Spear phishing attacks in Crypto - Have you been pawned?

8uVB...zE69
20 Sept 2023
84

Spear phishing is malicious emails that target specific individuals, organizations, or businesses.
It is called spear phishing because the scammers already have some Personal Identifiable Information (PII) that they can use to look trustworthy in their social engineering attacks.
For scammers, it is much easier to convince someone to take action if they can compose a message with the name, surname, or specific details about the target victim they want to scam.
You should be able to identify a spear phishing email and how to avoid being scammed.
Because, who knows, you may already be receiving spear phishing emails.
If your data has been part of a data breach, this may be why you are receiving emails from what seems to be (but is not) a trustworthy source.
The email senders may know your name and surname, know that you own a hardware wallet, or know that you own Bitcoin, Ethereum, or some other specific cryptocurrency.

 
Have you been pawned?

A handy way to know if your personal data has been part of a data breach is to use https://haveibeenpwned.com/ to check if your email address has been compromised.


If your email address has been pawned and is used for logging into some other accounts, it is time to evaluate how much trouble you may be in quickly.
Also, this website offers handy and free-of-charge services like mail notifications in case your email account becomes compromised.

 

What should I do if my email address has been pawned?

If you are using strong and unique passwords for each one of your accounts, having your email pawned will be an inconvenience but not a tragedy.

- Mark any new phishing emails as 'spam' so they go directly to spam.
- If you have the time, report those emails as 'phishing' so your email provider can investigate and close those malicious email accounts.
- You may consider stopping using the pawned email account if it is not a hassle.
If you are NOT using strong and unique passwords for each one of your accounts, you must take immediate precautions:
- Very important: Change the passwords for any account that uses that pawned email address as a login username. Make those new passwords strong and unique. 
- Take the same steps as described above.
Do you know how to create strong and unique passwords?

 

How to identify spear phishing emails?

Some legitimate emails may flag an important message or issue you need to resolve. So how can you find out if an email is legitimate or part of a spear phishing attack?
With some knowledge and a critical eye, you will be able to identify any phishing emails or malicious links in no time.
Let's use a real spear phishing email as an example - even though this user has a Metamask account, so an email from Metamask could be expected, it would be pretty easy to identify a phishing email by just having a closer look:

- First, Metamask never requests email addresses when creating a wallet. So any email from 'Metamaks' is a phishing email by default.
- In most cases, the sender's email address is usually fishy and has little to no relation with the email's subject. If the email looks suspicious, check first the sender's email address.
- If the email has any button or link, you can discover the destination address by just hoovering (hoovering... NO clicking) over the email address. You should see the destination address on the bottom left of your browser. And if the destination address looks 'weird', better not to click on it.

There is no definition for a 'weird' destination address, but with some learning, you can identify malicious destination addresses.
Proficiency in identifying phishing emails comes with knowledge and awareness.
You should be aware that there are malicious people out there whose source of income is your data and your digital assets. And therefore, you must be highly cautious and investigate anything out of the ordinary.
You should know how to protect your data and digital assets and ensure that your knowledge is always up-to-date.
Congratulations on completing this 5-minute digital safety power-up.
We hope this short article has helped increase your digital safety knowledge and awareness, and the 5 minutes read was worth the time.
If you have additional time, you may consider digging deeper and learning about phishing scams. 
https://cryptosafetyfirst.com/phishing-scams/
Stay safe,
____________________________________________________________________________________
Congratulations on completing this 5-minute digital safety power-up.
We hope this short article has helped increase your digital safety knowledge and awareness, and the 5 minutes read was worth the time.
______________________________________________________________________________________
Article originally published at: https://www.publish0x.com/@Crypto-Safety-First

Crypto Safety First

Subscribe

Enjoy this blog? Subscribe to CryptoSafetyFirst

8 Comments