Many crypto users recognize the importance of keeping their seed phrase secret. Yet, this awareness creates an opportunity for scammers to exploit others through alternative means. One typical tactic involves baiting unsuspecting people with the promise of a significant sum in exchange for a minor commission. Scammers are relentless in pursuing complete access to someone's crypto assets. They will continue attempting to deceive users into revealing their seed phrases.
How does a classic phishing scheme work?
To help you understand how a typical phishing scam happens, we'll break it down into five stages, each representing a step in the attacker's strategy to deceive and exploit people.
Stage 1: Setup
In this initial stage, scammers carefully plan their phishing campaign. They set up the infrastructure, including fake websites, domains, and email addresses that closely imitate legitimate ones. The goal is to create a convincing mask that will trick unsuspecting targets.
Stage 2: Bait
Phishers use various means to bait potential victims. They often send deceptive emails, messages, or social media posts that appear legitimate. Common tactics include urgent messages, offers, or alerts, creating a sense of urgency or excitement to encourage immediate action from the prey.
For example, an unsuspecting victim receives an email from a fake crypto wallet team, DeFi project, or crypto community – the possibilities are endless – offering to send them an amount of crypto. The figure is usually relatively high, and the email might read as follows:
"To celebrate our launch/completion/IPO, we've decided to send $10,000 to people who register before the end of the week, so click on the link to get started."
Stage 3: Information gathering
Once the target takes the bait, they end up on a cloned website version — the phishing site designed to capture sensitive information. This often involves tricking individuals into providing login credentials, personal details, or cryptocurrency wallet access for seed phrases.
Attackers use convincing forms or login pages to harvest this data. If you think you can spot a fake immediately, you might be disappointed: over the years, scammers have learned to create pretty convincing bogus websites.
Stage 4: Exploit
With the acquired information, attackers drain the victim's wallets, steal their identity, or further the phishing campaign by targeting the victim's contacts. Exploitation can be immediate or occur over an extended period, depending on the scammer's goals.
Stage 5: Exit
In the final stage, attackers may cover their tracks to avoid detection, erase traces of their phishing infrastructure, or disappear altogether. Sometimes, they persist in their attacks by targeting and exploiting victims or adapting their tactics for future campaigns.
How are Tangem users often targeted?
Let's review some common phishing scenarios prevalent in crypto-focused communities, like the Tangem Telegram public chat and Discord server.
Fake customer support on Telegram
Ideally, our users would contact support directly via email or the official Tangem chatbot to fix a problem that cannot be solved by going to Tangem Help. Unfortunately, most users often go straight to the Tangem Telegram chat or other open discussion spaces to voice their issues or recommendations without considering the dangers involved. Scammers see these messages in the public chat and then proceed to contact the user by pretending to be a Tangem support team member.
Phishing message example in Telegram
They offer to fix the problem and send the user to a phishing website that looks exactly like the official Tangem website. The catch is the Get Tangem button is replaced with Connect Wallet. People using Tangem as a seedless wallet might be immune to this type of phishing attack, but those using seed phrases are common prey and could become victims.
Here are a few things to note:
- Tangem representatives or support team members will never DM you first on any platform.
- Always contact support directly instead of leaving a public message or comment.
- Do not follow suspicious links or connect your wallet to any suspicious DeFi platform.
Fake Discord tech support server
There are a lot of scammers hiding in our Discord chat, and here's how they operate. A new user joins the chat and says, “I'm new here; I have a question about adding a token to my Tangem Wallet.”
The scammer mentions the new user with a message like this:
"Hello, if you want to open a tech support claim, please fill it out here #techsupport."
However, the #techsupport link (scam link) leads to a private Discord channel, not the official Tangem Discord! They often offer to help the user resolve an issue in an "OPEN SUPPORT TICKET."
Once again, we will never ask you to join another server. If you see such messages, ignore them and report the scammer immediately. Please be aware that you can only open a claim through the Tangem website and the official links.