How to Protect Yourself from Phishing When Dealing with Cryptocurrencies

The importance of security around cryptocurrencies and the internet in general has never been more important. Crypto assets make value extremely portable and while this is one of their best features, it also attracts hackers, scammers or other nefarious actors to the space.

One of the biggest risks to security – as always – is people. Anyone can be susceptible to being scammed or phished and in this post we’ll discuss some ways to protect yourself from these attacks. The tips below are very universal, but in our examples we’ll focus on cryptocurrency websites, as these tend to hold a lot of risk.

Your Device

You always have to start with a secure, trusted device that you use for financial transactions. Make sure all your software is up-to-date and don’t use machines that you don’t control like a school or a work machine.

updating windows

Networking

If you have to use a public WiFi network, make sure to use a trusted VPN. Set your DNS servers to a provider you can trust – your ISP is probably not on that list. I recommend using 1.1.1.1, a service by CloudFlare that offers great speed, security and privacy for your name-resolution needs. Click here for setup guides.

1.1.1.1 by CloudFlare

Use Bookmarks Where Possible

This one is simple, but very good! Let’s say you use MyEtherWallet a lot – bookmark it and make a habit of only visiting through that bookmark. Scammers usually register domain names for popular websites that contain typos in the hope that you will visit on accident – don’t risk it by typing. Also, if you’re on twitter and you see a random person raving about a new MEW feature, don’t click the link – use your bookmark instead.

bookmark myetherwallet

Check the Website Address

Another simple tip, but you should always glance at the address you’re visiting to make sure is looks right. Check the spelling; is it correct? Does it match the branding?

myetherwallet address and branding

Does the address start with “xn--” for example? This indicates that it’s encoded using Unicode. Is that expected in your case?

Check the Certificate

First, of course, you’ll have to make sure that the website is using encryption. This will be evident by the presence of “https://” in front of the URL. Next you need to check that your connection is properly secured. Is your browser showing you any of these messages?

chrome certificate warning

firefox certificate warning

If it does, then run! Don’t be tempted to click through and visit the untrusted resource.

Finally, you need to check that the certificate is valid. Does your browser give you its green stamp of approval next to the address? Some companies like MyEtherWallet use extended validation certificates to make it easier for visitors to check if they’re in the right place – look for the green bar displaying the company name.

myetherwallet_extended_validation certificate address bar

If you have cause to be suspicious, you can even open the certificate and examine it properly. Check the address, expiry date and the company information to make sure everything’s in order.

myetherwallet view certificate

Obtaining and Providing Information

Following on from the tip about bookmarking important or high-risk sites, we need to build on the idea that you should always be in control of the websites you visit and your information flow. Don’t trust links in email and always check that you recognise the sender. Ads or pop-up boxes online are also not a good way to navigate to an important website that you already recognise. Instead of clicking that link in a news article talking about MyEtherWallet, navigate to it yourself. That extra step might save you a lot of headache and potential loss.

Another thing to mention is telephone phishing and cold calls. If you have to ring a company, don’t just google for their number, but instead look for a Contacts page on the official website. Don’t believe cold calls or texts from a company, even if their name is displayed correctly on your screen. Always question the reasons for the call and be weary of what information you are asked to provide. You should never be required to give your password or one-time code. Scammers will often make the matter sound urgent so they can lower your defenses by putting you under pressure. Always stop to think and if you suspect the call is genuine, ask if you can get a reference and ring them back on a number you can verify.

 

I hope these tips have been helpful – this guide is by no means exhaustive and you can let me know on twitter if I should add something else. Please share this article with your friends; you never know when you might save someone a lot of grief. Stay safe out there!