Some common ways to discover phishing attacks

[Chilwell]

Phishing is an act of getting people's personal information like usernames, passwords, credit card details and many more through sending fake messages, fake emails and a lot more claiming they are good people and wanted to help.
Phishing assaults are a popular sort of cyber assault in the crypto realm, and they can result in considerable financial losses.

Phishing has become a huge problem within cryptocurrencies and it is getting bigger day by day. Every day new people are getting involved in crypto, while phishers are seriously engaged in scamming newbies in crypto that is why people still see crypto as a way of scamming. I create this post to help everyone, especially newbies to be careful with the type of browser and also any site that involves phishers, and also  some ways to discover phishing attacks in the crypto space.

       Ways to identify phishing attacks
Ways to discover phishing attacks In the crypto space
Identifying phishing attacks is a little bit more difficult because phishers are very intelligent to go extremely higher for the message and the website looks too real and legit.

1. Grammar error: This happened as a result of being hurried up to send the message out, they do not even have time to go through what they have written.

2. Copycatting: In this aspect, you have to get familiar with the brand, logo, and poster, of the organisation's website. All mentioned can be manipulated if you didn't recognize them from the website.

3. Check the URL: Always be vigilant of any link that requires you to insert your personal information. Ensure to check the URL, because the scammer always uses websites with URLs. After checking the URL and is legit then HTTPS in the URL, if there is S at the end the website is secure for your personal information, but if not included then run away from the site.

4. Trust but verify: if a message or email is sent to you either by your friend or someone else, you must check the message thoroughly before clicking on the link. Phishers can do and undo, always scrutinize the email and also the authenticity before taking action.

5. Use a hardware wallet: use a secure wallet that has two-factor authentication, hardware wallet is a device that can see and handle which cryptocurrencies are kept offline. Attackers find it very difficult to access your crypto, private key, using scam websites.


Above mentioned are out of many detectors of phishing attacks, there are many more apart of above mentioned but following these tips can guide you away from phishing attack in the crypto space. Any form of an idea are welcome.

[1715680804]

1715680804

[1715680804]

1715680804

[1715680804]

1715680804

[1715680804]

1715680804

[1715680804]

1715680804

[tabas]

3. Check the URL: Always be vigilant of any link that requires you to insert your personal information. Ensure to check the URL, because the scammer always uses websites with URLs. After checking the URL and is legit then HTTPS in the URL, if there is S at the end the website is secure for your personal information, but if not included then run away from the site.

Scammers and hackers often use the shortlinks and that's why if you're unsure what link you've received you better not click it and ignore it completely. There are also a lot of tools that you can find online to check what's the content and real URL from these link shorteners.
And for more tips about checking if a website is safe, Avast[1] has a say on this.

[1] https://www.avast.com/c-website-safety-check-guide

[examplens]

1. Grammar error: This happened as a result of being hurried up to send the message out, they do not even have time to go through what they have written.

I would not take this as an important parameter, because phishing sites are most often 100% copies of the original. Also in the case of conversation, it can happen that he is a fraud with a very good knowledge of grammar, so relying on not recognizing grammatical mistakes can be completely wrong.

2. Copycatting: In this aspect, you have to get familiar with the brand, logo, and poster, of the organisation's website. All mentioned can be manipulated if you didn't recognize them from the website.

Likewise here. Phishing sites are identical to the original with only noticeable changes. How can someone who comes to the site for the first time know whether it is original or phishing based on small "flaws" in the design?
This is ok but for experienced users.

3. Check the URL: Always be vigilant of any link that requires you to insert your personal information. Ensure to check the URL, because the scammer always uses websites with URLs. After checking the URL and is legit then HTTPS in the URL, if there is S at the end the website is secure for your personal information, but if not included then run away from the site.

This is almost a mandatory check, although that can also be tricky if missing or lacking a specific character or even similar characters are replaced in the domain name.
Also, for easier recognition, certain experience is needed here.

[Zaguru12]

1. Grammar error: This happened as a result of being hurried up to send the message out, they do not even have time to go through what they have written.

This is mostly experienced when a similar website or app is developed. Like the numerous number of online wallets that have duplicates one of the easiest way to detect them is by grammar error just to avoid google play rights. But most of these days scammers have gone past this.

