R. Paul Wilson On: Protecting Yourself From Crypto Scammers
Recently I delved into the issues of investing in crypto and understanding the dangers of various coins based on the size of their blockchain.
As discussed there, the need to control 51 percent of a currency’s ledger record means that the bigger (and faster) a network is, the harder it is to access the necessary nodes and keep up with updates.
My conclusion (and I’m essentially a noob) was that the coins themselves are difficult to hack, but what about individual holdings such as software-based wallets or online accounts?
That’s where real digital danger lies.
In this article, I’m going to lay out the most common threats to your digital pocketbook.
Nothing New Here
For the most part, cryptocurrencies are just another item of value and like many other digital items, access to where records are held can be enough to defeat our individual (often inept) security measures.
Like your online bank account, if someone can gain access to that account with your details and password, they might easily steal all of your money with a click of a keyboard.
The methods used to do this are not dissimilar to how local crypto wallets (stored on a device) or remote exchange accounts might be compromised.
To gain access to your funds, thieves can take several approaches from stealing your ID or password to convincing you to send the funds yourself.
If you have a healthy interest in all things deceptive, these tactics will be quite familiar.
The fact that most digital currencies are unregulated creates a Wild West aspect that attracts online bandits and offers them a degree of impunity compared to other forms of theft.
As a result, the diversity of thinking from this new generation of fraudsters can create remarkably complex or elegantly simple methods for taking your money.
How They Find You
With any con game, knowing what a potential target wants is the foundation upon which most scams are built but scammers also need to target victims with treasure that’s worth stealing.
Online profiling can create a catalogue of viable crypto investors simply by trawling forums, video comments and social media groups while collecting any available data from these sources.
With your email, phone number and real name, scammers can attack people in several ways so fostering a disposal identity that’s difficult to connect to your own might be a good strategy in terms of protecting your true identity.
I don’t particularly care for anonymous online interaction since it tends to foster negative discussions, insults, lies and general bad behavior but when it comes to not revealing yourself as a target for thieves, an alter-ego might not be such a bad idea when publicly discussing financial matters.
I leave that up to you but please, act responsibly.
An important factor is that there are a lot of new investors vulnerable to many forms of attack and crypto seems to attract a certain type of investor who tends to be overconfident in the face of much more sophisticated adversaries.
Like a brand-new chess player convinced they could hold their own against a grandmaster when in fact, they’re almost certain to lose; whereas a more intelligent beginner might have the self-awareness to recognize when they’re sitting opposite a superior opponent and expect the inevitable.
This is nothing new and poker players everywhere have learned the hard lessons of hubris only to take full advantage when tables are turned later in their playing careers!
How They Get You
An exhaustive list or description of methods might fill a book so take these are merely examples of how scams might catch you. You should always be aware that new variations are common.
You will hopefully recognize all of these tactics from other types of scams but that does little to help if you don’t remain vigilant when trading online and accept that you might be outplayed and outgunned if you fall into a well-concealed trap.
Traditional methods like phishing, where an email or online communications trick people into accessing bogus sites and/or installing (openly or secretly) malware onto their devices remain successful.
No matter how hard we try, there will always be a link we shouldn’t have clicked or a page we shouldn’t have opened.
A key component to the success of phishing is timing and while billions of emails might be sent in the hope that a few will fall into a victim’s inbox just after they’ve spoken to the bank or company being emulated; crypto scams can make excellent use of data trawled from the sources previously mentioned and be almost tailored to individual recipients.
A powerful tactic is to find subscribers to certain websites, channels or individuals and then spoof these sources to make it look like you are talking to someone you may already trust.
Recently, multiple celebrities were hacked and their online identities used to advertise a giveaway of cryptocurrency where any amount of crypto sent to them would be doubled and quickly returned.
Of course this sounds like a scam, but the fact it came from verified sources (apparently) gave it enough credibility and inherent trust in these famous accounts trapped lots of people into foolishly sending their money.
2. Infestment Opportunities
Malware can come from many sources and now that the incentive to hunt and steal digital currency is high, don’t think that dodgy emails or texts are the only ways to get past your personal security measures.
Genuine software updates from major companies have had viruses incorporated at source and it’s only a matter of time before one of the big two operating systems has a disastrous event baked into its own code that might trigger before it can be recognized.
Hardware is also a very real danger and anything you plug into your computer might have something unexpected lurking inside.
Personally, I’m hyper cautious about all USB sticks and hard drives to the point where I would prefer to use one device purely for financial matters and protect it from all other unnecessary software or hardware.
I recently heard of a USB flash drive company sending tens of thousands of sticks to corporate clients, each with a virus on board waiting to find the right conditions for a digital heist.
It’s easy to become super-paranoid but a little paranoia is warranted in the face of unwanted parasites infesting seemingly legitimate products and providers.
3. Online Imposters
Unsurprisingly, fake websites have become increasingly common as a way to facilitate various types of crypto theft and these sites might run for hours, days or months before recycling into a different form with a similar name.
Fake websites might be a complete copy of a recognized legitimate site but with a tweaked URL to fool those who don’t double check such things and still click through from emails.
Social Engineering attacks often direct people to these bogus sites and encourage them to create accounts or enter details that might be useful elsewhere.
This type of attack uses human-to-human (apparently) engagement to gain trust or manipulate people into giving sensitive information or taking actions that compromise their personal online security.
You can check these sites for yourself with services like Crunchbase but if you don’t know what you’re doing or have any reason to doubt, my advice is to stick with well-known exchange sites and always check the URL you’re using.
Your Best Defense?
As Mr. Miyagi says, the best defense is to “no be there”.
I’d caution anybody about getting too deeply and too openly involved in any financial venture without learning as much as you can about what’s safe and what’s not and to always recognize that the less you know, the more vulnerable you are.
Make sure your passwords are as strong as possible and be equally careful with password recovery methods that should be as strong as the password itself.
Think of it this way: if you have a 50-digit password with numerals, letters and symbols but your password can be recovered by knowing the name of your dog or grandmother’s maiden name, you’re not as safe as you think you are.
By using two-factor authentication on all your accounts, tracking all wallet or exchange activity, deleting any remote access software that might be on your devices and using advance phrase recovery for your accounts, you minimize the chances of being scammed.
And of course, make sure your anti-virus software is up to date on any devices you use for financial purposes.
Such steps will make you a harder target but if hackers smell blood in the water and concentrate their efforts on any one of us, it’s only a matter of time before they break through.
And if you do get hit, stop all activity immediately, reset passwords and report it immediately to your brokerage.
If at all possible, have a trusted, verifiable source for advice on how to navigate the minefield of cryptocurrencies.