Many crypto users recognize the importance of keeping their seed phrase secret. Yet, this awareness creates an opportunity for scammers to exploit others through alternative means.
One typical tactic involves baiting unsuspecting people with the promise of a significant sum in exchange for a minor commission. Scammers are relentless in pursuing complete access to someone's crypto assets. They will continue attempting to deceive users into revealing their seed phrases.
Scam victims are not just older people, despite popular belief. According to research, more fraud victims fall in the 25–45 age range than those above 50. Attackers often target the most financially anxious age group. Now, let's explore how to stay safe from scammers and their phishing attacks.
How does a classic phishing scheme work?
To help you understand how a typical phishing scam happens, we'll break it down into five stages, each representing a step in the attacker's strategy to deceive and exploit people.
Stage 1: Setup
In this initial stage, scammers carefully plan their phishing campaign. They set up the infrastructure, including fake websites, domains, and email addresses that closely imitate legitimate ones. The goal is to create a convincing mask that will trick unsuspecting targets.
Stage 2: Bait
Phishers use various means to bait potential victims. They often send deceptive emails, messages, or social media posts that appear legitimate. Common tactics include urgent messages, offers, or alerts, creating a sense of urgency or excitement to encourage immediate action from the prey.
For example, an unsuspecting victim receives an email from a fake crypto wallet team, DeFi project, or crypto community – the possibilities are endless – offering to send them an amount of crypto. The figure is usually relatively high, and the email might read as follows:
"To celebrate our launch/completion/IPO, we've decided to send $10,000 to people who register before the end of the week, so click on the link to get started."
Stage 3: Information gathering
Once the target takes the bait, they end up on a cloned website version — the phishing site designed to capture sensitive information. This often involves tricking individuals into providing login credentials, personal details, or cryptocurrency wallet access for seed phrases.
Attackers use convincing forms or login pages to harvest this data. If you think you can spot a fake immediately, you might be disappointed: over the years, scammers have learned to create pretty convincing bogus websites.
Stage 4: Exploit
With the acquired information, attackers drain the victim's wallets, steal their identity, or further the phishing campaign by targeting the victim's contacts. Exploitation can be immediate or occur over an extended period, depending on the scammer's goals.
Stage 5: Exit
In the final stage, attackers may cover their tracks to avoid detection, erase traces of their phishing infrastructure, or disappear altogether. Sometimes, they persist in their attacks by targeting and exploiting victims or adapting their tactics for future campaigns.
How are Tangem users often targeted?
Let's review some common phishing scenarios prevalent in crypto-focused communities, like the Tangem Telegram public chat and Discord server.
Fake customer support on Telegram
Ideally, our users would contact support directly via email or the official Tangem chatbot to fix a problem that cannot be solved by going to Tangem Help. Unfortunately, most users often go straight to the Tangem Telegram chat or other open discussion spaces to voice their issues or recommendations without considering the dangers involved. Scammers see these messages in the public chat and then proceed to contact the user by pretending to be a Tangem support team member.
They offer to fix the problem and send the user to a phishing website that looks exactly like the official Tangem website. The catch is the Get Tangem button is replaced with Connect Wallet.
People using Tangem as a seedless wallet might be immune to this type of phishing attack, but those using seed phrases are common prey and could become victims.
Here are a few things to note:
- Tangem representatives or support team members will never DM you first on any platform.
- Always contact support directly instead of leaving a public message or comment.
- Do not follow suspicious links or connect your wallet to any suspicious DeFi platform.
Fake Discord tech support server
There are a lot of scammers hiding in our Discord chat, and here's how they operate. A new user joins the chat and says, “I'm new here; I have a question about adding a token to my Tangem Wallet.”
The scammer mentions the new user with a message like this:
"Hello, if you want to open a tech support claim, please fill it out here #techsupport."
However, the #techsupport link (scam link) leads to a private Discord channel, not the official Tangem Discord! They often offer to help the user resolve an issue in an "OPEN SUPPORT TICKET."
Once again, we will never ask you to join another server. If you see such messages, ignore them and report the scammer immediately. Please be aware that you can only open a claim through the Tangem website and the official links.
Tangem official channels
Tangem communicates exclusively through official channels such as our website, social media platforms, customer support bots, etc. Scammers often attempt to exploit users by creating deceptive channels that mimic official Tangem ones. To ensure the authenticity of communication, please verify that you are on a legitimate Tangem account or website.
X (Twitter) https://twitter.com/Tangem
In German: https://t.me/tangem_chat_de
Tangem support bot: https://t.me/Tangem_Support_bot
Do not share sensitive information or engage in transactions with users pretending to be the Tangem support team. By adhering to these precautions and staying vigilant, you can significantly reduce the risk of falling victim to scams and protect your assets.
