The most common way people lose access to their cryptocurrency is through phishing attacks, and unfortunately, hackers are becoming more sophisticated in their phishing attempts. In this blog post, we’re covering how to recognise & avoid phishing attempts. Let’s go!
PHISHING ATTACKS TO LOOK OUT FOR
An email arrives in your inbox, seemingly from your wallet manufacturer asking for information. The email looks completely legitimate, but it is not! Hackers make phishing emails that look identical to legitimate manufacturer emails, using the same formats, designs and logos which makes it difficult to identify if you are quickly scanning through your emails.
Please ensure you double-check and verify the web URLs and email addresses, and look out for unusual spelling and accents within the names.
Coinstop and any of our manufacturing partners will NEVER ask for your recovery phrase. Do NOT share your recovery phrase with anyone.
For reference, our official addresses are:
Hackers have been known to replace the top results in search engines with links to their websites. Without realising, you may click on the first results from your preferred search engine, only to be redirected to the hackers site. For this reason, we recommend you confirm the URLs of the sites you are visiting. A good practice to get in the habit of is bookmarking verified sites that you normally need to input sensitive information, and only access them via that bookmarked link.
A more elaborate technique involves hackers changing an URL when you type it in the browser address bar. You start typing the URL, it gets changed to a different one (a scam website), and you’re suddenly led to a different, but seemingly identical website. The site may look completely identical to the one you intended to access so you may not realize you’re dealing with a scam page until it is too late.
Be careful with browser extensions! There are some that offer to improve your experience when on trading websites, when really they are recording everything you type in regards to your wallet. Before installing, double check it is safe to use and you are obtaining the extension through official channels.
A fake security warning relating to your wallet may be sent to you. You unsuspectingly press on the URL in the warning, give away your private key and other wallet information, and suddenly someone has access to your wallet.
It’s not unusual for services to rely on SMS 2FA (two-factor-authentication) for an extra layer of security for users. However, hackers have found ways to intercept the SMS 2FA, gaining access to the code. This could then grant them access to various accounts, including that of Coinbase. Instead of using SMS 2FA, use something like the Google Authenticator app or even your hardware wallet.
Security protocol for WiFi routers can be taken advantage of to allow hackers to see data going through your WiFi network. Public WiFi (airport, cafe, station, etc.) users are particularly vulnerable to this, so we recommend only accessing important sites from your private home network.
HOW TO AVOID PHISHING ATTEMPTS
Crypto transactions are basically irreversible so if you send money to the wrong address, you can’t get those funds back (unless the recipient is kind enough to trace your wallet address and refund you - not likely!). For this reason, we recommend verifying that everything is correct, whether you are sending small or large amounts.
If your hardware wallet breaks, is stolen or misplaced, your recovery phrase can be used to restore your assets. But if your recovery phrase is stolen or misplaced, there is no bank or institution to back you up or give you a replacement. And because of the secure nature and random mathematical sequences used to generate the private key, there’s no way you or anyone else can recover it, so you will lose access to your cryptocurrency. In other words, make sure you keep your recovery phrase safe and secure at all times!
The best way to do this is to:
- Never share your recovery phrase with anyone
- Never store your recovery phrase on a computer or smartphone
- Never store your recovery phrase online, where it can be easily hacked
- Never rely on your memory alone to remember your recovery phrase
- Store your recovery phrase on a device such as the Billfodl, that is virtually indestructible
- If you ever have to restore your wallets/accounts, only enter the recovery phrase into the physical device
Online digital wallets, or “hot wallets”, whether provided by a crypto exchange or a third party, all require internet access. They are considered the most vulnerable wallets in the world as they store your security keys and codes in an online environment.
That's where cold storage hardware wallets come in! Cold Storage hardware wallets, allow you to move your assets offline AND keep ownership of your private key. Your private keys are generated and stored on the hardware wallet which is then protected by a PIN and an optional passphrase. The keys are never exposed to the internet so they can’t be stolen or copied. That’s why it’s known as cold storage.
While some of these best practices may require you to put in a little extra effort to secure your crypto wallet, it’s well worth it. Here at Coinstop, we remain committed to providing you with the latest in crypto security, so you can ensure your assets are safe. To visit our store, head here.