Crypto Phishing Scams – and How to Avoid Them
English | Français | Español | Deutsch
| KEY TAKEAWAYS: |
| — Always use the official support channels of any crypto company. — Keep your 24-word recovery phrase safe and completely private: it’s intended for your eyes alone and no one else’s. — Make sure that you only keep your recovery phrase on a piece of paper or a metal backup: it has no business being on your computer or smartphone. — If someone promises to send you a lot of crypto if you send them a smaller amount first, it’s simply too good to be true: don’t send your crypto to them. |
The more autonomy we enjoy, the more responsibility we have. Here, we detail some common crypto phishing scams – so you know what to look out for.
Let’s face it – phishing is an ever-present threat in our society nowadays. We hear about it on the news all the time. Especially a hot commodity like cryptocurrencies makes for an enticing target. It’s even gone to the level where on the 15th of July 2020, the Twitter accounts of many influential celebrities and companies were hacked to promote a scam designed to trick users into sending them their precious Bitcoins.
Fret not, however! There are simple ways to protect your cryptocurrencies against these malicious practices. If you already have one of our hardware wallets, you’ve made an excellent start! Phishing attacks trying to make use of malware on your computer have just been rendered completely useless in trying to take your crypto.
Even for hardware wallets, there are ways that someone could try to trick you. To arm yourself against them, we’d like to provide some tips to help your crypto remain within the safety of your hardware wallet.
Is that who I think it is?
Just saw a Facebook post or YouTube video by Ledger stating they’re giving away insane amounts of crypto?
Are you sure that’s actually us?
Common phishing practices use impersonation. In the case mentioned above, you can pretty much assume that it’s not Ledger’s official Social Media page. On platforms like Twitter and Facebook, you can easily tell us apart since we’ve got a verified page.
| Tips |
- Always make sure that you interact through Ledger’s official channels
- Contact us in case of doubt through our website.
The target: your recovery phrase
Your recovery phrase is a vital piece of information for any hardware wallet user. If anything ever happens to your device, you can use this set of 24 words to regain access to all of your crypto assets… you can see where this is going.
Since your recovery phrase gives access to all of your cryptocurrencies, it’s a scammer’s dream to get a hold of your set of 24 words. Many phishing techniques are focused on obtaining them – and there are quite a few sneaky ways in which they try this. From a fake wallet application asking for your 24 words as the result of a fake error to asking for your 24 words with the promise of giving you crypto.
The solution is very simple though: always keep your 24-word recovery phrase to yourself and keep it completely offline. So long as you don’t share your recovery phrase, there’s no way that they’ll get access to your precious cryptocurrencies. Your 24 words also have no business being on any computer, smartphone or any other device. Following this simple rule ensures there isn’t a hack or malware in the world that’ll be able to access it. Keeping it safe and out of sight, away from prying eyes is also a must.
| Tips |
- Always keep your 24-word recovery phrase private and never share this with anyone: not even with Ledger.
- Make sure to keep your recovery phrase completely offline: it should never be entered into any computer, smartphone or any device other than a legitimate hardware wallet
- Store your 24 words securely and out of sight
The empty promise
The expression “If something looks like it’s too good to be true, then it probably is” is the key to the following attempt at crypto theft. A commonly found scam on Social Media includes a fake giveaway. In this, the phisher would impersonate a well-known crypto company or influential person in the crypto world, promising to send you extravagant amounts of crypto if you’d first send them some. Indeed, the example mentioned in the beginning of this article concerned this type of scam.
That last part should bring up some red flags – there is no possible explanation for you needing to send anyone crypto in order to receive more. To put this into context, it’s similar to someone in the street promising to give you a $100 bill if you’d first give him $10 – sounds rather fishy, doesn’t it? The only difference here is that cryptocurrency transactions are permanent, irreversible and you have no idea who’s on the other end of the transaction.
The solution here is equally quite simple here: don’t send your crypto to anyone you don’t know – let alone someone who’s giving the empty promise of sending you back more in return. In this case, you can go a step further and lend the crypto community a hand: you can reply to these scams on Social Media and warn everyone about them. What’s more, is that you can report these posts to have them taken down.
| Tips |
- Keep your crypto to yourself – don’t send crypto to anyone promising you more in return
- Always verify if a giveaway is hosted by a legitimate account
- You can help the crypto community by warning everyone on the post and report these phishing attempts
- In case of any doubt, don’t hesitate to reach out through a company’s official channels
Call to arms
Phishing attempts may be common, but for you, and I knowledge is power. Understanding them is the best way of arming yourself against phishing. With this article we’d like to do our part in helping to keep our beloved cryptosphere the incredible space that it is.
We’d like to call on all of you to help spread these best practices to prevent anyone from falling victim to them.
Let’s join forces to put an end to phishing in the world of cryptocurrencies.
Keep learning! If you enjoy getting to grips with crypto and blockchain, check out our School of Block video In the Head of a Scammer