January 25, 2024

Crypto Phishing: What It Is and How to Protect Yourself

Today, the landscape of digital currency is evolving rapidly, this has led to a new era of opportunities and problems. As more people enter the digital world, the probability of being victim to crypto phishing has increased.


In this blog article, we'll explore the concept of crypto phishing, its potential effects, and how Nonbank can mitigate the risk associated with this type of threat for users.


Introduction to Crypto Phishing

Crypto phishing is a form of cryptocurrency scam that involves deceptively taking away victims' private keys or personal information. The attacker typically pretends to be a legitimate individual or entity in order to gain the trust of the victim. Once the victim has been defrauded, the attacker employs their details to steal their cryptocurrency.


Phishing schemes are becoming more popular as criminals become more advanced. Many of these intended wallets, cryptocurrency transactions and initial coin offerings. As a result, crypto users must be aware of the way they function to safeguard themselves and their finances.


* Common Crypto Phishing Tactics

A few varieties of phishing attacks are particularly frequent in the cryptocurrency world:


1. Spear Phishing Attack.

Spear phishing is a pre-planned attack that is intended for a specific individual or organization. Here, the phisher has some prior knowledge of their goal and will utilize this information to craft an email that appears legitimate. For instance, the attacker will pretend to be an email from a person or organization that is familiar to the victim. A deceitful link that is disguised as being innocent is then incorporated.


2. Whaling Attack.

A whaling attack is a particular type of spear phishing that targets prominent individuals within an organization, such as the CEO. It's particularly harmful because of its potential to have a larger impact than a typical spear phishing campaign. For example, if a CEO takes a liking of it and clicks on a harmful link, the attacker could access all the company's network.


3. Clone Phishing Attack.

This attack occurs when the phisher imitates a previous email that was sent to the target.


The attacker takes over the original attachment or link and creates a malicious one that is sent to the victim. Since the email's content is identical to one previously received by the victim, they are more inclined to click the link because of habit or familiarity.


4. Pharming Attack.

In this type of phishing, the victim is taken to a fake website, even if they follow the correct URL.


This is typically accomplished by infecting the DNS (Domain Name System) server, which is responsible for converting URLs into IP addresses, with malicious code. The code will then lead victims to the fake website of the attacker when they attempt to visit a genuine website.


Pharming attacks are particularly harmful because it is very difficult to recognize them. A victim may be able to enter the correct URL for their bank's website, but they still will land on a fake website that is similar to the real one.


5. Evil Twin Attack.

An evil twin phishing attack targets public Wi-Fi networks. Here is how attackers proceed: they will create a fake Wi-Fi network with the same name as a legitimate network. When victims connect to the network, they will be asked to enter their log-in information, which the criminals can then utilize to gain access to their accounts.


6. Voice Phishing Attack.

Also known as vishing, this form of phishing employs voice calls or voicemails instead of emails. It's typically triggered by media that is voice-based, such as voice-over IP or standard residential phone service.


In a voice phishing scheme, the attacker pretends to be a legitimate phone caller's ID, this simulates a bank's call. Vishing scammers frequently utilize speech-synthesis software to leave voicemails that warn potential victims of fraudulent behavior in their bank or credit cards.


7. SMS Phishing Attack.

SMS phishing is also known as smishing. It employs text messages instead of emails. Smishing attackers send seemingly genuine company messages to their victims. When a victim clicks on the link in the text message, they will be asked to input their log-in information, which the attacker uses to access their account.


8. DNS Hijacking.

The Domain Name System (DNS) hijacking is responsible for redirection of victims to a fake website via DNS changes to a legitimate website. To conduct the attack, a phisher alters the DNS records, which results in a different IP address being accessed. When victims attempt to visit the genuine website, they will be taken to the fake website of the attacker instead.


9. Phishing Bots.

Phishing bots are automated software applications that conduct phishing attacks. They can be employed to send large amounts of phishing emails, create fake websites, and host these sites on computers. These bots can also automatically gather victims' logins and other personal information that is sensitive.


These attacks are often combined with other attacks, such as denial-of-service attacks and spamming.


10. Fake Browser Extensions.

These extensions are malicious software applications that are designed to appear legitimate. They're frequently employed to steal vital information, like logins and credit cards. Additionally, they can direct victims to malicious websites, insert malware into their computers, or show advertising that they don't want to see.


