June Update from SALT

In case you’re not a subscriber to our newsletter, we want to share some of our favorite highlights from June right here on our blog to help keep you up to date on all things SALT.

New Platform Feature

We’ve recently updated our platform to include a new feature that allows users to view all of their accounts in one place. If you have multiple accounts with SALT, you will be able to see this new feature after logging in and can navigate back to this display via the drop-down menu in the top left-hand corner. Please reach out to [email protected] with any questions.

How to Protect Yourself from Phishing and SIM Attacks

Did you know phishing & SIM swapping are two of the most common cyberattacks targeting crypto holders? Our blog post explains how you can protect against both types of attacks.

Read the full blog post here

We Want to Hear From You!

We have recently added an option to our “What’s New” feature that lets you share your feedback on our content. You can share your thoughts by rating our content and/or leaving a comment.

Share your feedback here

SALT, Wherever You Go

Monitor your loan-to-value ratio and loan collateral details on the go with the SALT mobile app.

Download on Google Play or the App Store

Black Lives Matter

At SALT, it is not lost on us, as a company nor as individuals, that Black Americans continue to fight for racial justice and many of the day-to-day freedoms a lot of us take for granted. We are committed to hearing, learning from, and supporting our Black customers & communities in this fight for a more inclusive world.

Want to stay up-to-date on all things SALT? Signup for our monthly newsletter here!

Questions about our products and offerings? Contact [email protected]

How to Protect Yourself Against Phishing and SIM Swapping Attacks

As cybercriminals are becoming more sophisticated, their attacks are becoming increasingly challenging to defend against. Two of today’s most concerning types of cyberattacks for cryptoasset owners are phishing and SIM swapping. Phishing accounts for 90% of all social engineering incidents and 81% of all cyber-espionage types of attacks, while SIM swapping, although less common, can cause equally devastating effects. Cryptocurrency holders in particular, are attractive to black hat hackers and are uniquely vulnerable to phishing and SIM swapping attacks — here’s what you need to know to protect yourself.

Protecting against phishing attacks

Phishing is a socially-engineered cyberattack that is primarily used to obtain sensitive information including as usernames, passwords, bank/credit card details, or public and private keys to cryptocurrency wallets. The vast majority of phishing is done through email but it can also come through texts/SMS, social media, and chat services. Disguised as a trusted entity, the perpetrator tricks you into opening a message containing a malicious link or attachment. The links will typically then lead you to copycat sites resembling webpages of banks, payment processors, or online crypto-wallets. These sites are designed to trick you into entering your usernames and passwords.

There are also phishing scams that specifically target cryptocurrency holders. In most instances, the attackers masquerade as some of the more popular online wallet services (e.g. Blockchain.info or Coinbase) and prompt you to give up your credentials. In other scams, emails may include seemingly relevant attachments containing malware that infects your device and stealthily scans its files, searching for private keys to a cryptocurrency wallet.

As a general rule of thumb, if you get an email you weren’t expecting, and if something — anything smells “phishy,” disregard it entirely. Additionally:

Consider anything that comes into your spam folder a red flag
Be aware of email spoofing, which is when an attacker makes an email look like it came from a legitimate sender. For example, an email can look like it came from whitehouse.gov but it will likely (not always) go into spam since the address is spoofed.
Attackers can also make look-alike domains using a Cyrillic character that looks identical but isn’t. Those may show up in your inbox (not spam).
Always check the authenticity of any URLs included in the email and beware of URL redirects.
Avoid reacting impulsively to any calls to action (downloading attachment files or replying with any sensitive information). Keep in mind that phishing attacks are designed to make you feel a sense of urgency to respond.

Preventing SIM swapping

SIM swapping is a type of account takeover attack whereby the perpetrator breaks the two-factor authentication (2FA) security protocol by hijacking your telephone number. The attack usually starts with social engineering; scammers gather your personal details (e.g. full name, address, phone number) and call your mobile phone provider pretending to be you. Using various social engineering techniques, they then convince the wireless carrier employee to port your phone number to the attacker’s subscriber identification module (SIM).

After they’ve successfully hijacked your phone number, usually just by asking for a password reset, the attackers can break into any of your accounts — email, bank/online wallet account, and others that require a call or SMS 2FA. If your phone suddenly becomes unable to make or receive calls, you may be a victim of a SIM swapping attack and should take immediate action.

To avoid becoming another SIM swapping statistic, refrain from using your phone number with 2FA where the second factor is a call or SMS-enabled authentication. In fact, if you can, avoid giving your phone number to your email or other service providers entirely. Authentication apps like Google Authenticator or Authy are a much safer alternative, as they’re tied to your physical device instead of your phone number.

If you must provide a phone number to access a specific service, contact your cell phone provider about extra layers of security for preventing number porting. Some carriers provide additional layers of security. Also, make your standard pin something random and store that pin in a secure place like a password keeper.

Safeguard your crypto assets and personal information

Ownership over cryptoassets is established solely through digital signatures (public and private keys). Couple that with the irreversible nature of blockchain transactions and you get a potential recipe for disaster. If an attacker gets ahold of your keys or your recovery phrase, whether that’s through tricking you into abdicating them yourself (phishing) or by forcefully porting your phone number and breaking the 2FA of your online wallet (SIM swapping), the result will always be the same: your funds will be lost forever.

For these reasons, taking the precautionary steps to protect your accounts, your online identity, and, ultimately, your cryptocurrency holdings, is worth the extra effort.