3. Check the URL: Always be vigilant of any link that requires you to insert your personal information. Ensure to check the URL, because the scammer always uses websites with URLs. After checking the URL and is legit then HTTPS in the URL, if there is S at the end the website is secure for your personal information, but if not included then run away from the site.

This is not all true because even phishing sites can have the S, the only way a phishing site removes The S is when the scammer is copying another site then it creates changes to the url by removing the site to make it look like the original but aside that scammers could just use another method to differentiate the site example is bitcoin-talk.org from Bitcointalk.org

4. Trust but verify: if a message or email is sent to you either by your friend or someone else, you must check the message thoroughly before clicking on the link. Phishers can do and undo, always scrutinize the email and also the authenticity before taking action.

There is a way to filter ones email from relieving malware or phishing links. This way the scam messages are sent straight to the spam box and this could limit the number of phishing emails received in the inbox

[Peanutswar]

Ive been in the industry of IT and based on my experience this is a common attack in organizations.

Based on your statement which is that website phishing which can be in the form of Spear Phishing they will create a fake website and can be used to get the individual users' credentials until they can access the active directory of the people in the company and after they accumulate enough details they will start now to steal that information. This most likely happens in emails. Eg. Fake Bank account websites.

Once you are active in the social media that you are referring with the crypto for sure most of us are using the exchange the attackers can now pretend with the use of the form of Voice Phishing with the form of Calls that they are pretending they are part of the particular company, organization or platform that your account has some particular activity which needs to get a lock and they need your credentials.
Continous with this form of phishing is Smishing with the use of the SMS attacks like texting you win a BTC and there's a link you need to click just to claim the rewards.



As possible if you have a website filtering you can prevent this attacks or security with your accounts must block or report immediately, having a basic knowledge with this will save you and your funds.

[Z390]

Thanks for your advice, if someone takes your advice very seriously and is on watch out for all your five warnings does that makes them completely safe from phishing attacks? No.

Small-time scammers use short URLs to deceive people since they have to click on the link to see what's inside.

Big scammers can use other ways that are almost perfect and could confuse anyone, the most common one is sending emails to your email account, if you are the type that is always curious about the messages you get on your email there is a chance you will fall victim.

Do not open an email if you aren't expecting them, if you open a new exchange today, your verification code will be forwarded to your email asap, that's because you just create a new account on an exchange, so the code is expected.

There are other ways, if your private phone number is visible, scammers can send you bad links to your number, pretending to be from your network tariff or something.

[wahyuagung26]

3. Check the URL: Always be vigilant of any link that requires you to insert your personal information. Ensure to check the URL, because the scammer always uses websites with URLs. After checking the URL and is legit then HTTPS in the URL, if there is S at the end the website is secure for your personal information, but if not included then run away from the site.

What often happens is fraud through links and this method is common, where later they will send in the form of a link from here we must be vigilant in anticipation so as not to get involved and become a victim of phishing, we suggest not clicking if it looks suspicious even better avoid or completely ignore. but sometimes they have various methods to launch it.

[Cryptomultiplier]

Thanks for your advice, if someone takes your advice very seriously and is on watch out for all your five warnings does that makes them completely safe from phishing attacks? No.

Small-time scammers use short URLs to deceive people since they have to click on the link to see what's inside.

Big scammers can use other ways that are almost perfect and could confuse anyone, the most common one is sending emails to your email account, if you are the type that is always curious about the messages you get on your email there is a chance you will fall victim.

Do not open an email if you aren't expecting them, if you open a new exchange today, your verification code will be forwarded to your email asap, that's because you just create a new account on an exchange, so the code is expected.

There are other ways, if your private phone number is visible, scammers can send you bad links to your number, pretending to be from your network tariff or something.

The ploy of scammers is to create a look alike that may throw one off balance. One way I wade off their mails is by setting my email system to auto send messages without proper or familiar address to Spam folder.
When I feel disoriented most times too, either after being tipsy, I do not respond to mails or open them. I also try to clear my browser of saved passwords and the likes while also enabling two factor authentication. I try to be as safe as possible.
What scares me most times is how my email gets notifications from spam sites I never used or how even scammers have learnt to create look alike sites.
There's one incident of a scammer who gave me directions via link to a fake NFT site, which am sure only accepts the gas fee but doesn't trade. I only know the more popular ones like Opensea.com and even after I tried to reach their contact on the site, it was unreachable.
Truth is only greedy or most times desperate people fall prey to these phishing sites and scams.
Be content with what you have, be vigilant and adhere the rules to secure your identity both online and offline, and the coy of an attack will be made bare.

