Tangem Safety Guide: Protect Your Wallet from Phishing and Scammers

Many crypto users recognize the importance of keeping their seed phrase secret. Yet, this awareness creates an opportunity for scammers to exploit others through alternative means.

One typical tactic involves baiting unsuspecting people with the promise of a significant sum in exchange for a minor commission. Scammers are relentless in pursuing complete access to someone's crypto assets. They will keep trying to deceive users into revealing their seed phrases.


Despite popular belief, scam victims are not just older people. According to research, more fraud victims fall in the 25–45 age range than those above 50. Attackers often target the most financially anxious age group. Now, let's explore how to stay safe from scammers and their phishing attacks.

How does a classic phishing scheme work?

To help you understand how a typical phishing scam happens, we'll break it down into five stages, each representing a step in the attacker's strategy to deceive and exploit people.  

Stage 1: Setup 
In this initial stage, scammers carefully plan their phishing campaign. They set up the infrastructure, including fake websites, domains, and email addresses that closely imitate legitimate ones. The goal is to create a convincing mask that will trick unsuspecting targets.

Stage 2: Bait 
Phishers use various means to bait potential victims. They often send deceptive emails, messages, or social media posts that appear legitimate. Common tactics include urgent messages, offers, or alerts, creating a sense of urgency or excitement to encourage immediate action from the prey.

For example, an unsuspecting victim receives an email from a fake crypto wallet team, DeFi project, or crypto community – the possibilities are endless – offering to send them an amount of crypto. The figure is usually relatively high, and the email might read as follows:  
"To celebrate our launch/completion/IPO, we've decided to send $10,000 to people who register before the end of the week, so click on the link to get started."

Stage 3: Information gathering 
Once the target takes the bait, they end up on a cloned website version — the phishing site designed to capture sensitive information. This often involves tricking individuals into providing login credentials, personal details, or cryptocurrency wallet access for seed phrases.  

Attackers use convincing forms or login pages to harvest this data. If you think you can spot a fake immediately, you might be disappointed: over the years, scammers have learned to create pretty convincing bogus websites.  

Stage 4: Exploit 
With the acquired information, attackers drain the victim's wallets, steal their identity, or further the phishing campaign by targeting the victim's contacts. Depending on the scammer's goals, exploitation can be immediate or occur over an extended period.

Stage 5: Exit 
In the final stage, attackers may cover their tracks to avoid detection, erase traces of their phishing infrastructure, or disappear altogether. Sometimes, they persist in their attacks by targeting and exploiting victims or adapting their tactics for future campaigns. 
 

How are Tangem users often targeted?

Let's review some common phishing scenarios prevalent in crypto-focused communities, like the Tangem Telegram public chat and Discord server.

Fake customer support on Telegram

Ideally, our users would contact support directly via email or the official Tangem chatbot to fix a problem that cannot be solved by going to Tangem Help. Unfortunately, most users often go straight to the Tangem Telegram chat or other open discussion spaces to voice their issues or recommendations without considering the dangers involved. Scammers see these messages in the public chat and then proceed to contact the user by pretending to be a Tangem support team member. 

Protect Your Wallet from Phishing and Scammers.png
Phishing message example in Telegram

They offer to fix the problem and send the user to a phishing website that looks exactly like the official Tangem website. The catch is the Get Tangem button is replaced with Connect Wallet

People using Tangem as a seedless wallet might be immune to this type of phishing attack, but those using seed phrases are common prey and could become victims.

Here are a few things to note:

  • Tangem representatives or support team members will never DM you first on any platform. 
     
  • Always contact support directly instead of leaving a public message or comment. 
     
  • Do not follow suspicious links or connect your wallet to any suspicious DeFi platform.

Fake Discord tech support server

There are a lot of scammers hiding in our Discord chat, and here's how they operate. A new user joins the chat and says, “I'm new here; I have a question about adding a token to my Tangem Wallet.” 
The scammer mentions the new user with a message like this:

"Hello, if you want to open a tech support claim, please fill it out here #techsupport."

Fake Discord tech support server.png

However, the #techsupport link (scam link) leads to a private Discord channel, not the official Tangem Discord! They often offer to help the user resolve an issue in an "OPEN SUPPORT TICKET."

Once again, we will never ask you to join another server. If you see such messages, ignore them and report the scammer immediately. Please be aware that you can only open a claim through the Tangem website and the official links.

Tangem official channels

Tangem communicates exclusively through official channels such as our website, social media platforms, customer support bots, etc. Scammers often attempt to exploit users by creating deceptive channels that mimic official Tangem ones. To ensure the authenticity of communication, please verify that you are on a legitimate Tangem account or website.

X (Twitter) https://twitter.com/Tangem 
 


Telegram https://t.me/tangem

Official Telegram chat: https://t.me/tangem_chat

In German: https://t.me/tangem_chat_de 

Tangem support bot: https://t.me/Tangem_Support_bot
 



Discord   https://discord.gg/tangem  

Instagram https://instagram.com/tangemwallet 
 

Facebook https://facebook.com/Tangemwallet/ 
 

LinkedIn https://www.linkedin.com/company/tangem 
 

YouTube https://www.youtube.com/@tangem_official  

Reddit https://www.reddit.com/r/Tangem/ 
 

Official website: https://tangem.com 

Community manager: https://t.me/anajacobsontangem

Do not share sensitive information or engage in transactions with users pretending to be the Tangem support team. By adhering to these precautions and staying vigilant, you can significantly reduce the risk of falling victim to scams and protect your assets.

