BEWARE OF GROWING CRYPTOCURRENCY SCAMS

image by Jonhson Subianto

Today, the fast-changing state of the cryptocurrency market and the type of impact it will have on the future of commerce is one of much debate. However, it is clear that individual, institutional, and even retail investors are paying a lot of attention into cryptocurrency investment and transactions. Scammers and hackers are paying equal amounts of attention to such investments as well.

According to the Federal Trade Commission (FTC) Consumer Sentinel, from October 2020 through March 31, 2021, reports of crypto-related scams skyrocketed to nearly 7,000 people reporting losses of more than $80 million. These figures reflect a 12-fold increase in the number of reports compared to the same period a year ago and a nearly 1,000% rise in reported losses.

Understanding common types of scams and what kinds of things you can do to protect yourself from being cheated are more important than ever.

KEY TAKEAWAYS

The mad rush into cryptocurrency over the past several years has caught the attention of all kinds of investors, but it has also caught the attention of scammers.

Crypto scams most often aim to gain private information such as security codes or trick an unsuspecting person into sending cryptocurrency to a compromised digital wallet.

Social engineering scams such as giveaways, romance scams, phishing, extortion emails, and others mentioned within the article are a problem in broader society, but they are especially prevalent when it comes to cryptocurrency.

Types of Cryptocurrency Scams

Generally, cryptocurrency scams fall into two different categories:

  • Initiatives aiming to obtain access to a target’s digital wallet or authentication credentials. This means scammers try to get information that gives them access to a digital wallet or other types of private information such as security codes. In some cases, this even includes access to physical hardware.
  • Transferring cryptocurrency directly to a scammer due to impersonation, fraudulent investment or business opportunities, or other malicious means.

New crypto-based opportunities: initial coin offerings (ICOs) and non-fungible tokens (NFTs)

With the rise of new crypto-based investments such as initial coin offerings (ICOs) and non-fungible tokens (NFTs), there are now even more avenues for scammers to try to gain access to your money. The background of these investments is beyond the scope of this article, but what’s important to know is that although crypto-based investments or business opportunities may sound lucrative, this doesn’t always reflect reality. For example, some scammers create fake websites for ICOs and instruct users to deposit cryptocurrency into a compromised wallet. In other instances, the ICO itself may be at fault. Founders could distribute tokens that are unregulated by U.S. securities laws or mislead investors about their products through false advertising.

Phishing scams

Illustration by Konstantin Filonov

Within the context of the cryptocurrency industry, phishing scams target information pertaining to online wallets. Specifically, scammers are interested in crypto wallet private keys, which are the keys required to access funds within the wallet. Their method of working is like that of many standard scams. They send an email leading holders to a specially created website that asks them to enter private key information. When the hackers have acquired this information, they can steal the cryptocurrency contained in those wallets.

 

 

Example of such can be seen in MetaMask, Phantom, PancakeSwap platform phishing scam reported by Check Point Research on Nov 4th, 2021; which used google ads and fake URLs to scam away at least $500,000.

DeFi rug pulls

Illustration by Iconscout Store

These are the latest type of scam to hit the cryptocurrency markets. Decentralized finance, or DeFi, aims to decentralize finance by removing gatekeepers for financial transactions. In recent times, it has become a magnet for innovation in the crypto ecosystem. However, the development of DeFi platforms is beset with its own problems. Bad actors have made away with investor funds via such avenues. This practice, known as a rug pull, has become especially prevalent as DeFi protocols have become popular with crypto investors interested in magnifying returns by hunting down yield-bearing crypto instruments.

Examples of such can be seen in the NBC News report on Nov 2nd, 2021 where malicious creators of Squid Games themed Squid cryptocurrency cashed out and disappeared with $3 million.

The Bottom Line

For many people, mad rush into cryptocurrencies has evoked feelings of the Wild West. As the crypto ecosystem continues to gain scale and complexity, it will undoubtedly remain a top focus of scammers. As mentioned above, crypto scams generally fall into two main categories: socially engineered initiatives aimed at obtaining account or security information and having a target send cryptocurrency to a comprised digital wallet. By understanding the common ways that scammers try to steal your information (and ultimately your money), you will hopefully be able to spot a crypto-related scam early and prevent it from happening to you.

Enhanced Cybersecurity Framework
how can we help you?

Let’s continue discussion on how we can help you implement a done-for-you holistic Cybersecurity Management Posture.

Let's Discuss
  • Phishing Attacks come in many forms, learn more about each form and how to prevent them

    Phishing is one of the oldest and yet still prevalent form of Cyberattack. It comes in many forms and often come with combination of forms. In this post, let us learn more about each of the numerous types of Phishing attacks and how to prevent them.

    November 17, 2021
  • Strengthening Web Application Security and why it is 2nd most vulnerable threat vector in 2021 according to Forrester Research

    Forrester’s State of Application Security Report for 2021 shows that applications are still a major attack vector. Here are critical and practical steps you can take to strengthen security of your Web Application security.

    December 16, 2021
  • WORST CYBERSECURITY PLANS EVER

    Here are some of the worst cybersecurity strategies, unfortunately, followed and adopted by many organizations. Such practice has repeatedly lead the companies to disastrous results in loss of business, reputation, and monetary fines.

    November 9, 2021
  • How to Prevent a Data Breach

    A Data Breach is a multi-headed beast, and this beast is growing strong by leaps and bounds in its capability to cause monetary damage as well at the ways it can attack the most sensitive of data. There is no silver bullet solution for this is problem, furthermore, there are no one-set of controls to keep this beast at bay.

    March 29, 2022
  • TOP 5 CYBERSECURITY CHALLENGES FACED BY SMBs IN 2021

    Cybersecurity threats are causing a lot of losses for SMBs in 2021. As these organizations address cybersecurity in 2021, they need to understand what they are facing. Here are five top cybersecurity challenges faced by SMBs in 2021 as well as downloadable 5 tips to protection.

    October 20, 2021
  • What every CEO needs to know to prevent Ransomware

    In this session we look at 4 foundational layers of proven management approach that every C-Suite leader needs to know to implement better than adequate controls in Cybersecurity protection and posture to prevent Ransomware.

    March 29, 2022
  • TOP 4 PENETRATION TESTING METHODOLOGIES

    Penetration testing methodologies help to methodically identify security vulnerabilities in an organization. Think of this type of testing as your live-fire exercise for a Cyber-attack. Here are top four penetration testing methodologies that are industry-recognized and respected.

    October 19, 2021
  • Why point solutions in Cybersecurity won’t protect against a data breach, but holistic posture can.

    With the rise of ransomware, phishing mails, vishing (voice phishing), DDoS attacks, data breaches, nation state sponsored cyber attacks, it is becoming more important than ever before to have strong holistic Cybersecurity protection. Point solutions are not enough anymore to handle complex cyberattacks. Let’s look at why holistic cybersecurity instead is better than point solutions.

    November 10, 2021
  • 4 KEY INGREDIENTS OF HOW DATA BREACHES HAPPEN

    A Data Breach is a multi-headed beast, and this beast is growing strong by leaps and bounds in its capability to cause monetary damage as well at the ways it can attack the most sensitive of data. In this podcast we detail 4 favorite attack areas in 2021 that cyber-attackers prefer to use to breach data and what can IT leaders do about it.

    March 29, 2022

SCHEDULE A FREE SECURITY CONSULTATION

Schedule