An “airdrop phishing site” is a type of fraudulent website set up by cyber attackers to steal cryptocurrencies or personal data from users under the guise of participating in a legitimate “airdrop”. A real airdrop is a free distribution of tokens to holders of certain cryptocurrencies as a marketing strategy for a new project. Scammers exploit the popularity of airdrops and people’s desire to get something for free to trick them.
How does an airdrop phishing site work?
The airdrop phishing phishing site process is designed to closely mimic a legitimate airdrop and is usually carried out in several steps:
Promotion of the fake airdrop:
- Attackers promote the fake airdrop on various channels: social networks (Twitter, Telegram, Discord, Facebook), phishing emails, crypto forums, or even through private messages on platforms.
- They create artificial hype by promising large amounts of new and valuable tokens. They often use fake identities or pretend to be a legitimate project team.
Creating airdrop phishing site:
A website is created that looks almost identical to a real airdrop website or the official page of an existing crypto project.
The URL of the phishing site will be very similar to the legitimate one (see also typosquatting), but will contain a small misspelling or a different domain extension (e.g. .xyz instead of .com).
Attracting victims: Users are directed to this phishing site through the promoted links. On the site, they are asked to perform an action to “claim” the airdrop. These actions may include:
- Connecting the crypto wallet: This is the most common and dangerous step. The user is prompted to connect their digital wallet (e.g. MetaMask, Trust Wallet) to the site. Once connected, the malicious site may ask for approvals (token approvals) to transfer specific tokens or even all funds in the wallet.
- Entering private keys or seed phrase: No legitimate airdrop will ever ask for your wallet’s private keys or mnemonic phrase. These are the physical equivalent of your bank passwords and must be kept absolutely secret. If you enter them, attackers will have complete access to your funds.
- Pay a tiny “fee”: Some sites may ask for a small amount of cryptocurrency (e.g. 0.001 ETH) under the guise of a “transaction fee” or “verification”. Once sent, that money is stolen and the promised tokens never arrive.
- Providing personal information: they may ask for names, email addresses or other data, which can later be used for further phishing attacks or identity theft.
Executing the theft:
- If the user logs into the wallet and grants malicious approvals or enters private keys, the attackers execute their attack. They quickly transfer the cryptocurrency from the victim’s digital wallet to their own wallets, leaving the victim without funds.
- If it was just a fee, that small amount is stolen.
For informed decisions in crypto, consult the “Cryptocurrency Price List” for real-time prices. Then, with the profit calculator, you can calculate the exact return on your investment before you act.