[Doan9269]

If one is very observant enough, then such user would have sence or seen it coming before they experienced it, physhing attacks always comes in an unusual ways and not until we always oay a very close attention to things we do online we nay be liable to fall in for anyone, you can't expect a pirate copy to be as exactly as the original one and this is one of the quickest mea s to identify one of them because they make some immission and commission errors in what they presented to you and if not been careful, you may hardly get noticed of such.

[CryptoMobster]

The hardware wallet ones scare me (my dad for example) got one a while back asking to verify his seed phrase, he knew it was a scam but yeah anything asking 'those' types of questions.

[lionheart78]

3. Check the URL: Always be vigilant of any link that requires you to insert your personal information. Ensure to check the URL, because the scammer always uses websites with URLs. After checking the URL and is legit then HTTPS in the URL, if there is S at the end the website is secure for your personal information, but if not included then run away from the site.

This is almost a mandatory check, although that can also be tricky if missing or lacking a specific character or even similar characters are replaced in the domain name.
Also, for easier recognition, certain experience is needed here.

Among the given list, I think this is the most important to verify.  To maximize our potential to detect phising attacks, we should also learn how these things work.

1. Domain masking - it is an act of hiding the actual domain name of a website from the URL field of a user's web browser in favor of another name[1]
2. Website spoofing using shadow copy - it is redirecting the connection of the victim to the local machine of the hacker to make things look legit[2]
3. URL redirection - it is called url forwarding, it is an attempt to redirect the victim to the phishing site[3]



[1] https://en.wikipedia.org/wiki/Domain_masking
[2] https://en.wikipedia.org/wiki/Website_spoofing
[3] https://en.wikipedia.org/wiki/URL_redirection

[Baofeng]

As far as phishing goes, there's a lot of threads about that

• Collection of comprehensive guides on identify and avoid scam projects by @tbct_mt2
• [GUIDE] Use this for identifying Scam/Phishing Websites & Exchanges in Crypto by @GreatArkansas
• [LEARN & EARN] Phishing Quizzes - Beginners & Experts ( by @dkbit98
• Phishing Revisited my own thread

[blue Snow]

Any form of an idea are welcome.

An important thing to avoid losing your Bitcoin is don't trust anyone.

There is nothing you should trust in this world, because of that situation, you have to own your private key or seed whatever that way.

The point you list above is just a little way to avoid yu from losing, but An important thing is not to trust everyone. Like Phishing, the scammer tries to make you believe in him by giving you a similar link as you usual visit. But because you never believe anyone, so that case you will check it as often as possible, so that situation you save.

[hd49728]

As far as phishing goes, there's a lot of threads about that

You forgot about three topics, two are mine.

What to do to avoid phishing sites
Host-file to deal with phishing sites
Punycode and how to protect yourself from Homograph Phishing attacks?

[Dzwaafu11]

I value your counsel and am grateful that you told us now. If not for you, I feel that most people—including me—would benefit from this topic because I have never encountered anything similar in either this forum or in real life. Since you don't know anything about what the OP explained, I think everyone reading this thread will take it seriously. But OP, if you're talking about cryptocurrency, that's how we can protect our funds. I'm always confident that these forums will teach us how to do that, and it's okay if you have your own ideas as well, but all of these scams take place when people have the tendency to place too much faith in others.I'd like to warn newcomers that there isn't much trust in the crypto sector since, in my opinion, some individuals nowadays will take advantage of you even if they have no intention of doing so because they see you possessing something they want as well. As a result, beginners should refrain from telling others where their coins are kept..

[Kelvinid]

That's it OP, common errors are easy to find but if you are not reading it several times, even a simple typo can't be noticed until the time you reviewed it. I believe we are aware of these things but unfortunately, still, a number of individuals got compromised their accounts for negligence. Even though we discuss this several times and make all people aware of this technique, we can't assume that everyone will avoid this. Honestly, we can't assure that we are totally safe, not this time as these scammers are also too smart.

[Stable090]

       Ways to identify phishing attacks
Ways to discover phishing attacks In the crypto space
Identifying phishing attacks is a little bit more difficult because phishers are very intelligent to go extremely higher for the message and the website looks too real and legit.

1. Grammar error: This happened as a result of being hurried up to send the message out, they do not even have time to go through what they have written.

