0%

What you need to know about SMS phishing attacks

2021년 8월 27일 5 분 읽기
뉴스 기사 배너 이미지

If you believe you’ve received an SMS phishing attack, take these first three steps:

  1. Do not click the link!

  2. Copy the message and send it to 7726 (SPAM), a short-code service established by US-based cell phone carriers to help them detect and block malicious messages on their network

  3. Take a screenshot of the message and send it to [email protected]

What is SMS phishing?

Phishing is a type of online attack in which a cybercriminal impersonates a legitimate entity or authority and attempts to deceive their target into clicking on a malicious link or attachment. This can enable hackers to steal their victim’s sensitive information or infect their device with malicious software.

You may already privy to email-based phishing attacks, in which the attacker delivers a phishing message via email. However, in recent years, attackers have adopted a new type of delivery method — SMS, otherwise known as text messages.

SMS phishing, also known as “smishing”, is a type of phishing attack in which an attacker will spam malicious messages and links to hundreds or even thousands of cell phone numbers to deceive the recipients into taking some action that is against their best interest.

For crypto holders, the intent is to gain access to the recipient’s crypto wallet or account so that they can steal their funds. SMS phishing is largely problematic in crypto for two reasons:

  1. Cybercriminals have an ever-growing incentive to steal crypto assets due to their unprecedented growth in monetary value, and

  2. Crypto asset transactions are irreversible once the transaction has been confirmed and written onto the blockchain ledger.

If you’re invested in crypto, or even considering it, we strongly encourage you to take the time to understand how to identify this common threat and what to do if you receive one of these messages.

How to identify SMS phishing

Phishing messages can be easily detected 99.9% of the time by completing three simple checks. Let’s use the Coinbase SMS phishing message below as an example for this lesson:

  1. The Sending Number. One of the first things to check is the phone number from where the message was sent. By doing a quick Google search, you will find that this phone number is likely associated with a scam — your first red flag.

  2. The Message. Grammar mistakes are often a red flag indicating the message is likely a scam. If there are no grammar issues, check the intent of the message. Phishing messages will often attempt to tap into your emotions by either creating fear or excitement. If you receive a message that is emotionally triggering, either good or bad, it may be a phishing message and should be a red flag.

  3. The Link. Lastly, always be sure to examine the link. Plain and simple, if the link does not contain the domain Coinbase.com, it is phishing.

What to do if you receive an SMS phishing message

Now that you’ve got the tools to detect SMS phishing messages, the question remains — what should you do if you receive an SMS phishing message?

Luckily, the right response to protect yourself is easy: Do not click the link!

You can also copy the message and send it to 7726 (SPAM). 7726 is a short-code service established by US-based cell phone carriers like AT&T, Verizon, Sprint, or T-Mobile. By sending a copy of the SMS phish to 7726, you can help mobile carriers detect and block malicious messages on their network.

Lastly, take a screenshot of the message and send it to [email protected]. You’ll be enabling our Security team to investigate the phishing link and submit abuse reports to organizations that can help have the phishing site taken down.

As cryptocurrency grows in popularity, cybercriminals will continue to innovate and attempt to discover new ways to gain access to your investments. Coinbase Security continues to keep our customers abreast of new threats as they arise. However, it is also imperative that you take the security of your account into your own hands. If you’d like to learn more about account security best practices, review our guide on how to keep your crypto secure.

Additional examples of SMS phishing

  • The phone number is largely unknown according to Google

  • The message has a grammar issue and is trying to invoke a fear response of unauthorized account access

  • The link is not Coinbase.com. The domain in this link is what’s known as an Internationalized Domain Name (IDN). Take note of the special character accent on the “b”. Attackers will often use IDNs in phishing attacks since the letters can so closely resemble the word Coinbase.

  • The phone number is abnormally long and suspicious

  • The message has many grammar issues and is trying to invoke excitement by indicating receipt of 21 BTC

  • The link is not Coinbase.com

  • The phone number is largely unknown according to Google

  • The message is trying to invoke excitement by indicating receipt of 0.59 BTC

  • The link is not Coinbase.com (notice the link actually goes to the domain ssl-coinbase[.]com)

was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

인기 뉴스

How to Set Up and Use Trust Wallet for Binance Smart Chain
#Bitcoin#Bitcoins#Config+2 더 많은 태그

How to Set Up and Use Trust Wallet for Binance Smart Chain

Your Essential Guide To Binance Leveraged Tokens

Your Essential Guide To Binance Leveraged Tokens

How to Sell Your Bitcoin Into Cash on Binance (2021 Update)
#Subscriptions

How to Sell Your Bitcoin Into Cash on Binance (2021 Update)

What is Grid Trading? (A Crypto-Futures Guide)

What is Grid Trading? (A Crypto-Futures Guide)

Cryptohopper에서 무료로 거래를 시작하세요!

무료 사용 - 신용카드 필요 없음

시작하기
Cryptohopper appCryptohopper app

면책 조항: Cryptohopper는 규제 기관이 아닙니다. 암호화폐 봇 거래에는 상당한 위험이 수반되며 과거 실적이 미래 결과를 보장하지 않습니다. 제품 스크린샷에 표시된 수익은 설명용이며 과장된 것일 수 있습니다. 봇 거래는 충분한 지식이 있거나 자격을 갖춘 재무 고문의 조언을 구한 경우에만 참여하세요. Cryptohopper는 어떠한 경우에도 (a) 당사 소프트웨어와 관련된 거래로 인해, 그로 인해 또는 이와 관련하여 발생하는 손실 또는 손해의 전부 또는 일부 또는 (b) 직접, 간접, 특별, 결과적 또는 부수적 손해에 대해 개인 또는 단체에 대한 어떠한 책임도 지지 않습니다. Cryptohopper 소셜 트레이딩 플랫폼에서 제공되는 콘텐츠는 Cryptohopper 커뮤니티 회원이 생성한 것이며 Cryptohopper 또는 그것을 대신한 조언이나 추천으로 구성되지 않는다는 점에 유의하시기 바랍니다. 마켓플레이스에 표시된 수익은 향후 결과를 나타내지 않습니다. Cryptohopper의 서비스를 사용함으로써 귀하는 암호화폐 거래와 관련된 내재적 위험을 인정하고 수락하며 발생하는 모든 책임이나 손실로부터 Cryptohopper를 면책하는 데 동의합니다. 당사의 소프트웨어를 사용하거나 거래 활동에 참여하기 전에 당사의 서비스 약관 및 위험 공개 정책을 검토하고 이해하는 것이 필수적입니다. 특정 상황에 따른 맞춤형 조언은 법률 및 재무 전문가와 상담하시기 바랍니다.

©2017 - 2024 저작권: Cryptohopper™ - 판권 소유.