Fake browser extensions are typically spread through deceptive emails or harmful websites. When installed, they are typically difficult to remove. The extensions are primarily designed to harvest private information like memorized phrases, private keys, and key store files.


11. Ice Phishing.

In this type of phishing, the attacker will send the victim a fake transaction that appears to be genuine. The exchange will necessitate the victim's signature with their personal key. Ultimately, the victim is defrauded into agreeing to a transaction that grants the fraudster authority over their tokens. If the victim continues, they will be unaware of the transfer of ownership of their tokens to the attacker.


12. Crypto-Malware Attack.

A crypto-malware attack is considered a form of malware that encodes the victim's files and requests a payment in order to decrypt them. It's possible to send it via phishing emails, malicious websites or fake browser extensions. Once it's installed on the victim's computer, the malware will seal their files and show the message of ransom on their screen.


Impact of Crypto Phishing

The effects of being victim to crypto phishing are severe and widespread. Beyond the immediate financial damage associated with unauthorized access to digital assets, individuals may also be vulnerable to identity theft and other types of cyber crime. Additionally, the trust and confidence in the safety of digital wallets and cryptocurrencies can be significantly damaged, this will adversely affect the overall popularity and perception of digital assets.


Best Practices for Users to Avoid Crypto Phishing

As the number of crypto phishing incidents continues to pose a threat to cryptocurrency enthusiasts, it's important for people to follow the most effective practices in order to preserve their digital assets.


Here are some suggestions on how to avoid being victim to crypto theft:


- Ensure website authenticity. Before entering any important information or details, make sure that you are interacting with the genuine website. Look for trustworthy connections (https://) and ensure the legitimacy of the website's domain in order to avoid being deceived by fake sites.


- Caution with emails. Be cautious about emails that ask for your personal or financial information. Real websites and their employees will never request personal details via email, so do not click on dubious links or share confidential information in response to these emails.


- 2FA enabled. Utilize the two-factor authentication protocol to add extra security to your account. By requiring a secondary verification method, such as a unique code that is sent to your cell phone, 2FA reduces the probability of unauthorized access.


- Keep informed. Be aware of the latest security updates and rules established by the platform you use. Regularly assess the recommended security protocols and be informed of any new phishing methods that target digital wallet users.


- Select a non-custodial wallet. Users can choose a digital wallet that lacks a custodian, such as Nonbank, which grants them full control over their private keys and finances. By avoiding the need for a third party to maintain assets, non-custodial wallets diminish the likelihood of being targeted by specific types of phishing.


How Nonbank Addresses Crypto Security

Nonbank stands out as a dependable and safe option for individuals who want to protect their digital assets from the dangers of crypto phishing. As a digital wallet that isn't custodied by a bank, Nonbank favors the security and autonomy of its users by taking stringent measures to prevent the risk of unauthorized access or fraud.


1. Non-Custodial Nature.

One of the primary characteristics of Nonbank is its lack of custodians. Unlike traditional wallets that have control over the private keys and finances of their users, Nonbank doesn't have control over the user's private assets. Instead, users are sole owners of their digital assets, which reduces the likelihood of being victimized by attacks that target centralized guardians.


2. Enhanced Security Features.

Nonbank incorporates advanced safeguard features into its platform that would allow it to resist the potential threat of crypto phishing. From AML Watchtower for monitoring user's finances and avoiding interacting with suspicious people or wallets to 2FA authentication and Face ID recognition in order to protect personal information, Nonbank employs cutting-edge technology to maintain the safety and confidentiality of data and digital assets. By prioritizing the security of every layer of its infrastructure, Nonbank gives users peace of mind and confidence in the safety of their cryptocurrency investments.



In the face of the evolving dangers of cyberspace, it's crucial to choose a secure digital wallet in order to protect one's digital assets. Nonbank's commitment to providing a trustworthy and secure digital wallet that is not custodied by the bank makes it an ideal choice for individuals who want to strengthen their security of their cryptocurrency.


By continuing to be aware of the latest information, exercise caution, and take advantage of the security features offered by Nonbank, users can actively defend themselves against the threat of crypto phishing and preserve the integrity of their digital assets.

What’s a Rich Text element?



The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

  1. sdfsfd
  2. sdfsdf
  3. sdf
  4. sdf
  • dsfsdfsdf
  • sdfsdfsdf
  • sdfsdfsdf

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.