I don’t really agree with this, am not saying you are wrong but I believe most scammers always take their time to compose their messages, they always make sure they perfect everything so that you Will easily get convinced, if they are trying to scam, they will do everything possible for you to easily believe them.

2. Copycatting: In this aspect, you have to get familiar with the brand, logo, and poster, of the organisation's website. All mentioned can be manipulated if you didn't recognize them from the website.

You are right, I have seen lots of websites with similar designs with the original websites the only difference that’s always their is the url, when visiting any websites make sure you are very careful, don’t be in a rush, sometimes a original website link might be( Bitcointalk.org), but the fake website might be created as ( Bitcointalks.org). The only difference their is just the (S), that’s why we have to be very careful when visiting any website.

4. Trust but verify: if a message or email is sent to you either by your friend or someone else, you must check the message thoroughly before clicking on the link. Phishers can do and undo, always scrutinize the email and also the authenticity before taking action.

Before i click on any link I receive in my email address, am always making sure it’s from a legit source before I click on the link, and incase if am to register on the site, I don’t use my main gmail address to register, am having email address that am always using. And if I receive a link from a suspicious source, I don’t even click the link, I will just delete the email directly.

[lovesmayfamilis]

A person who knows the rules of Internet security will never fall for phishing, and to say that everyone can fall for it is rather self-confident.
In my country, all banks and all other financial institutions always warn customers that they will never ask for personal information either by SMS, via links, or by phone.
Rules for using the Internet seem to be taught from an early age, in the elementary grades. Do not click on any links, and do not open emails from strangers, no matter what they promise you. In addition, do not transmit your personal documents via the Internet, including social networks. The fact that you think that documents sent via telegram, for example, to someone close to you and subsequently delete messages, thinking that you deleted them, will remain in memory. And subsequently, scammers can use personal information to pretend to be your acquaintances.
In summary, when you go online, don't trust anyone; if you're curious and can't resist chatting with strangers, pretend to be a different person; use a virtual machine where you can open and see what was sent to you; and then safely delete everything.

[Hyphen(-)]

Phishing attacks are real, but they are uncommon among people with extensive knowledge, particularly forum users; most of the time, these attacks occur as a result of laziness in ensuring that everything we do is correct.

1. Grammar error: This happened as a result of being hurried up to send the message out, they do not even have time to go through what they have written.

Most scammers do not use this method again because it is an old way and people have noticed this so much because common grammatical errors are now noticed, so this method may still work for some scammers but not as much as it used to.

2. Copycatting: In this aspect, you have to get familiar with the brand, logo, and poster, of the organisation's website. All mentioned can be manipulated if you didn't recognize them from the website.

The ability to clone a brand's features, such as their logo and websites, is something scammers take very seriously; once they have done so, they have almost succeeded because it will take a person who is familiar with their platform on a regular basis to notice the difference; this is why we must be very cautious and always avoid using links that are not from official websites of any organization or company you are attempting to visit.

4. Trust but verify: if a message or email is sent to you either by your friend or someone else, you must check the message thoroughly before clicking on the link. Phishers can do and undo, always scrutinize the email and also the authenticity before taking action.

When it comes to online scams, trust is difficult to come by because the person who sent you the message may have been scammed as well; therefore, avoid clicking on links you are unsure of.

[iBaba]

3. Check the URL: Always be vigilant of any link that requires you to insert your personal information. Ensure to check the URL, because the scammer always uses websites with URLs. After checking the URL and is legit then HTTPS in the URL, if there is S at the end the website is secure for your personal information, but if not included then run away from the site.

This is still one of the simplest methods I use to identify phishing sites. Despite the fact that hackers and fraudsters are becoming more knowledgeable and devious by the day, the addition of "s" to the "http" which indicates that the website is encrypted and secured with a Secure Sockets Layer (SSL) certificate remains the simple check I use on phishing sites. The SSL certificate provides additional security and protection to websites.

Nonetheless, phishers have begun to use 'https://,' so this aspect is no longer a sure sign.

Another technique to check for phishing URLs is to pay special attention to the spelling. Fake websites usually feature an extra letter 'S' or 'A' in the spelling. For example, an authentic Google URL is google.com, whereas a forgery may be googleS.com.

Also, if the letter 'O' has been replaced with the number '0' (zero). For example, an authentic Bitcoin URL is bitcoin.com, whereas a forgery could be bitc0in.com.