Tips for avoiding crypto phishing scams

Within the fast-paced and constantly changing world of cryptocurrency, where digital assets are traded and fortunes can be gained, a danger looms that threatens the safety of both experienced investors and newcomers: crypto phishing scams.

These scams are designed to take advantage of people’s trust and vulnerability, with the aim of tricking them into revealing sensitive information or even giving away their hard-earned cryptocurrency holdings.

As cryptocurrencies become more popular, cybercriminals are becoming more sophisticated in their phishing techniques. From impersonating legitimate exchanges and wallets to using convincing social engineering tactics, these scammers will stop at nothing to gain unauthorized access to your digital assets.

Malicious actors use various methods of social engineering to target their victims. They manipulate users’ emotions and create a sense of trust and urgency.

Eric Parker, CEO and co-founder of Giddy — a noncustodial smart wallet — warns, “Did someone reach out to you without you asking? That’s one of the biggest rules of thumb you can use. Customer service rarely, if ever, proactively reaches out to you, so you should always be suspicious of messages saying you need to take action on your account.”

“Same idea with free money: If someone is messaging you because they want to give you free money, it’s likely, not real. Be wary of any message that feels too good to be true or gives you an immediate sense of urgency or fear to make you act quickly.”

Email and messaging scams

One common technique used in crypto phishing scams is impersonating trusted entities, such as cryptocurrency exchanges or wallet providers. The scammers send out emails or messages that appear to be from these legitimate organizations, using similar branding, logos and email addresses. They aim to deceive recipients into believing that the communication is from a trustworthy source.

To achieve this, the scammers may use techniques like email spoofing, where they forge the sender’s email address to make it appear as if it’s coming from a legitimate organization. They may also use social engineering tactics to personalize the messages and make them seem more authentic. By impersonating trusted entities, scammers exploit the trust and credibility associated with these organizations to trick users into taking actions that compromise their security.

Fake support requests

Crypto phishing scammers often pose as customer support representatives of legitimate cryptocurrency exchanges or wallet providers. They send emails or messages to unsuspecting users, claiming an issue with their account or a pending transaction that requires immediate attention.

The scammers provide a contact method or a link to a fake support website where users are prompted to enter their login credentials or other sensitive information.

Omri Lahav, CEO and co-founder of Blockfence — a crypto-security browser extension — warns, “It’s important to remember that if someone sends you a message or email unsolicited, they likely want something from you. These links and attachments can contain malware designed to steal your keys or gain access to your systems,” continuing:

“Furthermore, they can redirect you to phishing websites. Always verify the sender’s identity and the email’s legitimacy to ensure safety. Avoid clicking on links directly; copy and paste the URL into your browser, checking carefully for any spelling discrepancies in the domain name.”

By impersonating support personnel, scammers exploit users’ trust in legitimate customer support channels. In addition, they prey on the desire to resolve issues quickly, leading users to willingly disclose their private information, which scammers can use for malicious purposes later.

Fake websites and cloned platforms

Malicious actors can also build fake websites and platforms to lure in unsuspecting users.

Domain name spoofing is a technique where scammers register domain names that closely resemble the names of legitimate cryptocurrency exchanges or wallet providers. For example, they might register a domain like “” instead of “” or “myethwallet” instead of “myetherwallet.” Unfortunately, these slight variations can be easily overlooked by unsuspecting users.

Lahav advises users to “verify whether the website in question is reputable and well-known.”

Recent: Bitcoin is on a collision course with ‘Net Zero’ promises

“Checking the correct spelling of the URL is also crucial, as malicious actors often create URLs that closely resemble those of legitimate sites. Users should also be cautious with websites they discover through Google ads, as they may not organically rank high in search results,” he said.

Scammers use fake domain names to create websites that look like legitimate platforms. They often send phishing emails or messages with links to these fake websites, tricking users into thinking they are accessing the real platform. Once users enter their login credentials or perform transactions on these websites, the scammers capture the sensitive information and use it for their own gain.

Malicious software and mobile apps

Hackers can also use malicious software to target users. Keyloggers and clipboard hijacking are techniques that crypto phishing scammers use to steal sensitive information from users’ devices.

Keyloggers are malicious software programs that record every keystroke a user makes on their device. When users enter their login credentials or private keys, the keylogger captures this information and sends it back to the scammers. Clipboard hijacking involves intercepting the content copied to the device’s clipboard.

Cryptocurrency transactions often involve copying and pasting wallet addresses or other sensitive information. Scammers use malicious software to monitor the clipboard and replace legitimate wallet addresses with their own. When users paste the information into the intended field, they unknowingly send their funds to the scammer’s wallet instead.

How users can stay protected against crypto phishing scams

There are steps that users can take to protect themselves when navigating the crypto space.

Enabling two-factor authentication (2FA) is one tool that can help secure crypto-related accounts from phishing scams.

