A Textbook Example of Crypto Phishing Email Impersonating Trust Wallet

Feb 2, 2024 • 3 min read

• Cybersecurity
• Phishing email
• Scam

Introduction

I recently received an email notifying me about the requirement for KYC verification on Trust Wallet. This is a textbook example of phishing email in the crypto industry. I was also surprised that GMail didn’t put this email to my Spam folder.

Figure 1. The screenshot of the phishing email.

Now let’s see if we can find the red flags of phishing emails.

1. Generic greetings

The phishing email states: “Dear user, …“

I mean, if I am your service’s customer and you don’t know my name or at least my username, I would be really pissed off.

This indicates that the email was not sent by Trust Wallet but by an attacker pretending to be them, hence the generic greeting. Additionally, since the attacker would send this email to numerous users, it is not practical to address each recipient by name.

2. Urgency and threats

If you read the email, I’m sure that you will sense the urgency; failure to take the necessary action may result in the loss of your funds.

3. Suspicious links

Although they claim to be Trust Wallet (trustwallet.com), all the links provided direct to URLs with substack.com and sbstck.com domains.

It is worth noting that Substack (substack.com) is a legitimate business. It is not necessarily the case that Substack is related with the attack. It is possible that the attacker intentionally included some valid links to avoid suspicion.

4. Poor grammar and spelling

Now, this one they got right. I am a little bit surprised that the email sounds highly professional, unlike other phishing emails I have received in the past.

5. Request for personal information

Based the subject of the email, it is clear that they are seeking personal information from their victims. I didn’t click any of the links in the email, but I’m positive that it will go to a webpage with some forms to enter personal information.

6. Unusual sender’s email address

The sender’ email address is dfgdfgdgdf@substack.com. If that doesn’t look unusual, I don’t know what does.

7. Unfamiliar or unexpected attachments

The email did not contain any attachments. But it is understandable since their primary intention seems to be collecting personal information rather than installing malware on victims’ computers.

Key takeaways

Phishing emails are becoming increasingly sophisticated, with scammers impersonating trusted platforms like Trust Wallet to trick users into revealing their sensitive information. It is important to educate ourselves about cybersecurity and learning how to spot the red flags in phishing emails.

Stay safe.