Crypto Phishing Playbook: Common Tricks and How to Avoid Them
A field guide to common crypto phishing tactics, from fake airdrops and support messages to malicious wallet approvals.
Crypto phishing is not only a fake login page. It can be a fake support agent, a cloned airdrop, a wallet popup, a malicious browser extension, a search ad, or a direct message pretending to help. The goal is usually the same: make the user reveal a secret, sign a dangerous message, or approve token movement.
Why this matters
Crypto users are attractive targets because transactions can settle quickly and support teams usually cannot reverse self-custody mistakes. Attackers know this, so they focus on urgency, confusion, and trust. Recognizing the pattern is often more important than recognizing a specific scam name.
How to use this guide
Read this as a practical operating checklist, not as a one-time definition. The goal is to build a repeatable habit that still works when you are tired, in a hurry, or dealing with an unfamiliar wallet, exchange, network, or protocol.
Before taking action, write down the exact asset, network, website, wallet, or account involved. Then write down what you expect to happen. If the wallet prompt, platform screen, or transaction result does not match that expectation, stop and investigate before continuing.
Practical checks
Recovery phrase requests
Any request for a seed phrase, private key, or backup words should be treated as hostile. Legitimate support does not need those secrets.
Use this check as a stop/go point rather than a formality. If the answer is unclear, pause the action, verify from an official source, and only continue when the route, permission, or responsibility is easy to explain in plain language.
Unexpected rewards
Airdrops, bonuses, and refunds can be used to push users into connecting wallets or signing permissions. Verify through official channels before interacting.
Use this check as a stop/go point rather than a formality. If the answer is unclear, pause the action, verify from an official source, and only continue when the route, permission, or responsibility is easy to explain in plain language.
Fake support urgency
Scammers often claim an account will be closed, funds will be lost, or verification must happen immediately. Real support processes should not require secret disclosure.
Use this check as a stop/go point rather than a formality. If the answer is unclear, pause the action, verify from an official source, and only continue when the route, permission, or responsibility is easy to explain in plain language.
Wallet prompt mismatch
If a website promises one harmless action but the wallet prompt asks for broad approval or message signing, stop and investigate.
Use this check as a stop/go point rather than a formality. If the answer is unclear, pause the action, verify from an official source, and only continue when the route, permission, or responsibility is easy to explain in plain language.
Common mistakes to avoid
Trusting direct messages
Scammers impersonate admins, founders, moderators, and support teams. Most legitimate teams will not initiate sensitive support through DMs.
The safer alternative is to slow the process down and reduce the blast radius. Small tests, separated wallets, written notes, and independent verification usually cost less time than trying to recover from a preventable mistake.
Installing random extensions
A malicious extension can read pages, inject prompts, or redirect users. Keep wallet browsers minimal.
The safer alternative is to slow the process down and reduce the blast radius. Small tests, separated wallets, written notes, and independent verification usually cost less time than trying to recover from a preventable mistake.
Signing messages without reading
Some signatures can authorize account actions. Treat signatures with the same seriousness as transactions.
The safer alternative is to slow the process down and reduce the blast radius. Small tests, separated wallets, written notes, and independent verification usually cost less time than trying to recover from a preventable mistake.
A safer workflow
- Slow down the moment money is involved: Urgency is part of the attack. A short pause can break the emotional script.
- Verify from a second channel: Open official docs or a saved bookmark rather than following the link that triggered the request.
- Use a low-risk wallet for unknown sites: A separate wallet with limited funds can reduce damage while testing unfamiliar apps.
Verification habits
Keep a short private note for important crypto actions. Include the official URL used, the network selected, transaction hashes, support ticket numbers, and any unusual prompt you saw. Do not store seed phrases, private keys, or passwords in these notes.
Revisit the process periodically. Crypto tools change quickly: exchanges add networks, wallets update signing screens, protocols change contract addresses, and scammers copy new designs. A checklist that was correct last year can still need a fresh source check today.
Final takeaway
Phishing defense is mostly process. Keep secrets offline, distrust urgency, verify domains, and read wallet prompts before signing.
This guide is for educational purposes only. Rules, products, and blockchain tools can change, so always verify details from official sources before acting.