How to Protect Yourself Against Phishing Scams
Phishing is a form of social engineering that attempts to steal sensitive information. An attacker’s goal is to compromise systems to obtain usernames, passwords, and other account and/or financial data.
To keep your crypto assets and personal details safe, we ask you to read the following guide prepared by our fraud security expert and Head of Security, Nikki Baumann.
How Does Phishing Happen?
The attacker sends crafted emails to people within an organization. Taking advantage of a variety of vulnerabilities in the browser, the attacker may be able to install malware (Trojan, Worm or Keylogger) on the user’s computer.
If done correctly, the attack can capture sensitive information without the victim even knowing that they have been compromised. This attack through your inbox is referred to as email spoofing.
How to Protect Yourself Against Email Spoofing
Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing campaigns because people are more likely to open an email when they think it has been sent by a legitimate source.
There are various phishing techniques used by attackers:
- Embedding a link in an email that redirects you to an unsecure website that requests sensitive information
- Installing a Trojan via a malicious email attachment or ad which will allow the intruder to exploit loopholes and obtain sensitive information
- Spoofing the sender address in an email to appear as a reputable source and request sensitive information
When handling emails, even those that don’t appear suspicious at first, always go through the following steps to ensure that your browser is not compromised:
1. Analyze the Salutation
Is the email greeting just a vague “Dear Customer”? If so, watch out! CoinPoker as well as most online services that handle user accounts always address emails with the user (in our case player) name (e.g. Hello Sarah123).
2. Handle Links and Images VERY Carefully
In general, be suspicious of all emails containing links and/or images. Even if it appears to be from a trusted source, hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it.
If you want to test the link, make sure you open a new window and type in website address directly rather than clicking on the link from emails.
Also, approach images in email with caution as images can also contain harmful codes If you receive a suspicious email please forward it to [email protected]
3. Check for Spelling Mistakes
Make sure that the spelling of words in the link matches what you expect. Spammers and scammers often use URLs with typos and transposed letters in them that are easy to overlook, such as “Coinpokerr.com” or “Coinpoker-Service.com”.
Also, legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious to [email protected]
4. Review the Signature
Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.
5. Don’t Trust the Header or Logos
Fraudsters not only spoof brands in the display name, but sometimes also spoof brands in the header from email address. Be aware of that!
Additional Security Measures to Keep Your Info Safe
While it may seem scary, if you apply these steps as a regular habit, keeping an eye out for phishing scams will become second nature. In fact, it will be as natural and easy as checking both sides of the road for fast-driving 18-wheeler before crossing.
Here are a few other important rules of thumb to apply when handling your emails:
Don’t Open Suspicious Junk Emails
Delete junk email messages without opening them. Sometimes even opening spam can put an unprotected computer at risk. And, of course, don’t reply to an email unless you’re sure that the message comes from a legitimate source.
Don’t Give Up Personal Information
We will never ask for personal credentials via email. Don’t give them up! Beware of urgent or threatening language in the subject line.
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim that your “account has been suspended” or your account had an “unauthorized login attempt.”
Don’t Click on Attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
Always keep your Anti Virus Software up to date and run a firewall if possible. If you encounter any suspicious emails claiming to be from CoinPoker, please alert our team by sending an email to [email protected].