More and more investors are turning to cryptocurrency to turn a profit, which is exciting. Like any type of investment, it comes with a unique set of challenges — and during COVID-19, ASIC reported a 20% spike in cryptocurrency scams year-over-year.
The thought of losing money to a scam is worrying, so we asked the experts at ESET to explain how to spot a cryptoscam and what we can do to stop ourselves from falling victim to one.
Common types of cryptoscams
Cybercriminals are creative, so there are a few types of cryptoscams you want to watch out for. In most cases, scammers try to trick you into sending them money or handing over sensitive information (such as access to your cryptocurrency wallet).
The problem? Cryptocurrency transfers can’t be reversed, and unlike traditional bank accounts, the funds aren’t insured by any regulatory body. Once a scammer takes off with your crypto, it’s gone for good.
When you search cryptocurrency scammer lists online, you’ll find these are the most common cryptoscams:
● Bogus investment or business opportunities. The scammer will contact you about a fake cryptocurrency opportunity and “reveal” how much they made. They might promise you similar profits or offer you an incredible deal. If you end up pouring crypto into their trading account or an outside source, the scammer will steal it and vanish, never to be heard from again.
● Blackmail or holding your funds hostage. Sometimes, scammers will encourage you to deposit more funds into a trading account. Then they’ll fabricate data so when you log in, it looks like you’re profiting from the investments. If you ask to withdraw funds, they either won’t respond or will blackmail you demanding more money to release the funds.
● Emails that download malware or ransomware onto your device. Some scammers rely on old-school methods, such as using a virus or malware to gain access to your crypto wallet and move all the funds to their own account.
● Identity fraud. Phishing emails are one of the most popular cyber crimes, and the crypto world isn’t immune. Scammers might create authentic-looking emails that ask you to validate or log into your trading account, and then use that information to commit identity theft. Similarly, chain referral emails could end up infecting the device of anyone you forward them to.
3 ways to avoid falling victim to a cryptoscam
To protect yourself from cryptoscams and find a safe way to invest in cryptocurrency, take on these best practices.
1. Activate multi-factor authentication (MFA)
Add an extra layer of security to your crypto wallets and trading accounts by implementing multi-factor authentication (MFA). This requires you to provide your username, password and one more piece of information — usually a code sent to your phone or email — before you can log into systems. It also means that hackers need to find a way to crack multiple accounts or devices to get the information they need, which makes their job harder.
2. Invest in a sophisticated antivirus software
To invest with confidence, install a reliable antivirus software like ESET Cybersecurity Pro. It offers a multilayered defense against cyberthreats, including malware, ransomware, phishing emails, and identity theft — all common cryptoscams.
3. Learn how to spot a cryptocurrency scam email
If the contents of an email are too good to be true, they probably are. Try to only open emails from trusted senders and if you do come across a suspicious email, avoid clicking on any links or attachments.
These are some of the telltale signs of a phishing email:
● The email address and domain name don’t match. If you’ve gotten emails from the sender before, go back and make sure the email addresses are the same. Often, scammers will add extra numbers or letters (e.g. firstname.lastname@example.org), or they’ll write to you from a basic Gmail or Outlook account, rather than a company email address.
● It requests personal or financial information. No legitimate person or company will ask you to confirm sensitive information over email, such as passwords or bank account details. If you receive an email with such a request, contact the sender directly and you’ll quickly find out if they were behind it or not.
● There are typos, grammatical errors or odd turns of phrases in the subject line or email. In general, emails from legitimate companies are written by professional writers and edited for spelling and syntax. A poorly written email that’s riddled with mistakes is a red flag, especially if it’s asking you to send money or provide confidential information.
● There are suspicious links or attachments in the email. Cybercriminals often embed malicious links and attachments among genuine ones to trick you into thinking the email is legitimate. Before clicking on a link, hover over it and make sure the hyperlinked URL starts with “https://” and takes you to the sender’s actual site. The same goes for attachments — it’s rare for a company to send you something to download, so scan any attachments with an antivirus software first.
● The email elicits excitement or panic. In some cases, scammers will send emails with the sole purpose to evoke emotion and inspire you to take action. They might try to cause you to panic — for example, by saying your crypto account has been compromised and asking you to log in to verify it. This happened with the Coinbase fake email you might have heard about. On the flip side, they might be writing about an opportunity that’s going to net you unbelievable profits.
Be proactive to prevent cryptoscams
If you do fall victim to a cryptocurrency scam, stop sending money immediately and report the scam to your bank, financial institution or ASIC, who will investigate on your behalf. But as always, prevention is better than cure. Head over to ESET to learn more about navigating the cybersecurity challenges that come with cryptocurrency and explore solutions.