By: Gabriel Schram
March 3, 2021
Cryptocurrency Scams and Security Basics
By: Gabriel Schram
March 3, 2021
Recent developments have seen cryptocurrency reaching closer to mainstream financial markets. With the rise of crypto’s legitimate reputation, an increased number of people seek to take advantage of the opportunity. Investors want to become rich, payment companies want to draw a larger clientele, and retailers want to offer more payment options. However, a lack of full understanding of how cryptocurrency works, properly storing crypto, and general cyber hygiene has led to the success of several scam tactics carried out by individuals and organizations around the world.
As with any newer and emerging technology, the concepts of convenience and accessibility hold greater weight than being secure. Online exchanges offer mobile applications and are often free to sign up for. As a result, users’ crypto security is only as good as their mobile and password security. Cryptocurrency accessibility has led to a vast attack surface for fraudsters and malicious actors. However, many of these attacks are not new - the tactics, techniques, and procedures of cybercriminals targeting crypto are similar to other online campaigns. While many of these cyberattacks have adapted to target cryptocurrency, the mitigation methods are similar to defensive network architecture practices. The core targets are the users, in this case, cryptocurrency holders and potential investors. Legislation and policy within the realm of fintech need to find their foothold in the growing market of cryptocurrency, or else fraud and theft will continue to rise.
Common Crypto Scam Techniques
Among the diversity of attack vectors surrounding cryptocurrency, the most exploited is the user. The dangers of crypto scams mostly occur with hot wallets, which are wallets connected to the internet. From this point, a hacker needs to log in to the crypto-exchange or platform as the victim to transfer their funds fraudulently. Some of the most prominent tactics and campaigns in cryptocurrency scamming include:
Fraudulent Initial Coin Offering (ICO)text in italic- An ICO is essentially fundraising for a company seeking to launch a new service platform or cryptocurrency. A fraudulent ICO is a social engineering campaign in which a malicious actor convinces users to donate or invest in their new crypto that does not exist. Users invest via cryptocurrency; then, the fraudster disappears with their money.
Illegitimate Web Applications and Mobile Appstext in italic- Fraudulent websites and mobile applications could appear to look or appear to be spelled exactly like a legitimate platform. Once a fake application is downloaded, and money is put into it, it is likely to disappear or be transferred out of the victim’s control. These types of websites could also steal PII or financial credentials.
Phishingtext in italic- Phishing scams are email campaigns that target users to fraudulently gain information, infect them with malware, or click a malicious link. A phishing email will appear to be from a trustworthy source. Many of the most successful crypto scams combine phishing with malicious links leading to watering holes or malware infection.
Avoiding Cryptocurrency Scams
Mitigating crypto scams is a concern consistently raised by many platforms and financial institutions. As a result, efforts in preventing them have been slowly taking effect. However, much of this prevention involves providing awareness training to the financial sector and cryptocurrency holders that stimulate the market.
Basic cybersecurity practices are pivotal in the fight to prevent unwanted crypto fraud or theft. Strong, single-use passwords are essential in crypto security. Therefore, ensuring proper password length and complexity for anything connected to one’s crypto wallet will reduce risk. Logging into financially vital platforms or applications should be taken further by adding multifactor authentication and difficult security questions. Authentication methods such as face scanning or fingerprint scanning are becoming increasingly accessible, and text messaging could be another authentication method.
A majority of cryptocurrency scams rely on intelligence gathering. Users become easier targets when they readily reveal too much personal information. When possible, avoid revealing PII online. Phishing campaigns and illegitimate websites are potential threats to be aware of; users need to be suspicious of anything out of the ordinary.
A baseline of cryptocurrency security is securing its storage. Without a secure wallet, crypto will not be safe. Therefore, ensuring a legitimate and safe wallet for crypto is vital to keeping it protected. A wallet that is not connected to the internet, also called a cold wallet, is the safest option for holding cryptocurrency. These wallets typically come in the form of external hardware, similar to a USB drive. Ledger and Trezor are brands that offer several types of secure cold wallets.
Taking the necessary steps to protect cryptocurrency investments does not make one impervious to a scam or hack. However, those steps make the difference between being a difficult or an easy target. Reducing the attack surface for malicious actors reduces the effectiveness of crypto scamming. The realm of cryptocurrency and blockchain is still developing, and such methods of attack will become more common as crypto becomes more mainstream.