phishers make people excited or anxious which leads to further problems. You will be asked to enter your credentials and the moment you enter them, your phishers have access to your account and all your cryptos disappear. 


This is a very common way of getting duped so it is important for you to beware of such scammers. Here are a few ways you could avoid losing all your funds:

  • Always inspect the email id that has been used to send you an email. In case of any announcements, you can directly go on the crypto exchange or wallet website by typing the address of the website on the address bar on the browser instead of clicking on the link. For any message that has been sent on your email address, will also be sent to you as a notification on the legitimate website. This will help you validate the email. It is suggested that you bookmark the original websites so that it is easier for you to spot the difference in case of phishing.
  • Phishers tend to buy websites that end with ‘.biz’, ‘.to’, ‘.help’ or something similar. This helps them generate websites and links that resemble the original and legitimate website except for the ending which is often ignored. Always keep an open eye!
  • Fake websites can often be distinguished as there are high chances of spotting grammatical errors or incomplete sentences or incomplete pages as well. Go through the entire website before being sure of its authenticity.
  • Never give your private key to anyone. No crypto exchange or wallet website asks for it. 
  • Lastly, never open your private wallets using public or open Wi-Fi networks.


Smishing – SMS Phishing

Another common way of scamming people is through smishing. Similar to email phishing, attackers send text messages that look similar to the messages sent by legitimate websites. These messages could be asking you to fill out a survey to get a chance to win xx BTC in return, perform certain actions on the website, or simply log in to your account through the link mentioned in the text message.

Mobile devices have smaller URL bars as compared to your laptop or computer screens. Scammers have taken advantage of this situation by padding the larger URL with hyphens to hide the real destination i.e. the fake website. Opening such links on mobile phones might make unsuspecting users lose their funds by sharing their credentials with the website. 

Always remember that real financial institutions will never ask for important information via text messages.


 Other types of crypto phishing

There are many groups on Discord, Facebook, Slack, Telegram, Whatsapp, and others that discuss the crypto markets and many other things in general. Phishers enter these groups on discussions about cryptocurrencies to know the members of the group and their behavior. They start spotting the weak targets and approach them personally by offering help and guidance in making quick money. Many claim to be “Bitcoin miners”, “Binary Traders” and claim to help you make $10,000 in a week. These things sound too good to be true. Never fall for such traps. You might be asked to share the private key of your wallet, or enter a survey or open an account on the link they share. Never do that! Always do thorough research. Make sure to check the authenticity of the group you are a member of. It might also happen that the group you are a part of maybe a scam in itself. Look at the image below, while it might look difficult to spot if this channel is real or not if you look closely you will notice that we are not “@coinsDCXsupport”. In case you find something unusual, inform members of the legitimate group about such activities so that scams can be prevented.

Other types of scams include spreading of news or interesting lotteries on fake Facebook pages that tag or put pictures of people to make them look more authentic. 

Always remember, if you do not know the website or the person sharing the information with you then it can most likely be a scam. Avoid such messages by simply deleting and reporting them on such social media channels.


ICO phishing

The latest member to join the phishing family is the ICO phishing. ICOs (Initial Coin Offerings) allow cryptocurrency projects to raise money in the form of other notable cryptocurrencies like Bitcoin and Ethereum. The projects in return provide a token of a similar value for the amount that has been invested by the investors. Not all ICOs are real and not all projects are worth an investment. It might happen that such project developers and founders are trying to create a hype to collect a large amount of Bitcoins and Ethereum before vanishing. 

To ensure that you do not face such scams, always conduct a proper research about the people who have started the project, read the whitepaper to understand what exactly the project is about, the goals of the project and its legitimacy. Once all these factors have been considered, remember to have a discussion and share ideas as much as possible. Always remember that transactions in Blockchain cannot be undone and there is no legal institution to protect you from getting duped. We at CoinDCX conduct a proper due diligence before listing any coins and tokens on the exchange. 


Phishing is not new and there is no way it can be completely eradicated. Phishers come up with new ways to dupe crypto users but this should not be a reason that demotivates you from exploring this field. We can only fight this by sharing our knowledge and experiences about such incidents. Even when you have faced it, always remember it is better to report the incident and share it with others rather than letting the scammers win. Stay informed, stay alert!