Cryptocurrency investing offers great returns to market participants. Unfortunately, these huge returns have attracted a sordid assortment of cybercriminals looking to steal money from investor wallets. Crypto’s opaque nature also lends itself well to scams and thefts. Bitcoin scams are stealing millions.
Phishing remains one of the most prolific forms of cyber criminality, and crypto’s opaque systems make the task easier for malicious actors. Most DeFi platforms are obscure, and investors are often unsure of the kinds of communication they receive, leaving the door open to hackers.
Here’s how crypto investors can guard their investments from phishing attempts.
Our inboxes are a personal place, and we’re attuned to trusting emails from known parties. Investors therefore have little reason to suspect an email from a known DeFi investment platform. Instead of clicking on those emails and the links in them by default, investors must reach out to the platform’s team to verify if the email is legitimate.
Most DeFi teams are active on channels like X, Telegram, and Discord so reaching out to them helps them learn of any malicious attack on their users. Checking with them not only protects the investor reaching out but also the rest of the user base.
When signing up for a platform, investors must also confirm what kinds of communications the team will transmit. Most DeFi teams do not use email since this goes against the decentralized theme of most crypto investment platforms.
Exchanges will send emails, and investors must verify whether these are legitimate. Checking with an exchange’s customer service team often does the job. Any exchange email that asks for personal information via email attachments is likely a phishing attempt.
After all, most exchanges conduct onboarding and KYC through their secure portals and not over email. Investors must also watch out for hackers interjecting themselves in a legitimate email chain and attempting to ask for personal information.
As a rule of thumb, any communication that asks for personal information or one-time passwords is unlikely to be trustworthy.
Emails are one of the most common forms of communication, and investors must practice good security policies. For instance, practicing two-factor authentication (2FA) is critical. 2FA relies on a password and a secure key on a separate device to grant access.
While 2FA might seem like overkill for everyday email use, it is essential to good inbox hygiene. A secured inbox prevents malicious actors from stealing credentials and impersonating investors to retrieve passwords from other accounts.
Most investors think phishing is merely an attacker sending them malicious links, but the truth is more nuanced. Attackers stealing inbox credentials and requesting password changes from crypto platforms is also a form of phishing since it involves compromising an inbox.
Investors should therefore secure their inboxes entirely, instead of merely guarding against a potentially malicious email. Note that 2FA isn’t infallible. It merely reduces the odds of an inbox being compromised by a hacker.
Securing physical devices connected to 2FA authentication and disabling them remotely if lost is also critical to practicing good inbox hygiene.
Email service providers are an investor’s first line of defense against malicious attacks. Popular email services from Google and Microsoft offer good protection from malicious actors. However, they tend to have vulnerabilities since they’re not the most privacy-focused.
Service providers like ProtonMail are far more stringent in dealing with potential privacy breaches and encrypt communications to a far greater degree than popular platforms. While choosing platforms like these might seem like overkill, they’re justified when dealing with investing platform passwords and credentials.
Investors must check reviews of email service platforms before signing up for them. Taking these platforms for a trial run to see how many spam messages get through to an inbox is also a good way to review them. Once done, investors will have a good idea of which platform to use.
Phishing attacks often originate from investors leaving their email addresses on sketchy websites or even visiting them. Using ad blockers and other privacy-oriented plugins greatly reduces the odds of a malicious attacker planting tracking cookies and figuring out email inbox addresses.
The first step investors must take is to use a privacy-focused browser. Like email services, browsers offer different degrees of privacy, with the popular options working well. Investors who are extremely concerned about phishing attempts might be better off with browsers like Firefox or Brave.
Again, investors must check reviews to make sure their browser choices are in line with their needs. Some of the privacy-focused browsers like Tor can be difficult to operate for people unused to them. Additionally, many of these browsers sanitize traffic to a huge extent, filtering out even non-malicious traffic.
This is why testing them before fully adopting them is critical.
Phishing is one of the oldest forms of cyber criminality, and it remains disturbingly prolific. Crypto investors must follow the steps listed in this article to secure their investments and prevent any attempts to steal them.