Phishing attacks as emails often impersonate trusted organizations like banks or cryptocurrency exchanges. These emails can range from poorly written scams to near-perfect replicas of legitimate communications.

Be cautious with any unexpected email that asks you to log in or transfer crypto. Genuine financial institutions rarely send emails demanding urgent action. Always check the sender’s email address carefully and watch for subtle misspellings (like noreply@citiibank.com instead of noreply@citibank.com).

Tip: Never share passwords or recovery phrases through email. No legitimate service will ask for this information.

2. Don’t Click Suspicious Links

Avoid clicking links in emails whenever possible. Instead of following a link to your exchange or wallet provider, manually type the URL into your browser or use a saved bookmark. This small step eliminates one of the most common phishing entry points.

If you must click a link, hover over it first to inspect the real URL. Watch for misspellings, unfamiliar domains, or hidden redirects.

3. Know Your Sites

Phishing websites often mimic real crypto exchanges to steal your login credentials. They might even use HTTPS (the padlock icon), which only means the connection is encrypted — not that the site is safe.

Always check the domain name carefully. For example:

Fake sites often use subdomains, typos (bitrrex.com), or alternative domain endings (bittrex.cash) to trick users.

Tip: Bookmark legitimate URLs of your crypto services to avoid typing mistakes or following malicious links.

This fake site will be hosted on a domain set up to resemble that of the legitimate site, but the sophistication of this varies. The fake site will most likely also be configured to use HTTPS, i.e. the green padlock. HTTPS on its own is not a signifier that a site is trusted — it just means that your connection to the site is encrypted and can’t be intercepted.

So you can catch out some phishing sites, such as the one in the screenshot above, by checking the domain name in the URL. Bittrex’s legitimate domain is bittrex.com, whereas this phishing site is hosted at bittrex.asset2fa-exchange.com. It’s easy to see how the latter could be mistaken for the former, but a bit of careful inspection shows the trick. Some browsers even help you determine whether you’re on this kind of phishing site or not by graying out secondary parts of the URL.

hxxps://bittrex[.]asset2fa-exchange[.]com/bittrex-login

https://bittrex.com/account/login

But before we get too comfortable with our ability to determine phishing from a quick glance at the URL bar, let’s remember that this is a low effort, low sophistication attack — our attacker didn’t even buy a new domain to target Bittrex users with, they just used a subdomain of something else!

An unintended consequence of the generic top-level domain expansion that began in 2013 is that phishers now have many more choices when registering fake domains. Want to phish users of Poloniex.com? Why not register Poloniex.online, or Poloniex.website, or Poloniex.xyz? There are hundreds of options to choose from. And while domain registrars do have dispute processes, and larger corporations with deeper pockets (such as Google) make an effort to buy up all or most alternative domains on these gTLDs, phishing sites can slip through the cracks for long enough to cause some damage.

Luckily, the generic TLD is an important part of the URL and will be displayed as such by most browsers. If you know the legitimate gTLD of a given site, you should be able to spot fakes pretty easily.

https://bittrex.com/account/login

hxxps://bittrex[.]cash/account/login

This was also possible to a lesser extent before the release of these new TLDs — for example, a phisher could register bittrex.org.

An alternative to using a different gTLD is the practice of typo-squatting — buying up domains one or two letters off from popular websites: for example, facbook.com or gooogle.com. What if our attacker had done this with Bittrex?

https://bittrex.com/account/login

https://bitrrex.com/account/login

These two URLs look remarkably similar, but you’re probably still able to tell which is the real one because you have them side-by-side for comparison, and because you’ve just read a paragraph about typo-squatting and are primed to notice it. But you won’t always be in such a heightened state of vigilance. Consider the image below:

Noticed what’s wrong with it yet? Probably not, right? Here’s what you missed: in each of the triangles, the last word on the second line is repeated at the beginning of the third. “Once upon a a time”, “John loves to to dance”, “Summer in in the city”.

It is incredibly easy to miss simple typos and repeated letters or words in common words, sentences, and, yes, domain names that we look at all the time.

4. Watch Out for IDN Homograph Attacks

Advanced phishing attacks replace characters in domain names with lookalikes from other alphabets (like Cyrillic). For example, myеthеrwаllеt.com may look identical to myetherwallet.com but leads to a malicious page.

Your browser might not always detect these fake domains. Use security extensions or plugins that can identify deceptive URLs.

5. Use PhishFort Nighthawk

PhishFort’s Nighthawk browser extension , available for Chrome and Firefox, is designed to spot phishing attacks instantly. It displays:

• Blue for trusted sites

• Red for known phishing sites

• Grey for unknown ones

It also allows you to report suspicious domains, helping to protect the entire crypto community. Learn more at PhishFort Nighthawk .

6. Recognize Common Crypto Scams

Phishing isn’t limited to email — it also happens across social media, fake apps, and fraudulent ICOs. Some common scams include:

• Fake ICOs: Impersonating real projects to collect investor funds.

• Giveaway scams: Asking you to send crypto in exchange for “double your money” rewards.

• Social media impersonations: Fake influencer accounts promising returns.

If it sounds too good to be true — even in crypto — it probably is. Always verify projects through official websites and trusted communities.

7. Stay Vigilant Beyond Email

Phishing can appear anywhere online — Discord groups, Telegram chats, or X (Twitter). Stay alert, especially when interacting with new contacts, promotions, or investment “opportunities.”

When in doubt, contact the organization directly through verified channels before acting.

8. Protect Your Wallets

For crypto investors, one mistake can be irreversible. If funds leave your wallet in a phishing attack, there’s no way to recover them. Use hardware wallets when possible, and keep your seed phrases offline and secure.

9. Keep Learning

Cybercriminals evolve constantly. Stay informed by reading trustworthy cybersecurity sources like PhishFort’s blog and other reputable industry updates.

10. Take a Proactive Stand

Knowledge and vigilance are your best defences. Combine awareness with tools like PhishFort Nighthawk to protect your assets — and help build a safer crypto ecosystem.

Outbound Reference: You can learn more about identifying phishing and scam sites at Google Safety Center.