You get an email stating that one of your cryptocurrency wallets has to be upgraded for security reasons, so you click the link provided and open your wallet by using your private key and decryption password. Seconds later your wallet is empty, and you've just become the victim of a phishing scam.
Phishing is one of the most wide-spread and common cyber attack technique. It is a type of social engineering attack that involves psychological manipulation and relies on human failures. A phishing attack happens when a malicious actor poses as a reputable entity or business in order to deceive people and collect their sensitive data, such as credit card details, usernames, and passwords.
Most phishing attacks are performed through the use of fraudulent emails, specially designed to convince the user to enter a fraudulent website. Phishing emails are normally requesting the user to reset his password or to confirm his credit card information, leading to a fake website that looks very similar to the original one. The main types of phishing are clone phishing, spear phishing, and pharming.
You might receive an email asking you to enter a website page that is familiar to you. However, the website is fake and when you sign in, you are actually providing your credentials to the attacker. Other types of phishing may include fraudulent stories and requests or demands for money, such as the infamous "Nigerian Prince" email scam.
Phishing techniques are also being applied as a way to steal cryptocurrencies. For example, a cybercriminal may create a fraudulent copy of a website, changing the wallet address provided by the merchant to one of his own, fooling users into paying for a service that looks legitimate but is, in fact, a scam copy.
It is important to understand and recognize phishing scams so you don't become a victim. Some scams are quite sophisticated, and one naive click or careless keystroke could cost you a lot.
New phishing scams emerge every day, and it's important to treat any attempt to solicit information, login credentials, or money with a great degree of suspicion. Although email filters do a good job at filtering spoofs from real messages, you should always be very careful. Be wary of any attempts to obtain sensitive information from you. Whenever possible, you should verify whether the request you are receiving is legitimate. You may do so by trying to contact the sender through another means of communication. Avoid clicking on links in emails about security incidences and navigate to the webpage on your own terms. Looking out for the HTTPS at the beginning of the URL is also recommended.
When it comes to cryptocurrencies, you should be especially careful. Make sure to verify the blockchain addresses before sending a payment because, when confirmed, blockchain transactions are impossible to be reverted. Always keep your private keys and passwords private and safely stored (preferably offline).