The Growing Risk of Phishing Attacks On Your Cryptocurrency Wallet

DMARC, SPF

According to CoinMall, there are 4 ways that you could lose your cryptocurrency to phishing: email phishing, ads phishing, chat phishing, and unconventional methods (SMS phishing and targeted social engineering attacks). All of these phishing methods involve an attempt to trick you into entering your sensitive data into a malicious website.

Mass email phishing and chat phishing typically use fear and uncertainty with a call to action that links to the malicious website. Ads phishing attempts to get you to click the malicious link through an ad.

If you don’t want to fall for phishing attacks, there are a few things that you should know.

1. Not all email phishing attempts are created equal.

CoinMall’s post discusses a mass email phishing attack in which a one-size-fits-all message is blasted to all users. While this type of attack can be dangerous, there are other more dangerous types of email phishing attacks. Spear phishing, for example, occurs when an email message is targeted to specific individuals and often appears to come from someone that the target knows.

The classic CEO scam is an example of a spear phishing attack and is a highly effective form of phishing. Outside of email authentication protocols (discussed further below) or actually calling the sender, there is no way to verify the email came from the sender.

2. You can verify the authenticity of emails you receive using free tools.

Another important detail when identifying phishing emails, as mentioned in CoinMall’s post, is the “from” field. There are email authentication protocols (SPF, DKIM, and DMARC) that can be used to verify that the “sender” actually sent the email.

CoinMall claims that “most phishers are unable to spoof the actual domain name of the service they’re using to phish with.” In the example the post offers with coinbase.com, that’s accurate.

Coinbase.com has a valid SPF record and has implemented a DMARC policy of “reject” for 100% of emails sent from its domain. Therefore, if any email claims to be from “coinbase.com” but doesn’t pass authentication, it will not be delivered to inboxes. DMARC allows companies to lock down their domains and monitor who is sending emails from the domains.

However, 97% of Fortune 500 companies do not use DMARC. If the big companies struggle to implement DMARC, imagine how other companies are doing with this. A great example of this is coinmall.com. Despite CoinMall’s article warning of the dangers of phishing, CoinMall hasn’t implemented any email security protocols. Without a DMARC “reject” policy, phishers can (and often do) “spoof the actual domain name of the service they’re using to phish with.

The good news is that you can check whether a domain has a valid SPF record, whether it’s using DMARC, or both. If the domain has valid SPF and DKIM, and a DMARC “reject” policy, then that email is very likely safe. If not, it might be a phishing attempt. Unfortunately, there’s no way to verify an email from an unsecured domain with these protocols.

3. The companies you rely on to protect your sensitive information should be protecting your inbox by protecting their outbox.

It’s the responsibility of the company that owns the domain to ensure its domain cannot be used to phish customers or employees. SPF, DKIM, and DMARC have been available for decades to help secure domains against sophisticated phishing attacks. However, as noted, the majority of companies have not properly implemented these security measures.

So why are companies not widely implementing these protocols? The reason is that they can be extremely tricky to get right. If implemented incorrectly, they can interrupt the entire email flow for a domain. However, the growing threat of email phishing makes the implementation of these policies even more imperative. The damage from phishing attacks is incredibly high. The FBI reported billions of dollars  in losses from phishing attacks in 2016.

There’s no excuse for leaving customers exposed to these types of attacks. Since SPF, DKIM, and DMARC are all open protocols, any company can implement them on its own. In addition, Fraudmarc provides free DMARC reports and can help set up and maintain accurate policies.

4. You can increase your security by knowing more about how security works.

By knowing about these protocols, you can protect yourself against email phishing attacks and social engineering attacks. Always check the security of a domain when dealing with email. When possible, select companies that implement security measures to protect their outboxes.

These are free and open protocols that any company that sends email can implement. With Fraudmarc providing free DMARC reports and support for set up and maintenance, there’s no reason not use these protocols. Every domain should be secured with SPF, DKIM, and DMARC.

Unprotected companies are demonstrating a disregard for your sensitive data. Ask yourself—is that the type of company that deserves your business?

Fraudmarc can help

Fraudmarc’s intuitive tools lets you manage and monitor a variety of authorized senders and DKIM selectors and provides free DMARC reports. Since Fraudmarc also uses SPF Compression℠, the number of DNS lookups needed to authenticate all of your authorized senders is minimized.

Menu