How do scammers steal personal information from gullible users?

Published 18 February 2022
How do scammers steal personal information from gullible users?


Phishing (from fishing) is a type of Internet fraud. Its primary purpose is to obtain the user’s confidential information.

Typically, scammers on behalf of various sites and exchanges send emails with malicious links. They can be disguised as security alerts, account hacking messages, various surveys, etc. Users enter sensitive data when clicking on links in such emails, which leads to its loss. As a rule, attackers emphasize the urgency or call to claim a large reward for participation, which attracts attention.

The messages do not contain grammatical or spelling errors and completely copy the logo and style of the company. Therefore, they can be perceived as “correct,” that is, addressed from trusted sources. This increases the reader’s confidence and makes it easier to obtain the data.

You need private and public keys to access crypto assets. The public key is the address of the blockchain account. The transaction is created and encrypted using the public key. The private key, in turn, generates a digital signature confirming the transfer of cryptocurrency from one blockchain address to another.

Scammers, having login information, usually withdraw money from victims to their own accounts very quickly and disappear.

According to the APWG company, the number of phishing attacks grew to 300,000 in early 2021. This is 3 times more than their number in early 2020. Statistics show that:

  • 51.8% of them were phishing attacks with the theft of credentials;
  • 38.6% are response-based attacks;
  • 9.6% of attacks were associated with the delivery of malware.

A new APWG report showed that the number of phishing attacks increased to 1,097,811 in the second quarter of 2022. In June, the number of unique phishing websites increased to 381,717. In the last quarter of 2021, there were only 316,747.

A description of the phishing technique was available as early as 1987. As the Internet emerged, phishing migrated to the digital world because most assets today are stored in this form.

What are phishing techniques?

When you think of phishing, the first thing that comes to mind is e-mails. Almost everyone has come across “official” messages from banks and other services. Still, these are not the only phishing techniques today:

  • E-mail phishing is the most common form of identity theft. In this case, the user receives an e-mail, reporting manipulations, problems with the account, or offering to pass a test for a reward.
  • Vishing is a type of voice fraud. For example, you get a call from a financial institution’s security team informing you that suspicious activity has been noticed on your account. Further, during the conversation, they get the necessary information.
  • Smishing is a type of SMS fraud. The text often contains notifications about account blocking, asset theft, or hacking.
  • Phishing on search engines and social networks. It involves placing a fake site in the search results, and on social networks, they can send personal messages or tag you in posts on behalf of the “official” account. For example, you may receive e-mails from or that lead to a fake website.

And these are just the most common types of phishing. There are more of them, but they work on the same principle.

What excuses do scammers use to steal your data?

Professionals use dozens of explanations to get you to share confidential information. All these tricks can be divided into two groups:

  • Service notification. It will ask you to update the information on the website, offer to test a new function with mandatory authorization, tell you about connecting a new service, and suggest going to the website to find out how it works.
  • Messages with theft, account hacking, and unauthorized transactions. It differs from the first type of the content. In this case, the psychic pressure is felt more acutely.

Messages are based on social engineering. It is an attempt to manipulate a person to find the necessary information. And everywhere there is a mention of urgency, that you need to follow the link right now. Otherwise, it will be too late.

If we talk about service notifications, a reward or the need to update your data for security purposes is used to influence a person.

How to protect yourself from phishing?

It is important not only to understand what phishing is but also what you need to do to protect yourself from such attacks and consequences:

Method 1. Carefully check the address of the website you want to log in to. Often, in the page’s URL, the domain differs by one letter, sometimes by case. At the same time, the changes are almost invisible to the eye. For example, 1-l, I-l (capital “I‎” and small “l”). It is also not recommended to enter passwords and logins on websites without the HTTPS protocol (there is a lock icon next to it). It protects the connection and encrypts data.

Method 2. There’s no such thing as a free lunch! Do not click on suspicious links to million-dollar giveaways from messages and e-mails. Otherwise, say goodbye to your funds. On WhiteBIT, you can always ask the support service for information about the current giveaways, activities, etc.

Method 3. Choose only reliable financial service providers if you are looking for a website to buy or exchange financial assets. They guarantee the safety of your data and money.

Method 4. Check incoming information. If you received a message about blocking your account, be sure first to contact the official support service of the service from which you received the message. The communication channel can be found on the official website. Remember that employees of financial institutions will never ask for your account details (logins, passwords)!

What steps are we taking to protect you?

The cryptocurrency market is full of risks. We understand this and are responsible for the safety of our customers. In addition to two-factor authentication, we have implemented a method for verifying the authenticity of an e-mail (Anti-Phishing). When you turn it on, you will have to enter your own code, signaling that the letter came from us.

How to enable this feature?

Step 1. Login to your account.

Step 2. Go to the “Security” tab.

Step 3. Find Anti-Phishing below the field to change your password.

Step 4. Click the “Enable” button and enter the code.

Step 5. Click “Submit”.

After you save this code, every time you receive a technical email from WhiteBIT, it will contain the code. Please note that this does not apply to promotional emails.

Thus, you can check if the letter is real by comparing the code in the text of the letter and your own. In particular, many do not know or forget that services never ask you to provide your credentials, password, or other information in their letters.


  • Technical emails (withdrawals and deposits, WhiteBIT Codes, password changes) come from the domain;
  • Promotional emails (training content, new listings) are sent from the domain.

Be careful and, if possible, do not open or read suspicious messages. Carefully check the URL address of the service from which the message was received and check the information with official representatives of the company or in support.

Don’t let adversities create your mood. Assets to safety!