🔎 Social engineering attacks are a type of cyberattack where attackers manipulate people into revealing sensitive information or performing actions that compromise security. These attacks often rely on psychological tactics, such as fear, urgency, or curiosity.
Types of Social Engineering Attacks
These attacks are the most common cyber threats, posing significant risks to businesses and individuals.
Phishing
Phishing
🪝 Phishing is the most common type of social engineering attack, typically using spoofed email addresses and links to trick people into providing login credentials, seed phrases, or other personal information. Variations of phishing attacks include:
Angler phishing – using spoofed customer service accounts on social media
Spear phishing – phishing attacks that target specific organizations or individuals
Whaling
Whaling
🐳 Whaling is another common variation of phishing that specifically targets top-level business executives and the heads of government agencies. Whaling attacks usually spoof the email addresses of other high-ranking people in the company or agency and contain urgent messaging about a fake emergency or time-sensitive opportunity.
Successful whaling attacks can expose a lot of confidential, sensitive information due to the high-level network access these executives and directors have.
Scareware
Scareware
🗣️ Scareware is a form of social engineering in which a scammer inserts malicious code into a webpage that causes pop-up windows with flashing colors and alarming sounds to appear. These pop-up windows will falsely alert you to a virus that’s been installed on your system.
You’ll be told to purchase and download their security software, and the scammers will either steal your credit card information, install real viruses on your system, or (most likely) both.
Baiting
Baiting
🪤 Baiting is a type of social engineering attack that lures victims into providing sensitive information or credentials by promising something of value for free. For example, the victim receives an email that promises a free gift card if they click a link to take a survey. The link might redirect them to a spoofed Office 365 login page that captures their email address and password and sends them to a malicious actor.
Vishing
Vishing
☎️ The fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies such as Galxe to induce individuals to reveal personal information, such as seed phrases and private keys.
Channels of Attacks
Email: Scammers send messages resembling those from legitimate companies such as Galxe.
SMS: Text messages that lure users into clicking malicious links.
Social Media: Impersonated accounts requesting sensitive information.
Phone Calls: Fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies such as Galxe.
Galxe Official Email Addresses and Links
Official Email addresses
Official Email addresses
These are the addresses from which you should expect to receive legitimate communications. Be cautious of emails from any other addresses claiming to be from Galxe, as they may be phishing attempts.
Marketing & Business Team
Official Links
Official Links
Please note: Always verify the authenticity of any links, particularly when connecting your wallet. Be cautious of social engineering and scams, and only interact with official Galxe platforms.
Socials
How to Recognize Social Engineering Attacks
Verify the Sender’s Address
Verify the Sender’s Address
Official Communication Channels: Always check for official announcements and updates on Galxe's official website, social media, or in-app notifications.
Email Addresses: Be cautious of emails from unfamiliar addresses, even if they appear to be from Galxe.
Links and URLs: Hover over links to check the actual destination before clicking. Avoid clicking on suspicious or shortened links.
Account Impersonation: Hackers create fake accounts that closely mimic legitimate profiles. They may use stolen profile pictures and similar usernames and copy the entity's posts and comments to build credibility.
Here’s an example:
Look for Generic Greetings
Look for Generic Greetings
Phishing messages usually use generic greetings like "Dear Customer" instead of your name.
Examine Language and Tone
Examine Language and Tone
Messages with poor grammar, spelling errors, or awkward phrasing may be fraudulent.
Identify Urgency or Threats
Identify Urgency or Threats
Be cautious of messages that create a sense of urgency or warn of account suspension.
Unusual Requests
Unusual Requests
Personal Information: Legitimate platforms like Galxe will never ask for sensitive information like your password or seed phrase.
Urgent Actions: Be wary of urgent requests, especially those that involve financial transactions or personal data.
Unverified Offers
Unverified Offers
Guaranteed Returns: Be skeptical of offers that promise high returns with minimal risk.
Unofficial Partnerships: Verify any claims of partnerships or collaborations with other projects.
Security Alerts
Security Alerts
Device Compromises: Watch for signs of unauthorized access to your device, such as unusual software installations or strange network activity.
Account Anomalies: Keep an eye on your Galxe account for any unexpected changes or suspicious transactions.
How to Avoid & Report
To safeguard your account and digital assets, follow these essential tips:
Be Vigilant
Be Vigilant
Verify the Sender: Always double-check the sender's email address and the legitimacy of any unexpected messages. Consider referencing the official channels if unsure.
Avoid Clicking Suspicious Links: Be cautious of links that seem too good to be true or lead to unfamiliar websites.
Beware of Urgent Requests: Legitimate platforms such as Galxe rarely demand immediate action, especially when it involves sensitive information.
Enable Strong Security Measures
Enable Strong Security Measures
Strong, Unique Passwords: Create complex passwords that are difficult to guess.
Two-Factor Authentication (2FA): Enable 2FA to add an extra layer of security.
Keep Software Updated: Regularly update your device's operating system and security software.
Report Suspicious Activity
Report Suspicious Activity
Contact Galxe Support: Report any suspicious activity to Galxe's official support channels. https://app.galxe.com/support
Provide Details: Include screenshots, timestamps, and any relevant information to help Galxe investigate.
Educate Yourself
Educate Yourself
Stay Informed: Keep up-to-date with the latest cybersecurity trends and threats.
Learn About Social Engineering: Understand the tactics used by scammers to manipulate people.