2FA adds an extra layer of protection by requiring users to provide a second form of verification, typically a unique code generated on their mobile device, in addition to their password. This ensures that even if attackers obtain the user’s login credentials through phishing attempts, they still need the second factor (such as a time-based one-time password) to gain access.

Utilizing hardware or software-based authenticators

When setting up 2FA, users should consider using hardware or software-based authenticators rather than relying solely on SMS-based authentication. SMS-based 2FA can be vulnerable to SIM-swapping attacks, where attackers fraudulently take control of the user’s phone number.

Hardware authenticators, such as YubiKey or security keys, are physical devices that generate one-time passwords and provide an extra layer of security. Software-based authenticators, such as Google Authenticator or Authy, generate time-based codes on users’ smartphones. These methods are more secure than SMS-based authentication because they are not susceptible to SIM-swapping attacks.

Verify website authenticity

To protect against phishing scams, users should avoid clicking on links provided in emails, messages, or other unverified sources. Instead, they should manually enter the website URLs of their cryptocurrency exchanges, wallets, or any other platforms they wish to access.

By manually entering the website URL, users ensure they access the legitimate website directly rather than being redirected to a fake or cloned website by clicking on a phishing link.

Before clicking on any links, users should hover their mouse cursor over them to view the destination URL in the browser’s status bar or tooltip. This allows users to verify the link’s actual destination and ensure that it matches the expected website.

Phishing scammers often disguise links by displaying a different URL text than the destination. By hovering over the link, users can detect inconsistencies and suspicious URLs that may indicate a phishing attempt.

Parker explained to Cointelegraph, “It’s very easy to fake the underlying link in an email. A scammer can show you one link in the email’s text but make the underlying hyperlink something else.”

“A favorite scam among crypto phishers is to copy a reputable website’s UI but place their malicious code for the login or Wallet Connect portion, which results in stolen passwords, or worse, stolen seed phrases. So, always double-check the website URL you’re logging into or connecting your crypto wallet with.”

Scanning attachments with antivirus software

Users should exercise caution when downloading and opening attachments, especially from untrusted or suspicious sources. Attachments can contain malware, including keyloggers or trojans, which can compromise the security of a user’s device and cryptocurrency accounts.

To mitigate this risk, users should scan all attachments with reputable antivirus software before opening them. This helps detect and remove any potential malware threats, reducing the chances of falling victim to a phishing attack.

Keep software and apps updated

It is important to keep the operating systems, web browsers, devices, and other software up to date in order to maintain the security of the user’s devices. Updates may include security patches that address known vulnerabilities and protect against emerging threats.

Utilizing reputable security software

To add an extra layer of protection against phishing scams and malware, users should consider installing reputable security software on their devices.

Antivirus, anti-malware, and anti-phishing software can help detect and block malicious threats, including phishing emails, fake websites, and malware-infected files.

By regularly updating and running security scans using reputable software, users can minimize the risk of falling victim to phishing scams and ensure the overall security of their devices and cryptocurrency-related activities.

Educate yourself and stay informed

Crypto phishing scams are constantly evolving, and new tactics emerge regularly. Users should take the initiative to educate themselves about the latest phishing techniques and scams targeting the cryptocurrency community. In addition, stay informed by researching and reading about recent phishing incidents and security best practices.

Recent: What is fair use? US Supreme Court weighs in on AI’s copyright dilemma

To stay updated on security-related news and receive timely warnings about phishing scams, users should follow trusted sources in the cryptocurrency community. This can include official announcements and social media accounts of cryptocurrency exchanges, wallet providers, and reputable cybersecurity organizations.

By following reliable sources, users can receive accurate information and alerts regarding emerging phishing scams, security vulnerabilities, and best practices for protecting their crypto assets.

We will continue to update Phone&Auto; if you have any questions or suggestions, please contact us!


Was this article helpful?

93 out of 132 found this helpful

Discover more


Britcoin close to launch after Rosalind CBDC study.

The Bank of England is working on its Britcoin digital currency project, and it has shared the results from the Rosal...


Uniswap Foundation seeks $62M funding.

Decentralized exchange (DEX) Uniswap is excited to announce the upcoming vote on additional funding for its developer...


Solana Mobile: A Crypto-Enabled Smartphone Revolution 📱💥

The response to Solana Mobile's Chapter 2 device has been overwhelmingly positive, with over 100,000 pre-orders alrea...


Binance vs. CME: The Battle for BTC Futures Supremacy

Binance temporarily surpassed CME as the leading exchange with the highest BTC Futures Open Interest rates on Februar...


Kraken to Launch Stock Trading for US and UK Clients

Kraken, a leading cryptocurrency exchange, is set to expand its trading services by introducing options for exchange-...


MetaBlaze sells out $4M crypto presale, partners with gaming companies and releases AI MetaChip NFT.

Dover, USA, June 26th, 2023, Chainwire MetaBlaze, a pioneering company in Web 3 Gaming and AI, is gaining momentum as...