Differences between the authentic vs. fake Tangem website
These are general characteristics we noticed between counterfeit and authentic Tangem websites. You should always be cautious when verifying the authenticity of any crypto-related website. Below is a table highlighting several differences between a genuine website and a phishing website:
|Authentic Tangem Website
|Matches the official domain precisely
|May have misspellings or variations in the URL
|Displays "https://" and a padlock for secure connection
|May lack SSL security indicators
|Provides accurate and verifiable contact details
|May have missing or fake contact information
|Design and Branding
|Consistent with the official brand and design
|Often has poor design, inconsistencies, or errors
|Requests for Info
|Does not ask for sensitive information
|Requests for seed phrases
|Grammar and Spelling
|Generally free of errors in grammar and spelling
|Contains glaring grammar and spelling mistakes
|Limited or relevant pop-ups for user assistance
|Frequent, irrelevant pop-ups or alerts
|Established and has a longer domain age
|May have a recently registered or suspicious domain age
|Social media Presence
|Verified accounts with a checkmark on social media
|Fake or unverified accounts on social media
|Displays security icons and logos prominently
|Lacks recognizable security logos and indicators
10 concrete tips to safeguard against phishing and social engineering scams in crypto
To help you safeguard against potential threats, here are ten essential tips to avoid falling prey to scammers and phishing attacks.
- Avoid using seed phrases:
We like to think that Tangem Wallet is unique because it allows users to create a wallet without a seed phrase. Seed phrases are an apparent liability that scammers often seek to exploit. By offering to help you solve transaction issues, they usually ask you to provide your seedphrase.
- Avoid unsolicited emails:
Do not click on links or download attachments from unsolicited emails. Legitimate crypto platforms will not ask for sensitive information via email. Always check that the email you receive is from an official tangem email account. If you're in doubt, contact our support team ASAP.
- Check for SSL certificates:
Look for "https://" in the website URL, indicating a secure connection. Additionally, check for the padlock icon in the address bar, confirming the website's SSL certificate.
- Verify social media accounts:
Before engaging with a Tangem account on social media, verify the authenticity of the accounts. Official accounts are usually verified with a checkmark, or check the links in this article.
- Educate yourself:
If you're reading this article, you're already doing a great job of staying informed. We're proud of you. You can also learn about common scam tactics and phishing techniques here. Knowledge is a powerful tool in recognizing and avoiding potential threats.
- Spotting errors:
Fraudsters sometimes don't bother to run a spell check, and if you spot typos in the email, this could be a sign that you're looking at a fake. Furthermore, the wrong colors and graphic elements might be used in the design. One example is out-of-date logos.
- Verify original website URLs:
Ensure you are on the official website by checking the URL for any misspellings or slight variations. Scammers create fake one-page websites with URLs similar to our legitimate websites. We will discuss the significant differences between fake and the authentic Tangem website.
Scammers might change a couple of letters – for example, metemask instead of metamask – or use numbers instead of letters, such as goggle instead of google. You should always pay attention to the URL in the browser address bar.
- Don't draw attention to yourself:
This is perhaps the most important thing to remember if you want to evade the attention of scammers. Don't boast openly about your successes in crypto, and don't publish your wallet addresses on forums or messenger group chats. Additionally, you should NOT share your difficulties on public chats. You might become a target for scammers offering to help you resolve your issue.
- Watch out for fake browser extensions:
Some crypto wallets use Google Chrome extensions. Fraudsters are well aware of this and publish fake extensions designed to collect seed phrases and pass them on to attackers. We once published a similar case where a Ledger wallet user lost USD 16,000 after installing a fake Ledger Secure extension.
If you find an extension for your crypto wallet in the browser extension store, don't install it immediately. First, go to the project's website and check whether an official browser extension is available. If there is, follow the link on the official site.
- Be wary of unrealistic promises:
Exercise caution when confronted with offers or schemes promising unrealistic returns. If it sounds too good to be true, it likely is. Scammers often lure victims with the promise of quick and high profits or a solution to an impossible problem — for example
- Helping you speed up your transaction in the blockchain;
- Helping you restore access to a non-custodial wallet;
- Offering to help you get your stolen funds back from thieves.
Do not give your seed phrases or passwords to anyone! Legitimate support members will never ask for this information as it grants full access to your crypto assets. If you want to switch to the seedless wallet, you'll have to transfer your funds temporarily to another wallet, reset your tangem wallet, and set it up without a seed phrase — the recommended way.
Integrating these tips into your online practices can significantly reduce the risk of falling prey to scammers and social engineering attacks.
Examples of common phishing attacks in crypto
Let's review examples of ways scammers deceive cryptocurrency users, from fake exchanges to malicious updates, highlighting the diverse methods employed to exploit unsuspecting individuals in the crypto space.
