Hook, Line and Sinker: How to Avoid Bitcoin Phishing Scams

As bitcoin becomes more popular and attracts mainstream users, scammers are resorting to tried-and-tested tricks like phishing emails and imitation websites to steal your funds.

Follow these tips to keep yours safe.

1) Don’t be greedy

Phishing emails targeted at bitcoin users have so far come in a variety of flavours, the most blatant of which involves a person ostensibly sending you their wallet backup file and private key and asking you to send their bitcoin to another wallet address.

The bait here is that you’ll take the money and run. But as Imgur user GreenFox detailed in January, the wallet file actually contains an executable program (.exe) disguised as a text file, that will make off with your coins should you accidentally install it.

In short, don't let your greed get the better of you.

2) Don't click links in unsolicited emails

This applies to any of the more popular bitcoin services. At their most effective, phishing emails imitate the branding, language and function of emails from well-known and trusted companies.

In the case of Blockchain fakes, the phishing emails have included everything from supposed failed transaction notifications to unauthorized login attempts.

Instead of appealing to your greed, these types of emails co-opt your concerns about security. And rather than downloading malicious software, these emails will more likely ask you to visit a website to enter your password, but both are possible.

There are two things you can do to double check that an email is legitimate.

Firstly, look at the actual email address (not the screenname) that the email has come from. If it isn’t from precisely the website it claims to be from, that’s a big red warning flag.

Secondly, don’t blindly click web addresses. Hover over the link with your cursor and the web browser will show you the real URL in the bottom left hand corner of your screen on the 'status bar'. Note that, in some browsers, Safari, for example, this grey strip may be hidden. Go to View > Show Status Bar to reveal it.

However, as DeathAndTaxes suggests on BitcoinTalk, “A good rule of thumb is to simply never click on links in emails for site which may be important.”

3) Beware Google adverts

Not a phishing email exactly, but the use of fake Google adverts to direct people away from legitimate bitcoin services towards fake imitation sites has been a recent concern of the bitcoin community.

The scammers simply buy an advert on Google AdWords that claims to be for Blockchain or BTC-e, two sites affected by such scams, but actually directs to a replica website. The scammers can then steal people’s private information when they attempt to sign in or register on the fake website.

Firstly, if you spot a fake advert, report it immediately to Google. The longer fake adverts stay up, the more likely it is someone will fall prey to them. You can report a specific advert here and you can report a scam website here.

Secondly, as a general rule, check a website’s URL in the browser before inputting any data. As user @juanjblog pointed out in a recent tweet, it’s pretty hard to see that the recent fake Blockchain.info site pictured above isn’t the real deal.

Stay vigilant

Hopefully, after reading the above, you are now a little less likely to have your bitcoin stolen.

However, keeping your bitcoin secure requires constant vigilance and a bit more effort than simply not clicking links on emails or dodgy ads. Try starting with CoinDesk's primer on paper wallets, one of the most secure ways of safely storing bitcoin.

If you must keep coins online, two-factor authorisation and multi-signature wallets are far more secure than those with a single password.

Fisherman image via Shutterstock