Blogscams
Phishing Scams
Michelle Legge
By Michelle LeggeHead of Crypto Tax Education
Updated Jul 4, 2025
This article has been fact checked and reviewed as per our editorial policy.

Crypto Phishing Scams: How to Spot & Avoid

Phishing scams aren't new, but they are rife in the crypto market now. Learn about how phishing scams work, common phishing techniques, and how to avoid them.

  • Phishing scams trick users into revealing personal or crypto info by posing as trusted sources via fake emails, texts, calls, or websites.

  • Common tactics include email phishing, smishing, vishing, social media impersonation, and fake support responses on platforms like Discord and Telegram.

  • Warning signs include urgent messages, poor grammar, fake URLs, suspicious login pages, and requests for seed phrases or private keys.

  • Protect yourself by using a hardware wallet, verifying URLs, avoiding links in messages, and never sharing sensitive info, even if the message looks official.

What are phishing scams?

Phishing scams are a type of fraud where scammers try to trick you into giving them personal or sensitive information, like passwords, credit card numbers, or crypto wallet keys, by pretending to be someone you trust.

They often do this through fake emails, websites, or messages that look real but are designed to steal your data.

Read next: Common Bitcoin Scams

Common phishing techniques

There are lots of phishing scams targeting crypto investors currently. Some of the most common include:

1. Email phishing

  • How it works: You receive an email pretending to be from a crypto exchange (like Binance, Coinbase, or MetaMask). It may say something like “Unusual activity detected” or “Please verify your wallet.”

  • Goal: Get you to click a link that leads to a fake login page. When you enter your details, the scammers steal them and access your real account.

  • Signs: Bad grammar or urgent tone and suspicious links (e.g., “coinb4se” instead of “coinbase”).

2. Spear phishing

  • How it works: Highly targeted phishing aimed at you personally, using your name, specific exchanges you use, or coins you hold.

  • Goal: Trick you into revealing your seed phrase, private key, or sending crypto to a fake address.

  • Example: You’re a DAO member, and you get an email that looks like it’s from the DAO admin, asking you to sign a “vote” transaction that actually drains your wallet.

3. Smishing (SMS phishing)

  • How it works: Scammers send you fake texts claiming to be from your wallet provider or crypto exchange.

  • Goal: Get you to click a link or call a number. The link leads to a fake site; the number connects you to a scammer.

  • Example: "Suspicious login attempt on your Coinbase account. Click here to secure it: [fake link]"

Read next: Sim Swapping Scams

4. Vishing (Voice phishing)

  • How it works: A scammer calls you pretending to be from "crypto security support" or "your exchange’s fraud team."

  • Goal: Get you to reveal private keys, recovery phrases, or install malicious software.

  • Warning: Real crypto services will never call you or ask for sensitive info over the phone.

5. Clone phishing

  • How it works: You receive an email that looks nearly identical to one you've seen before from a crypto service.

  • Goal: The links or attachments are replaced with malicious ones, but the rest of the email is copied to appear trustworthy.

  • Example: Airdrop confirmation email with a “claim now” link that leads to a wallet drainer.

Read next: How to Avoid Crypto Scams

6. Pharming

  • How it works: Even if you type in the correct address for your wallet (like metamask.io), you’re redirected to a fake version due to DNS manipulation or malware on your device.

  • Goal: Capture your login or recovery phrase on a fake site that looks identical to the real one.

7. Social media phishing

  • How it works: Fake accounts on Twitter, Discord, or Telegram pretend to be influencers, project founders, or support staff.

  • Goal: Trick you into clicking phishing links or giving them your seed phrase.

  • Example: “Vitalik is giving away ETH! Connect your wallet to claim.”

8. Angler phishing

  • How it works: Scammers monitor support requests on social platforms. When you post, “I can’t access my wallet,” a fake support account replies with a link to a “help” site.

  • Goal: Get you to enter your seed phrase or approve a malicious smart contract.

9. Business email compromise (BEC)

  • How it works: In crypto startups or DAOs, scammers may compromise an employee’s email or spoof it.

  • Goal: Trick team members into transferring funds, signing contracts, or clicking malware links.

  • Example: Fake CFO requests a multisig transaction approval “urgently” for a “partnership deal.

Read next: How to Report Stolen Crypto

How to spot and avoid phishing attempts

Phishing scams are designed to trick you into revealing sensitive information or sending crypto to a scammer. Here’s a list of common signs that can help you recognize and avoid phishing attempts:

  • Look closely at the URL. Scammers often use addresses that look similar to real sites but have slight changes.

  • Poor grammar and spelling mistakes are common in phishing emails and messages.

  • Messages that create a sense of urgency or fear (e.g., “Your account will be locked”) are often scams.

  • Check the sender’s email address or social media handle carefully – fake addresses often look similar to real ones.

  • No legitimate crypto service will ever ask for your seed phrase, private key, or full wallet access.

  • Fake login windows or pop-ups may appear while browsing – always confirm the site URL before entering info.

  • Social media messages offering giveaways or airdrops that require you to connect a wallet or send crypto are scams.

  • Hover over links before clicking to see where they really lead – don’t click if the destination looks suspicious.

  • Be skeptical of “support” responses on Discord, Telegram, or Twitter that message you first.

  • Avoid clicking on links from unknown emails, DMs, or texts – go directly to the official site instead.

  • Use a hardware wallet for added security, as it won’t approve transactions without physical confirmation.

  • Double-check that the site uses HTTPS, but don’t trust the lock icon alone; still verify the full domain.

  • Use browser extensions or security tools that block known phishing sites or warn about suspicious ones.

Read next: How to Report Stolen Cryptocurrency on Taxes

Koinly helps with theft losses

If you have theft losses, while you may be unable to recover your crypto, there may be a silver lining when it comes to your tax bill, as you may be able to offset these losses against your gains to reduce your overall tax bill. Try Koinly free today.

A banner with the Koinly Logo inviting crypto investors to Calculate Your Crypto Taxes with Koinly, a crypto tax calculator

Disclaimer
The information on this website is for general information only. It should not be taken as constituting professional advice from Koinly. Koinly is not a financial adviser. You should consider seeking independent legal, financial, taxation or other advice to check how the website information relates to your unique circumstances. Koinly is not liable for any loss caused, whether due to negligence or otherwise arising from the use of, or reliance on, the information provided directly or indirectly, by use of this website.
GET STARTED

Save hours with Koinly!

No credit card required
Make crypto less taxing.
SOC2 Type 2 certifiedISO27001 certified

Product

Resources

Company

Legal

The information on this website is for general information only. It should not be taken as consulting professional advice from Koinly. Koinly is not a financial adviser. You should consider seeking independent legal, financial, taxation or other advice to check how the website information relates to you unique circumstances. Koinly is not liable for any loss caused, whether due to negligence or otherwise arising from the use of, or reliance on, the information provided directly or indirectly, by use of this website.