Hacked wallet phishing email
One common scammer move is sending an email on behalf of a crypto exchange or a wallet with a "notification" that a customer's data has been hacked or leaked. Victims must urgently follow a link and "update" their seed phrase to protect their funds. It goes without saying that to do this, the old seed phrase must be provided.
This is the simplest way of tricking people, with a shallow barrier to entry. Fraudsters only need to send a fake mass email and create a bogus website template. Most emails will end up in the spam folder, but given the mailing list size, some will reach the recipient.
Fake wallet generator websites
Another common phishing method is stealing the seed phrase before receiving it. Fraudsters spoof the websites of popular crypto wallets, optimize them to ensure the site appears in SERPs, launch ads, and wait for victims who want to open a wallet to visit the page.
Spotting a fake website can be tricky — counterfeits are often very similar to the original version, and each stage is meticulously copied, from registration and installation to generating a seed phrase. The only catch is that there is no real TRNG for generating seed phrases. In other words, you receive a previously generated seed phrase that belongs to the attacker. All they need to do is track any deposits of funds and make a withdrawal.
Don't go to crypto service websites directly from search engines, links on forums, or banners. If you already know the website, enter the address manually. Check the address using other sources if you haven't encountered it before. Use the WHOIS service to find out how long the domain has been registered and for what period – scammers usually try to save money by registering domains for short time frames.
Spear phishing (Targeted phishing)
This is the most dangerous kind of phishing when attackers have a specific target. It can combine all the abovementioned methods but with one key difference: the scammers research their victims before they get started.
There are many options when it comes to carrying out the attack, and it all depends on the situation, the level of perseverance of the attacker, and, most importantly, the victim's overall approach to online security. If you have been imprudent enough to publish your wallet address somewhere in the public domain and there are enough funds (this can be checked using a blockchain explorer), then there is an incentive to target you personally.
Scammers could, for example, try to hack your email or messengers, read your correspondence, and then send a personalized message on behalf of a service you use or a specific person you trust. Targeted phishing is often deployed as the initial stage of more complex attacks. The email could contain anything, from a link to a phishing website or malware. In any case, the effort put into the scam will be an order of magnitude higher and will look very believable.
A whaling attack is a specialized form of spear phishing that targets prominent individuals within an organization, such as chief executives. Its heightened danger lies in its potential to affect a broader audience than a spear phishing attack. For instance, if a CEO falls victim to it and follows the malicious link, the scammer could access the entire company network.
Clone phishing attack
A clone phishing attack occurs when a phisher replicates a legitimate email previously received by the target. The attacker substitutes the original attachment or link with a malicious one before sending it to the victim. Given that the email is identical to a previously trusted communication, the victim will often follow the link out of habit or familiarity.
In a pharming attack, a victim is redirected to a fraudulent website even if they enter the correct URL. This is possible if the DNS server is infected with malicious code, which alters the conversion of URLs into IP addresses. Therefore, victims may unknowingly land on a fake website that closely resembles the authentic site, making pharming attacks particularly challenging to detect.
Evil twin attack
An evil twin phishing attack targets public Wi-Fi networks. Attackers create a fake Wi-Fi network with the same name as a legitimate network. When victims connect, they're asked to enter their login credentials, which scammers exploit to gain unauthorized access to their accounts.
Voice phishing attack (Vishing)
Voice phishing, or vishing, involves using voice calls or voicemails instead of emails. Vishing often employs speech synthesis software to leave voicemails warning potential victims of fraudulent activity in their accounts.
SMS phishing attack (Smishing)
SMS phishing, or smishing, uses text messages instead of emails. Attackers send seemingly real company text messages to victims, encouraging them to click on a malicious link.
Phishing bots are automated computer programs that carry out phishing attacks. They can send mass phishing emails, create fake websites, and collect victims' login credentials and sensitive information. These bots are often used with other attacks, such as denial-of-service and spamming.
In an ice phishing attack, scammers send victims a fake transaction that appears to be from a real source. The transaction requires the victim to sign it with their private key. Essentially, the victim is deceived into signing a transaction that transfers ownership of their tokens to the scammer.
Malicious actors are honing their skills, and their methods to shake gullible people down are constantly changing. The only reliable defense is critical thinking. Nobody needs your seed phrase to transfer funds – all that's required is the wallet address. Always remember that your seed phrase is the key to your crypto assets.
Ultimately, you can't lose your seed phrase if you store your funds in a crypto wallet that doesn't have one. In Tangem Wallet, the private key is stored in the card's chip and isn't revealed to anybody, even the owner. With Tangem, there's no need to fear phishing tactics.