Differences between the authentic vs. fake Tangem website 

These are general characteristics we noticed between counterfeit and authentic Tangem websites. You should always be cautious when verifying the authenticity of any crypto-related website. Below is a table highlighting several differences between a genuine website and a phishing website:

FeatureAuthentic Tangem  WebsitePhishing Website
URLMatches the official domain preciselyMay have misspellings or variations in the URL
SSL CertificateDisplays "https://" and a padlock for secure connectionMay lack SSL security indicators
Contact InformationProvides accurate and verifiable contact detailsMay have missing or fake contact information
Design and BrandingConsistent with the official brand and designOften has poor design, inconsistencies, or errors
Requests for InfoDoes not ask for sensitive information Requests for seed phrases
Grammar and SpellingGenerally free of errors in grammar and spellingContains glaring grammar and spelling mistakes
Pop-Up WindowsLimited or relevant pop-ups for user assistanceFrequent, irrelevant pop-ups or alerts
Domain ageEstablished and has a longer domain ageMay have a recently registered or suspicious domain age
Social media PresenceVerified accounts with a checkmark on social mediaFake or unverified accounts on social media
Security IconsDisplays security icons and logos prominentlyLacks recognizable security logos and indicators



 

10 concrete tips to safeguard against phishing and social engineering scams in crypto

To help you safeguard against potential threats, here are ten essential tips to avoid falling prey to scammers and phishing attacks.

  1. Avoid using seed phrases:  
    We like to think that Tangem Wallet is unique because it allows users to create a wallet without a seed phrase. Seed phrases are an apparent liability that scammers often seek to exploit. By offering to help you solve transaction issues, they usually ask you to provide your seedphrase. 
     
  2. Avoid unsolicited emails: 
    Do not click on links or download attachments from unsolicited emails. Legitimate crypto platforms will not ask for sensitive information via email. Always check that the email you receive is from an official tangem email account. If you're in doubt, contact our support team ASAP. 
     
  3. Check for SSL certificates: 
    Look for "https://" in the website URL, indicating a secure connection. Additionally, check for the padlock icon in the address bar, confirming the website's SSL certificate. 
     
  4. Verify social media accounts: 
    Before engaging with a Tangem account on social media, verify the authenticity of the accounts. Official accounts are usually verified with a checkmark, or check the links in this article. 
     
  5. Educate yourself:  
    If you're reading this article, you're already doing a great job of staying informed. We're proud of you. You can also learn about common scam tactics and phishing techniques here. Knowledge is a powerful tool in recognizing and avoiding potential threats. 
     
  6. Spotting errors:  
    Fraudsters sometimes don't bother to run a spell check, and if you spot typos in the email, this could be a sign that you're looking at a fake. Furthermore, the wrong colors and graphic elements might be used in the design. One example is out-of-date logos. 
     
  7. Verify original website URLs: 
    Ensure you are on the official website by checking the URL for any misspellings or slight variations. Scammers create fake one-page websites with URLs similar to our legitimate websites. We will discuss the significant differences between fake and the authentic Tangem website.  

    Scammers might change a couple of letters – for example, metemask instead of metamask – or use numbers instead of letters, such as goggle instead of google. You should always pay attention to the URL in the browser address bar. 
     
  8. Don't draw attention to yourself: 
    This is perhaps the most important thing to remember if you want to evade the attention of scammers. Don't boast openly about your successes in crypto, and don't publish your wallet addresses on forums or messenger group chats. Additionally, you should NOT share your difficulties on public chats. You might become a target for scammers offering to help you resolve your issue. 
     
  9. Watch out for fake browser extensions: 
    Some crypto wallets use Google Chrome extensions. Fraudsters are well aware of this and publish fake extensions designed to collect seed phrases and pass them on to attackers. We once published a similar case where a Ledger wallet user lost USD 16,000 after installing a fake Ledger Secure extension. 

    If you find an extension for your crypto wallet in the browser extension store, don't install it immediately. First, go to the project's website and check whether an official browser extension is available. If there is, follow the link on the official site. 
     
  10. Be wary of unrealistic promises: 
    Exercise caution when confronted with offers or schemes promising unrealistic returns. If it sounds too good to be true, it likely is. Scammers often lure victims with the promise of quick and high profits or a solution to an impossible problem — for example
  • Helping you speed up your transaction in the blockchain;
  • Helping you restore access to a non-custodial wallet;
  • Offering to help you get your stolen funds back from thieves.

Do not give your seed phrases or passwords to anyone! Legitimate support members will never ask for this information as it grants full access to your crypto assets. If you want to switch to the seedless wallet, you'll have to transfer your funds temporarily to another wallet, reset your tangem wallet, and set it up without a seed phrase — the recommended way.

