Skip to content

What is Phishing in Crypto?

A fishing hook on top of an envelope on a red background that represents phishing

What is a phishing scam?

A phishing scam is a type of online fraud in which an attacker uses fraudulent emails, text messages, phone calls, social media, or websites to impersonate a legitimate entity. They do this to trick the victim into sharing sensitive personal information such as passwords, account information, or other personal details. The attacker then uses this information for identity theft or to gain access to the victim’s online accounts.

Phishing attacks have become increasingly sophisticated in recent years, making them harder to detect. They are a serious threat to your personal and financial information, and as such it is crucial to be aware of the different types of indicators so that you can protect yourself from falling victim to one.

Important To Remember

It’s not uncommon to think that more well-established individuals aren’t prone to these sorts of phishing traps. This is not the case. In 2020 the co-founder of a successful Australian hedge fund fell victim to an attack that lost them nearly $1 million in fake invoices, along with plenty of reputational damage.

Warnings signs

  • Suspicious Sender: Look out for misspelled words and a different domain name from the claimed company. Be wary of emails sent from public email domains as legitimate organisations typically use their own domain name.
  • Urgent or Threatening Language: Phishing emails may pressure you to take immediate action or scare you into updating your information. Remember, legitimate companies will never threaten or pressure you.
  • Unusual Request for Information: Be wary when being asked to provide sensitive information such as passwords or verification codes. Representatives of Legitimate companies do not typically request such information.
  • Unsolicited Contact: Be cautious of unsolicited contact, especially from unknown senders. If you were not expecting an SMS, email, or call, it may be a phishing attempt. Ask the individual to verify themselves.
  • Poor Grammar and Spelling: Look out for grammar and spelling mistakes as they indicate the email is not from a legitimate source.
  • Suspicious Attachments or Links: Be cautious of unexpected links or attachments, as they may lead to fake websites designed to steal your personal information.
  • Too Good to be True: Phishing emails may offer something that seems too good to be true, such as guaranteed profits or job offers, but these are often tactics to lure you into providing personal information.
  • Generic greeting: Phishing emails often use generic greetings like “Dear valued customer” instead of addressing you by name. Legitimate emails from companies you do business with will typically use your name to personalise the email.

Important to Remember

Financial institutions, government agencies, and reputable organisations will never contact you requesting access to your device or personal information such as passwords and security codes. Never share these with anyone, regardless of the urgency or claims being made. Always contact the organisation directly through trusted sources such as their website to validate any of these types of requests.

Think twice before you act


Were you expecting this SMS, call, or email? Take a second, breathe, and think. Does this feel right? Trust your instincts, if in doubt, don’t act.


Have you been asked to respond to something urgently such as a request for a verification code or security concern on one of your online accounts? Before actioning, take some time and evaluate the authenticity of the correspondence. For example, read the SMS code you received; was it for a login to your account, or a withdrawal? If you’re unsure, ask someone you can trust.


Always navigate to the organisation’s website or app to log in, rather than clicking on any links.

What you can do if you come across a scam

Let us know

  • Please report scams or suspicious activity immediately to Swyftx via emailing [email protected] or entering our Livechat.
  • Forward suspicious emails to [email protected].
  • You can also report all suspicious activity to the Australian Cyber Security Centre at

Further support and awareness

  • IDCARE provides free, confidential support and guidance to those impacted by fraud, scams, identity theft or compromise. Call them toll-free on 1800 595 160 or visit
  • Keep up to date on scams by subscribing to the government’s scam email alerts from Check out our latest crypto scams and security alerts at

Did You Know?

Meta is being taken to court over allowing the placement of fake ads featuring notable Australian businessmen and figures supposedly promoting a cryptocurrency investment. These ads led to a fake article, encouraging investment in the project. The project has been revealed as a scam, with many victims of this phishing attack losing hundreds of thousands of dollars.

Disclaimer: The information on Swyftx Learn is for general educational purposes only and should not be taken as investment advice, personal recommendation, or an offer of, or solicitation to, buy or sell any assets. It has been prepared without regard to any particular investment objectives or financial situation and does not purport to cover any legal or regulatory requirements. Customers are encouraged to do their own independent research and seek professional advice. Swyftx makes no representation and assumes no liability as to the accuracy or completeness of the content. Any references to past performance are not, and should not be taken as a reliable indicator of future results. Make sure you understand the risks involved in trading before committing any capital. Never risk more than you are prepared to lose. Consider our Terms of Use and Risk Disclosure Statement for more details.