What is a Phishing Attack?

It is a type of cyber attack that aims to seize credit card and private information of malicious users by appearing as reliable. Generally, attacks are carried out by reaching people via fake e-mails with requests such as password renewal, confirmation or confirming card information.


In the crypto currency system, a phishing is usually made through fake wallet sites that appear to be a reliable wallet platform. There are many varieties and different techniques. In order to be protected from this cyber attack, users should be very careful, check the transactions at least once, provide URL control (HTTPS) and not share their personal keys with anyone. It is very important to carefully check before transferring or trading transactions, especially since trading with cryptocurrencies is irreversible.

How to Do Phishing Attacks?

Phishing attack can be done by a person or a group. While the attack can sometimes target an individual, it can sometimes be made against a company or institution. Phishing attacks mostly use e-mail or fake web pages. Thus, the person or people's own credit card information, online bank accounts or valuable information are tried to be seized.

A fake e-mail is sent to their e-mail addresses, which gives the impression that it comes from institutions that are in constant communication. In the content of this e-mail, it is requested to click on the web address of the relevant institution and to renew the expired password. At the bottom of the e-mail, a link to that web page is added. Another method of email phishing attacks is to organize a fake lottery. In the content of the e-mail sent to the e-mail address, it is promised that a draw will be made by an institution that the person is in contact with and a luxury prize will be given to the winner. However, in order to participate in the draw, the person is asked to provide their personal information.

Phishing attacks have also been used in crypto money systems. Malicious people are trying to steal Bitcoin or other digital currencies from users. For example, by impersonating a real website, replacing the wallet address with its own, giving users the impression that they are paying for a fake service, it actually happens when people steal their money.

How to Avoid Phishing Attack?

The password used for the e-mail account must be different from the passwords for other used accounts.

Emails requesting personal information should not be responded to.

If it is not clear who the incoming e-mail is from, it should not be replied. No institution or organization requests personal information via e-mail. URL links in suspicious-looking e-mails should not be clicked. Do not give personal information to suspicious or unknown websites.

When entering the websites of banks, credit cards and service providers to enter personal information, it is necessary to directly type the URL of the website into the internet browser.

Before filling out a form online, even on secure sites, it should be checked whether the site has a confidentiality agreement stating whether it shares this information with third parties. Antivirus programs should be used.

Do not install or allow to run software that is illegal or of unknown origin.

Credit card numbers, personal information, any password, including e-mail, should never be sent explicitly by e-mail. An e-mail technically passes through many points before it reaches its destination. At these points it is always possible to “listen” to the contents of the emails.

Especially in areas where Wireless Internet is used, places such as banks should not be entered unless it is necessary, credit card, password, etc. transactions should not be made.