Integrating these tips into your online practices can significantly reduce the risk of falling prey to scammers and social engineering attacks. 

Examples of common phishing attacks in crypto

Let's review examples of ways scammers deceive cryptocurrency users, from fake exchanges to malicious updates, highlighting the diverse methods employed to exploit unsuspecting individuals in the crypto space.

Hacked wallet phishing email

One common scammer move is sending an email on behalf of a crypto exchange or a wallet with a "notification" that a customer's data has been hacked or leaked. Victims must urgently follow a link and "update" their seed phrase to protect their funds. It goes without saying that to do this, the old seed phrase must be provided. 
 

image4.jpg

This is the simplest way of tricking people, with a shallow barrier to entry. Fraudsters only need to send a fake mass email and create a bogus website template. Most emails will end up in the spam folder, but given the mailing list size, some will reach the recipient.

Fake wallet generator websites

Another common phishing method is stealing the seed phrase before receiving it. Fraudsters spoof the websites of popular crypto wallets, optimize them to ensure the site appears in SERPs, launch ads, and wait for victims who want to open a wallet to visit the page.

Tangem Safety Guide.png
Fake wallet generator site

Spotting a fake website can be tricky — counterfeits are often very similar to the original version, and each stage is meticulously copied, from registration and installation to generating a seed phrase. The only catch is that there is no real TRNG for generating seed phrases. In other words, you receive a previously generated seed phrase that belongs to the attacker. All they need to do is track any deposits of funds and make a withdrawal.

Don't go to crypto service websites directly from search engines, links on forums, or banners. If you already know the website, enter the address manually. Check the address using other sources if you haven't encountered it before. Use the WHOIS service to find out how long the domain has been registered and for what period – scammers usually try to save money by registering domains for short time frames. 

Spear phishing (Targeted phishing)

This is the most dangerous kind of phishing when attackers have a specific target. It can combine all the abovementioned methods but with one key difference: the scammers research their victims before they get started.

There are many options when it comes to carrying out the attack, and it all depends on the situation, the level of perseverance of the attacker, and, most importantly, the victim's overall approach to online security. If your wallet address is somewhere in the public domain and there are enough funds (this can be checked using a blockchain explorer), then there is an incentive to target you personally.

Scammers could, for example, try to hack your email or messengers, read your correspondence, and then send a personalized message on behalf of a service you use or a specific person you trust. Targeted phishing is often deployed as the initial stage of more complex attacks. The email could contain anything, from a link to a phishing website or malware. In any case, the effort put into the scam will be an order of magnitude higher and will look very believable.

Whaling attack

A whaling attack is a specialized form of spear phishing that targets prominent individuals within an organization, such as chief executives. Its heightened danger lies in its potential to affect a broader audience than a spear phishing attack. For instance, if a CEO falls victim to it and follows the malicious link, the scammer could access the entire company network.

Clone phishing attack

A clone phishing attack occurs when a phisher replicates a legitimate email previously received by the target. The attacker substitutes the original attachment or link with a malicious one before sending it to the victim. Given that the email is identical to a previously trusted communication, the victim will often follow the link out of habit or familiarity.

Pharming attack

In a pharming attack, a victim is redirected to a fraudulent website even if they enter the correct URL. This is possible if the DNS server is infected with malicious code, which alters the conversion of URLs into IP addresses. Therefore, victims may unknowingly land on a fake website that closely resembles the authentic site, making pharming attacks particularly challenging to detect.

Evil twin attack

An evil twin phishing attack targets public Wi-Fi networks. Attackers create a fake Wi-Fi network with the same name as a legitimate network. When victims connect, they're asked to enter their login credentials, which scammers exploit to gain unauthorized access to their accounts.

Voice phishing attack (Vishing)

Voice phishing, or vishing, involves using voice calls or voicemails instead of emails. Vishing often employs speech synthesis software to leave voicemails warning potential victims of fraudulent activity in their accounts.

SMS phishing attack (Smishing)

SMS phishing, or smishing, uses text messages instead of emails. Attackers send seemingly real company text messages to victims, encouraging them to click on a malicious link.

Phishing bots

Phishing bots are automated computer programs that carry out phishing attacks. They can send mass phishing emails, create fake websites, and collect victims' login credentials and sensitive information. These bots are often used with other attacks, such as denial-of-service and spamming.

Ice phishing

In an ice phishing attack, scammers send victims a fake transaction that appears to be from a real source. The transaction requires the victim to sign it with their private key. Essentially, the victim is deceived into signing a transaction that transfers ownership of their tokens to the scammer.
 

Hey there!

We have a vibrant English-speaking community on Telegram and Discord. We think you would fit right in and would love it if you joined us.

 

Conclusion

Malicious actors are honing their skills, and their methods to shake gullible people down are constantly changing. The only reliable defense is critical thinking. Nobody needs your seed phrase to transfer funds – all that's required is the wallet address. Always remember that your seed phrase is the key to your crypto assets.  
Ultimately, you can't lose your seed phrase if you store your funds in a crypto wallet that doesn't have one. In Tangem Wallet, the private key is stored in the card's chip and isn't revealed to anybody, even the owner. With Tangem, there's no need to fear phishing tactics.