Scammers are evolving along with technology at an alarming rate. People have been scamming each other as far back as 200 A.D.! The scams are getting more technical, but the M.O. is still the same: scammers want what you have.
In the world of cryptocurrency, it’s important to know what the latest scams are, and how to protect yourself. Cryptocurrency can be complicated and confusing for new users – all of which makes them an ideal target for scammers. This article will show you the current, major cryptocurrency scams – and provide tips on what to look for and how to avoid them. After all, the best way to protect is awareness.
Impersonators, also known as ‘pretexting’, is a scam in which the attacker will present themselves as someone else in order to get private/sensitive information out of the victim. Unfortunately, this happens all the time. The elderly have been explicitly targeted. The success of an impersonation scam usually rests on the ability of the attacker to build trust with the victim. So, impersonating can usually be a bit of a longer con than a phishing attack. Many of the impersonation scam attempts have become more advanced through the use of new technologies.
For example, you might have a scammer impersonate an external IT service technician/operator who will ask internal IT staff for information, which could then allow them access to the organization. Additionally, you may also find individuals impersonating a company, on social media platforms where they’re trying to get you to provide personal information or follow misleading/dangerous links. In order to protect yourself, validate the person’s identity and do your research on company practices.
- The scammer will try and get the victim to perform an action
- The scammer will use the sense of urgency to receive an immediate response
- The scammer will entice you with promotional offers that sound too good to be true on social media
Romance scams are when perpetrators express their false romantic intentions towards victims to take advantage of their trust in order to access their bank accounts, cash or credit cards.
For example, the scammer will create a fake profile on a dating website and start to build trust with their target. Once trust is established, they will ask for financial assistance. Most likely, the scammer will claim to have a medical emergency, their bank account being frozen or something urgent where they require immediate financial assistance.
- The scammer communicates with their target online and avoids in person interactions
- The scammer provides inconsistent details about his/her life
- The scammer claims to have a life-or-death medical emergency or something urgent where they need immediate financial assistance
- The scammer will ask you to pay by wiring money, gift cards or prepaid cards so they can receive the cash immediately while remaining anonymous
- The scammer relays a confusing story about why they need financial assistance and avoids answering any further questions
Phishing is the most common scam out there, and it uses a technique called “social engineering” to finesse your assets from you. Social engineering basically means the scammer will use social media, instant messaging, SMS, or email and direct people to follow a compromised URL to trick them into providing private/sensitive information such as usernames, passwords, private keys or credit card details.
For example, you receive an unsolicited email that looks like it is from a corporation such as, your bank or crypto exchange. This email would take you to a fake website and prompt you to enter your account details. This provides the scammers with everything they need in order to log into your real account.
- Phishing messages will usually have a sense of urgency to them
- coming from a trusted source – they may even have copied logos or images to make it look more legit
- The scam will usually have very minimal information, which is deliberate so that you will click through on an embedded link
- If the message is vague, urgent, or slightly off-brand, beware and ignore it
- The message is designed to be attractive and stimulate your curiosity
Whaling is a form of phishing, but on a larger scale (hence, the term whale). Whaling uses the same M.O. as phishing – social engineering for sensitive/confidential information – but, it focuses on information that is relevant to commercial and larger economic resources. In whaling scams, the target of the attack is typically a “relevant” executive of a private business or government agency – again, think “big fish”. There are a few whaling red flags to watch out for, which, though similar to phishing, are a bit more specific.
- Whaling attackers will use a scam email that is designed to look like a critical business email sent from a legitimate source, like another executive
- An underlying urgency and a slightly vague message
- A fake company-wide concern which is trying to incite action from one or multiple executives in order to gather high-level confidential information
- Email requesting funds or information that is not usually transferred via email
Fake Wallets & Exchanges
Fake wallets are scams that involve luring victims into fake bitcoin exchanges. These fake wallet scams typically present a promotional offer, or they have a “representative” that will pressure the victim into creating an account and/or depositing bitcoin into the account (wallet). There might be a bonus or incentive for people who want to deposit large amounts. If you’re going to download a wallet app, make sure to do your research very thoroughly, as fake apps have been found on reputable app stores like Google Play. Once downloaded, these fake wallets can be used to access almost all of your private account information.
For example, a company can claim to trade/manage your funds for you to obtain the best outcome for your portfolio. In order to do that, they will require access to your account. Once they have access to your account, they are in full control of your funds.
- If the scammer asks you for control over your account to trade/manage your funds for you
- The scammer might entice you with promotional offers that sound too good to be true
SIM Swap Scams
SIM swap scams are a newer type of fraud, and they’re pretty much how they sound: attackers will swap your SIM (Subscriber Identity Module) through your cellphone provider, in order to gain access to your phone and private information. In this scam, The scammer will either charge very high fees, make it impossible for the victim(s) of the scam to withdraw any funds, and/or steal the victim’s money altogether.
For example, an attacker will acquire your name and phone number through some sneaky, fraudulent means. Then, they will impersonate you and request a new SIM card in your name, through your cellphone provider. Once the scammer has the new SIM card, they will have access to all the services you have linked to your phone (e.g. online banking, crypto wallets, emails, pictures, calls, texts, etc.).
- Your phone connection might stop working, you will no longer receive calls or texts messages and are unable to make a call
- Unknown or strange activity on any application you have on your phone (for example, your bank account)
The best way to protect yourself? Enable a password for any online carrier interactions, and make sure it’s unique. Also, do not publish your phone number on social media, and generally limit the amount of personal information you share (e.g. birthday, elementary school) – this will make it harder for the scammers to impersonate you.
How To Protect Your Crypto
Now that you know about the main crypto scams out there, we have a few tips you can use to protect yourself and your cryptocurrency.
- Enable 2FA for all of your accounts for an added layer of security.
- Use a password generator for the strongest passwords possible.
- Never allow third parties access to any of your personal accounts.
- Always thoroughly research an organization before you deposit your assets into it.
- Avoid putting your personal information on social media – even the most mundane information could be used to scam you.
- Always validate the person or organization sending you the email or message.
- Have a “Kill Switch” so that, if you are compromised, you can remotely wipe all your data and lock your phone remotely.
- Read emails carefully: if logos, text, or URLs look slightly off, they’re probably fake.
- Don’t be afraid to request validating information – if the person contacting you is from a reputable, secure organization, they will comply.
It may seem like a lot of information to take in about who’s scamming who, and what to look out for, but it’s important to know. If you know the risks and you’re aware of what’s out there, you’ll be much better prepared to avoid scams entirely. If you know the risks, you’ll also be more aware of institutions and organizations that have really good security measures in place. Coinsquare, for example, is one of the few firms globally to have successfully completed an independent third-party review of its Compliance Program. Look for firms like Coinsquare, that have top-level security protocols in place so that scams can be avoided entirely. Most importantly though, take care of yourself and do the research – sure, time is valuable, but after all, so are your assets.