Spear phishing attacks in Crypto - Have you been pawned?

20 Sept 2023

Spear phishing is malicious emails that target specific individuals, organizations, or businesses.
It is called spear phishing because the scammers already have some Personal Identifiable Information (PII) that they can use to look trustworthy in their social engineering attacks.
For scammers, it is much easier to convince someone to take action if they can compose a message with the name, surname, or specific details about the target victim they want to scam.
You should be able to identify a spear phishing email and how to avoid being scammed.
Because, who knows, you may already be receiving spear phishing emails.
If your data has been part of a data breach, this may be why you are receiving emails from what seems to be (but is not) a trustworthy source.
The email senders may know your name and surname, know that you own a hardware wallet, or know that you own Bitcoin, Ethereum, or some other specific cryptocurrency.

Have you been pawned?

A handy way to know if your personal data has been part of a data breach is to use https://haveibeenpwned.com/ to check if your email address has been compromised.

If your email address has been pawned and is used for logging into some other accounts, it is time to evaluate how much trouble you may be in quickly.
Also, this website offers handy and free-of-charge services like mail notifications in case your email account becomes compromised.


What should I do if my email address has been pawned?

If you are using strong and unique passwords for each one of your accounts, having your email pawned will be an inconvenience but not a tragedy.

- Mark any new phishing emails as 'spam' so they go directly to spam.
- If you have the time, report those emails as 'phishing' so your email provider can investigate and close those malicious email accounts.
- You may consider stopping using the pawned email account if it is not a hassle.
If you are NOT using strong and unique passwords for each one of your accounts, you must take immediate precautions:
- Very important: Change the passwords for any account that uses that pawned email address as a login username. Make those new passwords strong and unique. 
- Take the same steps as described above.
Do you know how to create strong and unique passwords?


How to identify spear phishing emails?

Some legitimate emails may flag an important message or issue you need to resolve. So how can you find out if an email is legitimate or part of a spear phishing attack?
With some knowledge and a critical eye, you will be able to identify any phishing emails or malicious links in no time.
Let's use a real spear phishing email as an example - even though this user has a Metamask account, so an email from Metamask could be expected, it would be pretty easy to identify a phishing email by just having a closer look:

- First, Metamask never requests email addresses when creating a wallet. So any email from 'Metamaks' is a phishing email by default.
- In most cases, the sender's email address is usually fishy and has little to no relation with the email's subject. If the email looks suspicious, check first the sender's email address.
- If the email has any button or link, you can discover the destination address by just hoovering (hoovering... NO clicking) over the email address. You should see the destination address on the bottom left of your browser. And if the destination address looks 'weird', better not to click on it.

There is no definition for a 'weird' destination address, but with some learning, you can identify malicious destination addresses.
Proficiency in identifying phishing emails comes with knowledge and awareness.
You should be aware that there are malicious people out there whose source of income is your data and your digital assets. And therefore, you must be highly cautious and investigate anything out of the ordinary.
You should know how to protect your data and digital assets and ensure that your knowledge is always up-to-date.
Congratulations on completing this 5-minute digital safety power-up.
We hope this short article has helped increase your digital safety knowledge and awareness, and the 5 minutes read was worth the time.
If you have additional time, you may consider digging deeper and learning about phishing scams. 
Stay safe,
Congratulations on completing this 5-minute digital safety power-up.
We hope this short article has helped increase your digital safety knowledge and awareness, and the 5 minutes read was worth the time.
Article originally published at: https://www.publish0x.com/@Crypto-Safety-First

Write & Read to Earn with BULB

Learn More

Enjoy this blog? Subscribe to CryptoSafetyFirst


Greetings, thanks for sharing. 🖐
The crypto community needs more awareness and education on this topic, and this article is a step in the right direction. Thanks for sharing @CryptoSafetyFirst! 🚀 🚀🚀
Cybersecurity is paramount in the crypto world. Beware of spear phishing attempts; they can be incredibly convincing and detrimental. Always verify the authenticity of messages and double-check URLs. Your vigilance can be your best defense against these malicious attacks.
Thanks for the informations. Very interesting article
Spear phishing sound like an attack move original in real life combat
Have a system for creating powerful password
Spear phishing attacks in the world of cryptocurrency are a growing concern and a stark reminder of the ever-evolving tactics employed by malicious actors in the digital realm. These attacks are not your run-of-the-mill phishing attempts; they are highly targeted and personalized, making them all the more dangerous. The term "Have you been pawned?" serves as a stark reminder of the potential consequences of falling victim to such attacks. When attackers gain access to your crypto holdings or personal information through spear phishing, the impact can be devastating. From financial losses to identity theft, the fallout can be extensive and long-lasting. To protect oneself against spear phishing in the crypto space, it's crucial to stay vigilant, employ robust security measures, and continuously educate oneself about emerging threats.
This was a fantastic write up! Nice work