Over the last few months, as the popularity of non-fungible tokens has grown exponentially, we have seen an increase in phishing attacks like this one specifically targeting brands handling crypto exchange and NFTs. However, the reason that these NFT phishing attacks remain a cause for concern, even more so than regular credit card or credential phishing, is because attackers get such a large “pay out” for such little effort.

It was not long ago that the only people buying crypto were ‘techies’ who knew to keep their wallets locked in safes on flash drives. Today, however, almost anyone can buy crypto and NFTs in minutes. The result is that the average user is buying NFTs, heavily advertising their ownership of the valuable asset online, and making it all too easy for attackers to launch targeted phishing attacks against them.

Luckily, you can protect yourself from NFT-specific phishing attacks in the same way you can other phishing campaigns. Such attacks usually start with a phishing email or SMS message. So, be sure to scrutinise the sender, the URL in the message, and any included attachment, to verify the legitimacy of the message.

For organisations, it is crucial that they implement a robust, layered security strategy. This layered strategy should include real-time detection of zero-day and unique phishing threats. By adding a real-time detection and automated remediation capability to identify and eliminate phishing threats rapidly, the impact of when a phishing email makes it through our defences can be reduced.