Who This Is For

Anyone who uses cryptocurrency exchanges, wallets, or DeFi platforms needs to understand phishing and fake support scams. These are among the most common ways people lose funds—affecting beginners and experienced users alike. This guide explains how these attacks work and how to defend against them.

What Is Phishing?

Phishing is when scammers impersonate legitimate websites, apps, or companies to steal your:

• Login credentials
• Seed phrases
• Private keys
• Personal information

The goal is to trick you into voluntarily handing over information that gives them access to your funds.

Key characteristic: Phishing relies on deception, not technical hacking. The scammer convinces you to give them access.

How Phishing Works in Crypto

1. Fake Websites

Scammers create websites that look identical to legitimate platforms:

Common targets:

• Wallet sites (MetaMask, Trust Wallet, Exodus)
• Exchanges (Coinbase, Binance, Kraken)
• DeFi platforms (Uniswap, Aave, PancakeSwap)
• NFT marketplaces (OpenSea)

URL tricks:

• metamask-wallet.com (real: metamask.io)
• coinbase-secure.com (real: coinbase.com)
• uníswap.org (note the accent on the 'i')
• opensea.io with zero instead of 'o' (openseα.io)

These sites look perfect—same logo, same layout, same colors. The only difference is the URL.

2. Fake Browser Extensions

Scammers create malicious browser extensions that:

• Mimic legitimate wallet extensions
• Appear in Chrome/Firefox extension stores (before being removed)
• Steal seed phrases when you "restore" your wallet
• Modify transaction addresses when you send funds

Example

You search "MetaMask extension" on Google. The top sponsored result (an ad) goes to a fake site. You download the extension. When you enter your seed phrase to "import" your wallet, the extension sends it to the scammer.

Your funds are drained within minutes.

3. Phishing Emails and Messages

You receive an email or text message:

Subject: "Security Alert: Unusual Activity on Your Account"

Message: "We've detected suspicious login attempts on your account. Click here to verify your identity and prevent your account from being locked."

The link goes to a fake website that steals your login credentials.

Common phishing email tactics:

• Urgent tone ("Act now or lose access!")
• Threat of account closure
• Claims of suspicious activity
• Request to "verify" information
• Links to fake websites

4. Social Media Phishing

Scammers impersonate companies on Twitter, Discord, Telegram, and other platforms:

• Fake verified accounts
• Usernames with tiny differences (@MetaMask_Official vs @MetaMask)
• Profile pictures and bios copied from real accounts
• Fake giveaways and promotions
• Links to phishing sites in bio or posts

The Fake Support Scam

This is a specific type of phishing that deserves special attention because it's so prevalent.

How It Works

Step 1: You post a question or complaint on social media:

"My MetaMask transaction is stuck. How do I fix this?"

"Can't connect my wallet to Uniswap. Help?"

Step 2: Within seconds, you receive direct messages:

"Hi, I'm from MetaMask support. I can help you resolve this. Please provide your 12-word recovery phrase so I can check your account."

The profile looks official:

• Uses company logo as profile picture
• Username like @MetaMaskSupport or @UniswapHelp
• Bio says "Official Support"
• May have many followers (bought fake followers)

Step 3: If you provide your seed phrase, your wallet is immediately drained.

Why People Fall For It

• Speed: Scammers respond instantly when you're frustrated and seeking help
• Appears legitimate: Official-looking profiles, professional language
• Trust: You assume the person offering help is real support
• Urgency: Scammer creates pressure ("Your account will be locked in 24 hours")
• Complexity: Technical issues make you vulnerable to "expert" help

Real Support vs. Fake Support

Let's be absolutely clear about how real customer support works:

REAL Support NEVER:

• Initiates contact via direct message
• Asks for your seed phrase or private keys
• Requests your password
• Asks for remote access to your computer
• Pressures you with urgency
• Asks you to send funds anywhere
• Requests you to validate your wallet by connecting it to a site

REAL Support ALWAYS:

• Responds through official ticket systems on the company's website
• Asks you to contact them (they don't contact you first)
• Has verified contact information on official website
• Can verify account through non-sensitive information
• Gives you time to resolve issues

Simple rule: If someone DMs you offering help, they're a scammer. No exceptions.

Common Phishing Scenarios

Scenario 1: The Airdrop Scam

Email/Tweet: "Congratulations! You're eligible for our exclusive airdrop. Connect your wallet to claim your tokens."

Reality: The website asks you to "connect wallet" and approve a transaction. This gives a malicious smart contract permission to drain your wallet.

Scenario 2: The Security Alert

Email: "Your account has been compromised. Reset your password immediately."

Reality: The link goes to a fake site that steals your login credentials when you try to "reset" your password.

Scenario 3: The NFT Mint

Discord announcement: "Surprise mint happening now! Mint at [link]"

Reality: The link goes to a fake minting site. When you connect your wallet and approve the transaction, your wallet is drained.

Scenario 4: The Wallet Migration

Email: "We're upgrading our platform. Migrate your wallet to the new version by [date]."

Reality: Legitimate platforms don't require migration via external links. The site steals your seed phrase.

Scenario 5: The KYC Verification

Message: "Due to new regulations, you must verify your identity. Upload your ID and complete wallet verification."

Reality: The scammer collects your personal information for identity theft, and the "wallet verification" steals your seed phrase.

