The cryptocurrency ecosystem is saturated with many different scams, in which predatory individuals attempt to gain access to the wallets of unsuspecting or novice cryptocurrency investors. Of all of the different scams used by scammers to separate investors from their currency, phishing scams are the most common and effective.
Identifying phishing attempts in the cryptocurrency ecosystem has recently been made more difficult due to the prevalence of paid Google ads that show up in the browsers of targeted demographics. Recently, a phishing site that mimics popular cryptocurrency trading platform ShapeShift has been spotted in the wild, attempting to fool users of the platform into logging into the fraudulent imitation.
It’s relatively easy to spot the fraudulent nature of the ShapeShift phishing site, but it’s possible that unaware users or novice investors may be fooled into using the fake platform. Bookmarking the platforms you use to trade cryptocurrency on a regular basis is the best way to avoid getting phished, as typing in addresses manually presents the risk of navigating to a typo of the platform name, which are commonly used to redirect users to phishing sites.
It’s also important to remain aware of the fact that the first results in many Google searches are paid ad results. This is the case with the ShapeShift fishing site, which uses paid ads to place itself above the real ShapeShift site in search engine results.
This latest attempt is not the first time that phishing scams have targeted cryptocurrency investors. The new ShapeShift phishing scam aims to redirect users to ShapeShifth.io, not ShapeShift.io. This small difference is easy to overlook, especially for users that rely on search engines to provide them with the results they’re looking for.
The ShapeShifth.io phishing site looks and feels exactly like the real ShapeShift.io site but using it will inevitably result in the contents of your wallet being drained. It’s virtually impossible to tell the difference between the fraudulent phishing site and the real one, and similarly impossible to determine how long the fake ShapeShifth.io site has been operating.
Cryptocurrency investors are targeted on a regular basis by criminals, partly due to the untraceable nature of stolen crypto, and partly due to the high price appreciation of the top cryptocurrencies. Phishing sites are the most commonly used technique to target crypto investors. The security-centric nature of cryptocurrency would lead most to assume that crypto investors would be unlikely to fall for such scams, but they are far more successful in reality than most investors realize.
Overall, exchanges are the most prominent target for phishing scams, and are frequently targeted by cybercriminals. Used by investors from around the world, cryptocurrency exchanges present criminals with a wide pool of individuals to cast a net over. It’s not currently clear whether any investors have lost currency due to the ShapeShift phishing site, but it’s apparent that Google needs to implement a proactive policy to prevent these phishing scams from gaining a foothold in results in future.