For several years now, cryptocurrency has been actively gaining popularity - today literally everyone has heard about it, although this information can be very fragmentary. Thus, one can come across opinions that Bitcoin and other digital assets are exclusively tools of scammers. And although this is fundamentally not true, there are indeed individuals in the industry who work dishonestly and want to profit from the fashion trend. Let's consider what dangers may lie in wait for an inexperienced investor in 2023 and how to avoid them.

What is a phishing attack and what are they?

Phishing is a virtual attack aimed at stealing personal data - from card numbers to passwords from various systems. Unlike hacker attacks, which are more technical and involve breaking into systems, phishing is focused on the human factor, deception, so that the victim himself, through inattention or naivety, sends data. In the cryptocurrency industry, phishing is often aimed at stealing a user's coins and access to his wallet (private key, seed phrase).

Main types of phishing:

  • Target. Focuses on a specific person or entity. Information about the target is first collected, down to the names of family members, then using this information the target data is extracted.

  • Clone phishing. A common option is when an email or SMS is sent supposedly from a real company. Often, scammers require you to provide personal information to avoid account blocking, to update software, or for other reasons.

  • Waling is phishing aimed at wealthy people (celebrities, government members, owners of large companies, etc.).

  • Pharming is the infection of DNS networks so that the user is redirected to a fraudulent site instead of the real one. Since the malicious site does not differ in appearance from the original, the user does not become suspicious.

  • Typeswatting. Also redirecting to fake sites, and their name is very similar to the name of the original, the difference may be just one letter.

  • Email spoofing. This is the name for a type of clone phishing that uses email campaigns. The pages to which the user is redirected may contain malicious code. By analogy, there is spoofing of chats, groups and other social channels.

  • Influencers and “technical support staff.” Phishers copy profiles on social networks of well-known people whom many trust, or technical support employees of crypto services, and begin distributing malicious links on their behalf or requesting confidential information.

  • Injecting scripts into visited sites. To do this, they first look for their vulnerabilities.

And so on - there are a lot of options. Thus, malicious applications, fake advertisements, telephone phishing, and many others can be used.

How to protect yourself from phishing?

Fraudsters will not be able to harm you if you are attentive enough and moderately suspicious. Here are some basic tips to follow:

  • If you are promised free or very cheap cryptocurrency, they are almost definitely scammers. Nobody would do charity that way.

  • When following links, check them carefully. Even when visiting a trusted site from your bookmarks, make sure that the address in the browser line is correct, in case of DNS substitution.

  • Use a high-quality antivirus and update the database daily.

  • Do not trust anyone who writes to you on behalf of a support team or celebrity if they ask for any confidential information, including passwords or private keys.

Before you start working with any site, review it critically. There are a lot of fraudulent financial pyramids disguised as serious investment companies that offer to earn high interest rates.

Risks of fraud in currency exchange

Often there is a need to exchange funds - fiat for cryptocurrency or vice versa. Of course, there are hundreds of high-quality and honest exchangers operating on the network, but there are also “gray” ones that are dangerous to interact with. The simplest thing you might encounter is money theft. You pay for the exchange request by transferring money, but the return payment never arrives. To top it off, the gray exchanger retains the user’s personal data, such as phone number and card number.

This is not the only risk. The following dangers can also be identified:

  • Receiving “dirty” cryptocurrency. This is the name of coins that were previously involved in fraudulent transactions. And since every transaction leaves an indelible mark on the blockchain, law enforcement agencies may eventually track you as the recipient of the funds, which can lead to unpleasant proceedings.

  • Receiving “dirty” fiat. The situation is generally similar, only the information is stored here not by the blockchain, but by the bank. You may receive money, for example, from drug trafficking, and there is a risk of being charged as an accomplice.

  • Phishing. We have already talked about this in detail.

When choosing services for working with crypto, you should use special aggregators and monitoring systems that collect information about honest sites. For example, Coinmarketcap, and the most reliable P2P exchanger is Binance P2P.