How secure is Bitcoin? Are there many security risks? Bitcoin is perhaps one of the more secure currencies to own provided one adopts some security best practices. The software is pretty secure and the weakest link is really people. This is where phishing some in. Phishing is a method of using emails to trick people into handing over account details or information that allows the ‘phisher’ or scammer to gain sensitive information or money from the ‘phishee.’ Trickery, forgery, lies and even direct manipulation is used and just about everyone that has an email address will have gotten a phishing attempt so phishing for Bitcoin is an ever present danger.
Although Bitcoin is safe and secure, it is always going to be a prime target for phishing as it is quick, irrecoverable (unlike say credit cards where a bank can initiate a chargeback), which is to say once the bitcoin is transferred you can never get it back, and it is cheap to transact and, importantly, it is anonymous despite the decentralization and records kept in the block chain because it is just a long string of letters and numbers and no ID is attached to the wallet it may be sent to.
So, it is vitally important that one understands phishing and how it works if one is not going to be a victim of it.
Email is probably the most frequent way scammers attempt to steal assets. Phishing for Bitcoin is the new rage in scamming due to its anonymity and less chance of being caught. Since 2016 spam phishing emails have increase four times and a survey conducted last year reveals that two out of three people have experienced or seen a ‘tech support’ scam during the past year. Each month an average of about 14 million [phishing websites are created. These have fake pages that look like the real thing so that people will think it is genuine and log on thereby exposing their access to their assets to a scammer.
Most phishing is designed to prompt you to log on to a fake website where you innocently log in to check your account. Once you have logged in you have exposed your log in details for that bank, exchange or other place where assets may be kept and they can then be sucked out. Companies are a big target as well as individuals as the returns can be much bigger. Whereas you might have 1000 dollars in Bitcoin in an account, a company can have many hundreds of dollars in bitcoin stored away.
Types of Phishing
There are different types of phishing each designed for a specific purpose but all operate in basically the same way which is to rely on general ignorance, laziness and apathy and just not paying enough attention.
Spear phishing is where high profile figures such as CEOs, celebrities, politicians and the like are targeted, usually because they are wealthy. Such people are called whales and the attack on them is usually individual and very specific. Elaborate steps are taken to make the email or contact appear genuine. Sometimes it is information but usually money that the scammer is after. Often a known contact is used or even a pretend contact and the purpose is usually to get them to download some malware (malware: software such as a virus or piece of code designed to grant access to specific information such as IDs, passwords to accounts or networks etc).
Clone phishing is something most people get. This is where a scammer pretends to be from a legitimate company with which one might have an account and will ask you to log in with a link contained within that email to address some issue. Banks are a favourite and I often get emails ‘from banks with which I have no account asking me to log on to check a withdrawal. Contained within that email will be a link which is disguised but can easily be seen for what it is (more on that later). If you get such Malware on your computer and it directs you to a fake site that is called pharming, possibly because they can ‘farm’ your details or valuable assets from your account.
Phone phishing is popular with scammers as well. The scammer here pretends to be from the IRS or your bank, or exchange where you keep your Bitcoin, sometimes pretending to be tech support with a issue that ‘needs to be addressed.’
Here are some indicators on how to spot a phishing email or scammer.
1. Email is NOT addressed to you specifically. i.e. your name is not used
2. Poor spelling and or grammar. Does not always indicate the scammer is uneducated. Sometimes can be quite deliberate
3. Check the links. Often it looks like a valid link but one letter or number might be changed and not noticed in a quick glance. Gooogle.com and googl.e.com are two examples of a easily missed misspelling that shows a different website. It is always safer to go to your usual link and NOT the link in the email. One can usually see what the REAL link is by hovering your mouse over the link and reading in the bottom left of the browser to see what comes up.
4. Pay attention to file extensions. The common file extensions are:
doc and docx
html, htm and shtml
xls and xlsx
ppt and pptx
Are they the correct extension for the file? Is it a file you are expecting? If there is any shadow of a doubt do not open the file
5. Check the return address. It can be quite different to the apparent address from which the email is thought to originate
6. Does the sender have a name? is it someone you know or are expecting?
If there is any doubt at all regarding the email do not open it or open any links contained within the email. Your Bitcoin is a secure valuable asset and there are little if any bitcoin security risks. Adopting some bitcoin security best practices is vital if you don’t want anyone successfully phishing for your Bitcoin.
This article is for information purposes only and is not to be construed as financial information for any purposes such as investment or speculation and it is the responsibility of the reader to perform proper due diligence before acting upon any of the information provided. We recommend that you consult with a licensed, qualified investment advisor before making any investment decisions.