What do you need to know about phishing?

Published 18 February 2022
What do you need to know about phishing?


Phishing is a type of Internet fraud, the main purpose of which is to obtain confidential user information. This usually includes logins and passwords for financial accounts. In the case of cryptocurrency, this is the private key. If there is login information, scammers typically very quickly transfer the victim’s money to their accounts and simply disappear.

A description of the phishing technique was already available in 1987. With the advent of the Internet, extracting information methods have migrated to the digital world because most assets today are stored in a digital form. At the same time, traditional phone “frauds” are still widespread.

Popular phishing techniques

The first thing that comes to mind when thinking about phishing is e-mails. Almost everyone has come across official letters from banks and other services. But this is not the only phishing technique available today:

  • Vishing (voice phishing) is a type of voice fraud. For example, you may receive a call from a financial institution’s security service that informs you about a suspicious activity detected on your account. During the conversation, the necessary information is fished out from the person.
  • Smishing (SMS phishing) is a type of SMS fraud. The text of such messages often contains a notification about the blocked account, assets’ theft, or an attempt to hack the account.
  • E-mail phishing is the most common form of identity theft. In this case, the user receives an e-mail letter informing about manipulations, problems with the account, or offering to pass a test for some reward.
  • Search engine and social media phishing. These types involve placing a fake website in search results, and in social media involves sending private messages on behalf of an “official” account or tagging you in posts.

These are just the most common types of phishing. In fact, there are more than 10 of them, and they all work similarly.

What pretexting techniques do scammers use to steal your data?

Professionals use dozens of pretexts to get you to share confidential information with them. All of these tricks can be divided into two groups.

  1. Service e-mails. In such a notification, you will be asked to update the information on the website, offered to test a new function with mandatory authorization, told about new services, and offered to go to the website to find out how they work.
  2. Security alert messages about theft, the hacked account, unauthorized transactions. They differ from the first type in content – in this case, the psychological pressure feels far more intense.

All such notifications are based on social engineering. That is an attempt to manipulate a person in order to find out the necessary information. Moreover, the urgency mention is always used, so that if you don’t follow the link right now, it will be too late.

If we talk about service e-mails, a person is influenced through a reward or a need to update his/her personal data for security purposes.

How to protect yourself from phishing?

It is important to understand what phishing is and what you need to do to protect yourself from these types of attacks and consequences.

Method 1: carefully check the address of the website which you want to log in to. Often the domain addresses differ by one letter, sometimes by case. At the same time, the changes are almost invisible. For instance, 1-l, I-l (English capital letter “I” and English small letter “l”). Also, we do not recommend entering passwords and logins on websites without the HTTPS protocol (there is a lock icon next to it). It secures the connection and encrypts data.

Method 2: do not follow suspicious links from text messages and e-mails. You have to understand that there are no freebies. Therefore, do not count on free gifts if you do not want to say bye-bye to your funds. Even if the event is real, the prizes will rather be modest and timed to the service’s anniversary, the total number of transactions carried out on the network. Although, it is better to double-check such information through the employees.

Method 3: if you are looking for a website to buy financial assets or exchange them, then choose reliable financial service providers. They guarantee the safety of your data and money.

Method 4: check the incoming information. If you received a message that your account has been blocked, then be sure to first contact the official support representative of the service that sent you the notification. The communication channel can be found on the official website. Check the blocking with company representatives.

Remember that employees of financial institutions will never request your credentials (logins, passwords, private keys)!

What actions have we been taking to protect you?

The cryptocurrency market is full of risks. We understand this and take the safety of our customers responsibly. In addition to using cold storage for the most part of assets and the two-factor authentication, we have additionally implemented a method for verifying the e-mails’ authenticity. We use the Anti-Phishing function for this. When you turn it on, you will be asked to enter your own code, which will signal that the letter came exactly from us.

How to enable Anti-Phishing on our exchange?

  1. Log into your account.
  2. Go to the Security tab.
  3. Find the Anti-Phishing section.
  4. Click the Enable button and enter the code you made up.
  5. Click “Save”.

After you save this code, every time you receive a technical email from WhiteBIT, it will contain this code (this does not apply to promotional emails).

Thus, you can check whether the letter is authentic by checking the code.


  • technical letters (withdrawal of funds and replenishment of the balance, WhiteBIT Codes, password change) come from the whitebit.com domain;
  • promotional emails (educational content, new listings) are sent from the whitebit.promo domain.

We recommend you to be careful and read suspicious notifications with a clear head. Phishing is designed to call an immediate reaction due to a surge of interest or a rush of nerves. But it is worth considering the situation calmly and, perhaps, you will see that scammers just want to deceive you.

We wish your assets to be safe!