How to detect a phishing scam and protect yourself
Web and email scams have been prevalent in traditional finance for years and are now becoming more common in crypto. Bad actors will try to prey on cryptocurrency holders with ‘hot’ wallets that are connected to the internet and investors with unsophisticated security measures in place to protect their assets.
What is a phishing scam and how does it work?
Phishing is a form of fraud targeting users of online financial services. The scam involves a fraudulent email or message that is intended to lure a person to provide access to their sensitive and valuable personal information, like passwords or wallet keys. The scammer’s objective is to gain access to the target’s bank account or cryptocurrency wallet, draining funds and moving them into their own account.
The scammer will send a phishing email disguised as a reputable company, asking the user to change their password or log into their account to receive an offer. If the user doesn’t recognize that the email is fraudulent and clicks through to their account, the scammer could gain access to the user’s funds.
Can funds be retrieved from a phishing scam?
With traditional banking accounts, funds can often be retrieved because of insurance put in place for bank accounts and credit cards. Unfortunately, when it comes to cryptocurrency, funds are rarely recovered. This is because digital assets are bearer assets, meaning that like a valuable piece of jewelry, they are tangible property and she who holds the property owns it. If cryptocurrency is stolen, it is very, very hard to recover.
An example of cryptocurrency phishing
In our last Crypto News Roundup, we shared a cautionary tale about spear-phishing, a form of phishing attack that involves impersonating a high-ranking executive and targeting an employee from the same company. The objective of this type of attack is to gain access to the company’s password manager in order to gain access to crypto wallet keys. The story features a notorious group of cyber thieves nicknamed “CryptoCore” and their target, an Israeli cryptocurrency exchange who lost $70 million from multiple attacks. Read the story.
The University of California Berkeley provides an archive of recent phishing attacks. Below, you’ll see an example of a phishing email sent to a Bank of America customer:
How do I tell if I’ve received a phishing email or message?
If it appears that you’ve been contacted by OKCoin, or a reputable company, but the email looks ‘fishy,’ it’s likely that it could be a scam. Highly targeted users are those who have accounts with financial services companies like cryptocurrency custodians and exchanges. The Bank of America example above demonstrates how to tell if an email is fraudulent.
Always check who the email is from. Do you recognize the email address? If you don’t, or if you’re not sure, best to contact the company to verify the email address. For OKCoin customers, you will only receive marketing emails from email@example.com, firstname.lastname@example.org, and set up and notification emails from email@example.com.
In our recent Security Tips blog post, we listed all of the verified OKCoin accounts to ensure that you’re only engaging with legitimate channels, including social media and Telegram.
I think I’ve been phished, now what?
Step 1: Protect yourself
Change passwords for any account you think may have been compromised and review your account balances for any unauthorized changes, especially if you made a transaction.
Step 2: Report it
If you think you’ve been phished by someone pretending to be from OKCoin, let us know immediately. Contact customer service: firstname.lastname@example.org, or message us on Twitter. You can help us prevent further phishing attacks by providing us details including the URL you were directed to and what details you were asked for.
Top security tips for crypto investors & traders
How many of these security tips have you implemented to keep your Bitcoin and other cryptocurrency safe?