Mini
Domain spoofing has been around for a while. Earlier, scammers would use this method to imitate the domains of banks and other traditional financial institutions. Now, bad actors are using this exploit in the world of crypto.
Crypto scams have dipped this year. At the end of July, bad actors made away with $1.6 billion of ill-gotten funds — that’s 65 percent lower than the figure for the same duration in 2021. However, this doesn’t mean that we can let our guard down.
Scammers are always looking for new ways to rob you of your crypto holdings. And one of the latest methods attackers are employing these days is domain spoofing. It is the act of impersonating the website of well-known crypto exchanges, DeFi platforms, DApps, etc.
Unknowing victims interact and transact with these bogus websites and lose a lot of money. So tag along as we take a closer look at domain spoofing and learn some best practices to transact safely in the cryptoverse.
The near-perfect domain
Domain spoofing has been around for a while. Earlier, scammers would use this method to imitate the domains of banks and other traditional financial institutions. Now, bad actors are using this exploit in the world of crypto.
The imitations have also gotten harder to spot. Scammers are now using Unicode symbols to replace standard English characters. These symbols look like letters, making it easy to get past the defence of unsuspecting victims.
For instance, they may use an upside-down exclamation mark (¡) as an ‘i’ in a link. Or they may insert the symbol for the Greek letter alpha (‘α’) as an ‘a’. They may also use simpler methods such as an extra letter or zero instead of ‘o’. To the untrained eye, these look like legit domains. Moreover, scammers use well-designed knockoffs of genuine websites, making it even harder to tell the difference.
How do these scams work?
Most commonly, scammers will use fake offers to lure their victims. These offers will reach you through an e-mail, tweet, or even SMS. They will try to send you to the phoney domain they have set up, and since the URL looks legit, most people take the bait and hit the link.
Now, they land on a seemingly legit page, where they will be asked to provide their login credentials to proceed. Scammers can track the characters and letters being entered, giving them access to the victim’s accounts. Once they have access to their accounts, they will likely drain funds entirely.
Best practices to avoid domain spoofing
Play close attention to spelling
The domain spoofers get most of their victims by creating near-perfect websites with an extra letter or number. Therefore, if you pay close attention to the domain name in the address bar, you can easily pick out the wrong ones. Besides spellings, scammers sometimes create exact match URLs, but with a different top-level domain. For instance, instead of the actual ‘.com’ domain, scammers might user ‘.in’ or ‘.net’ or something completely random such as ‘.xyz’.
Bookmarks are your best friends
Bookmarking trusted websites is a great way to avoid spoofed domains. If you get an offer that is supposedly from one of the platforms/projects you know and use, simply click on the bookmark instead of the link embedded in the e-mail, tweet or SMS you have received.
Look for the lock
The lock on the address bar is your first sign of trust. It indicates that the connection between your web browser and the website server is encrypted. It also ensures that the website you visit has its required SSL certificate. Scammers don’t usually go to such lengths to set up a bogus domain. In any case, you still have to perform your checks before you give away financial information on a website.
More than one wallet is a good thing
If you’re new and still exploring the world of crypto, use a wallet with very limited funds. This way, the damage is restricted if you’re caught in a scam. The wallets in the cryptosphere are virtually unlimited and cost-free, so why not? When sharks and whales can do it, so can you.
Verify offers
It’s not unheard of for crypto platforms to provide lucrative offers. They could give users access to exclusive airdrops or free tokens for users who execute specific tasks. However, one should verify these offers on the official website (which you have hopefully bookmarked) or on their official social media handles. You can also participate by visiting the official website and following the process there, rather than clicking on the link you received in a mail, tweet, or SMS.
Conclusion
These kinds of social engineering scams leave the ball in your court. They need the victim to play into the trap for the fraud to work. Therefore, exercising due diligence can ensure you do not fall victim to such exploits. And now that you know what to look for, spotting spoofed domains should be much easier.
Click Here For The Original Source.
————————————————————————————-