Red Flags: How to Spot Phishing

Before clicking any link or providing information, check for these warning signs:

URL Red Flags

• Slight misspellings (coinbase.com vs coinbas.com)
• Extra words (metamask-wallet.com instead of metamask.io)
• Wrong domain extension (.net instead of .com)
• Suspicious characters (look similar but aren't the same: rn vs m)

Message Red Flags

• Unexpected contact
• Urgency and pressure
• Threats (account closure, locked funds)
• Requests for seed phrase, private keys, or password
• Generic greetings ("Dear user" instead of your name)
• Poor grammar or spelling

Website Red Flags

• No HTTPS/SSL certificate (no padlock in browser)
• Different design from what you remember
• Requests for seed phrase (never needed for legitimate sites)
• Pop-ups asking to connect wallet immediately
• Unlimited token approval requests

Protection Strategies

1. Bookmark Official Sites

Create bookmarks for all crypto sites you use:

• Go directly to official site (search carefully or use verified link)
• Bookmark it
• Only use your bookmark to access the site
• Never use Google/search engine links

2. Type URLs Manually

For important transactions, type the URL directly into your browser instead of clicking links.

3. Verify URLs Obsessively

Before entering any sensitive information:

• Check the URL character by character
• Ensure HTTPS is present
• Look for the padlock icon
• Click the padlock to verify SSL certificate

4. Use a Password Manager

Password managers:

• Store correct URLs
• Won't autofill credentials on fake sites
• Detect domain mismatches
• Prevent typing credentials on wrong sites

Recommended: Bitwarden, 1Password, LastPass

5. Enable 2FA (Not SMS)

Use app-based 2FA, not SMS:

• Google Authenticator
• Authy
• Hardware keys (YubiKey)

This makes it harder for phishers to access your accounts even if they steal your password.

6. Use a Hardware Wallet

For significant amounts, use a hardware wallet:

• Requires physical confirmation for transactions
• Displays transaction details on device screen
• Harder to phish (scammer needs physical access)

More info: Hardware Wallets: When They Make Sense

7. Create Separate Email Addresses

Use unique email addresses for:

• Exchange accounts
• Wallet registrations
• General crypto communication

This limits exposure if one email is compromised.

8. Never Enter Seed Phrases on Websites

Legitimate websites NEVER ask for your seed phrase. Not for:

• "Verification"
• "Synchronization"
• "Migration"
• "Validation"
• "Support"

If a site asks for your seed phrase, it's a scam. Period.

9. Disable Direct Messages

On Discord, Telegram, Twitter:

• Disable DMs from non-friends
• Set privacy settings to restrict unsolicited messages
• If you need to allow DMs, be extremely skeptical of everyone

10. Use a "Burner" Wallet for New Platforms

When trying new DeFi protocols or dApps:

• Create a separate wallet
• Only fund it with amounts you can afford to lose
• Never store significant funds there

This limits damage if you accidentally interact with a malicious contract.

What to Do If You've Been Phished

If you realize you've given away your seed phrase or approved a malicious transaction:

Act immediately:

1. Transfer all funds: If you still have access, immediately send all funds to a new wallet with a new seed phrase
2. Revoke approvals: Use etherscan.io (Ethereum) or equivalent to revoke all token approvals
3. Change passwords: Update passwords on all connected accounts
4. Document everything: Screenshot the phishing site, save messages, record transaction IDs
5. Report it:
   • Report the phishing site to the real company
   • Report to the platform (Google, Twitter, Discord)
   • File report with IC3.gov (FBI) or local law enforcement
   • Report to FTC: reportfraud.ftc.gov

Important: Don't expect funds to be recovered. Focus on preventing further losses.

More guidance: What to Do If You've Been Scammed

The Psychology of Phishing

Understanding why phishing works helps you resist it:

Scammers exploit:

• Urgency: "Act now or lose access!" pushes you to act without thinking
• Authority: Official-looking logos and language make you trust them
• Fear: Threats of account closure scare you into compliance
• Greed: "Exclusive airdrop" tempts you to act quickly
• Helpfulness: When you need help, you're vulnerable to fake support

Counter these by:

• Slowing down (urgency is always a red flag)
• Verifying independently (don't trust, verify)
• Questioning authority (anyone can make an official-looking profile)
• Accepting that you might miss opportunities (better safe than sorry)

Phishing Prevention Checklist

Before clicking links or entering information:

• [ ] Did I independently verify the URL is correct?
• [ ] Did I type the URL manually or use my bookmark?
• [ ] Is HTTPS present with valid certificate?
• [ ] Did I check for URL misspellings or odd characters?
• [ ] Am I being pressured to act quickly?
• [ ] Did someone contact me unsolicited?
• [ ] Is anyone asking for my seed phrase, private key, or password?
• [ ] Have I verified this is the official communication channel?

If you answered "yes" to pressure, unsolicited contact, or requests for sensitive info—STOP. It's a scam.

Key Takeaways

• Phishing and fake support are the #1 way people lose crypto
• No legitimate service ever needs your seed phrase
• Real support never initiates contact via DM
• Always verify URLs before entering information
• When in doubt, slow down and verify independently
• If something feels urgent or too good to be true, it's a scam

Remember: The scammer needs you to act. If you simply stop and verify, the scam fails.

Further Reading

• Common Crypto Scams: How to Avoid Them
• Seed Phrase Security Checklist
• Two-Factor Authentication Guide
• What to Do If You've Been Scammed