Phishing is the practice of tricking a user into using malicious software that is designed to look legitimate. The malicious site may try to harvest credentials, or trick a user into downloading a tampered version of key software. For example, if you are tricked into logging into a malicious website at c0inbase.com, the attacker can then use your username and password to access your Coinbase account.
- Watch carefully for HTTPS warnings on cryptocurrency sites.
- Always check the URL on cryptocurrency sites.
- Use a multi-signature wallet, which would require the user to be tricked multiple times before fund theft is possible.
- Use a sovereign key storage system that avoids single points of failure.