Crypto scams are a plague
Although we are in a crypto winter with the crash on the markets also driving down the crypto valuations, we still receive emails from victims telling us about the scammers trying to convince them to invest in promising crypto ventures. So Crypto scams are still a plague, and it is crucial to avoid them.
According to reports to the US FTC since the start of 2021, more than 46,000 people have reported losing over $1 billion in crypto to scams– that’s about one out of every four dollars reported lost,more than any other payment method. With the median individual loss amounting to $2,600. According to the US FTC the top cryptocurrencies people said they used to pay scammers were Bitcoin (70%), Tether (10%), and Ether (9%).
According to the US FTC the reported losses in 2021 were nearly sixty times what they were in 2018. The scammers favour crypto mainly because crypto transfers can’t be reversed – once the money’s gone, there’s no getting it back. And most people are still unfamiliar with how crypto works.
After collecting some experience in the scam area for several months, we have been struck by an evolution: malicious cyber actors are becoming more aggressive, sophisticated, belligerent and brazen. The threat is for sure real, impressive and ongoing.
But still, many crypto scams are just variations of existing scam techniques. Would-be attackers are using traditional cons adapted to try and pry away others’ hard-earned life savings.
The most popular crypto scams are as follows.
Phishing scams occur when criminals fish for confidential information and trick victims into handing it over. Very often seen in the form of a pop-up or malicious email, these attacks are becoming more sophisticated and are intended to swipe critical financial information from an unsuspecting person.
Traditional phishing criminals may search for your credit card or bank information, and cryptocurrency phishers target the victims to gain access to their digital wallets or obtain their secret recovery phrase.
The scammers send an email from a crypto wallet or provider that looks realistic, with an offer that contains a potentially harmful link when you click on it.
The link could ask you to provide your login credentials to a wallet you own or trick you into providing your personal information that can be used to defraud you.
Winning free money can be fun. Falling victim to a fake giveaway and losing everything is not.
Giveaway scams may promise anything from free cryptos to a fortune. One victim lost £400,000 for trusting a fake giveaway message from someone posing as Elon Musk. The attackers changed their profile picture on Twitter to match the one Elon Musk was using at the time. They then replied within one of Elon’s Twitter threads that they—posing as Elon—would be giving away double the amount of BTC that victims deposited.
The cryptos were gone, as you can imagine.
Online trading scams (also termed investment scams)
As with traditional cyber trading scams, victims are promised great returns via the simple act of buying cryptos via a well-known crypto exchange and sending them to a provided wallet address. Aggressive boiler room employees will tell victims that if they invest a relatively small sum, they will see instant—and quite unrealistic—gains.
We can only advise avoiding any online investment schemes promising great returns. We guess 98% of all online undertakings are scams, so do not trust anyone who tells you that it is possible to make a fortune by handing over your cryptos
Social engineering scams – i.e. romance scams (Pig Butchering)
Social engineering scams – often done on dating apps – involve an attacker that gathers information about the victim before reaching out to gain trust and eventually attempting to defraud them.
There are critical red flags that occur in many social engineering attacks. The social engineer will usually contact the victim out of the blue, requesting urgent help and employing emotional appeal to get the target to act. Well-researched attackers will know how to manipulate victims into giving up vital information or funds.
If successful, then the attacker will disappear. These scammers will never use their real identity, so any attempt by victims to contact them to get their cryptocurrency back will be impossible.
Falling victim to social engineering cryptocurrency scams can be avoided, and keeping an eye out for these red flags will help you to recognise and avoid cryptocurrency scams.
Romance scams – social engineering scams via dating apps – have shown a massive rise during the past years, also supported by the pandemic is a prevalent and disgusting form of these scams. These scams are also referred to as “pig butchering scams.”
In 2021, the FBI’s Internet Crime Complaint Center received more than 4,300 complaints related to crypto-romance scams, resulting in more than $429 million in losses.
The scam started in China in late 2019, but, as those numbers indicate, it’s now becoming more prevalent in the United States. Scammers are using translation programs to communicate seamlessly with their victims.
FBI reports that Victims have very similar stories: Meeting someone on a dating app, the scammer gains the confidence and trust of the victim, and then claims to have knowledge of cryptocurrency investment or trading opportunities that will result in substantial profits. The victim is then directed to transfer large amounts of cryptocurrency from the exchange account to cryptocurrency wallets controlled by fraudsters, ultimately losing it all.
Fake Website scams
Fake websites could be a vital component of any cryptocurrency scam. Once the victim takes the bait and clicks a malicious link, they have already been in danger.
For example, a phishing or giveaway scam will usually include a link to a website that looks legitimate but is just a fake. Fraudsters may set up a realistic webpage that uses a trusted party’s official layout, logos, and language. They may use a similar URL or domain name that is off by one character, visually tricking users into believing that the site is correct.
When victims land on fake websites, scammers usually ask for confidential information such as private keys or secret recovery phrases. This information will never be requested by a legitimate CASP (Crypto Asset Service Providers) and divulging it can lead to the victim´s funds being wiped out.
Extortion scams occur when someone sends messages threatening to release embarrassing or incriminating photos or information. Whether the contents are accurate or fabricated, scammers will extort victims by threatening to blackmail them unless a sum of money is paid.
Fraudsters may provide a crypto wallet address, demanding money be sent or face the embarrassment of having blackmailed information leaked online or to loved ones. They will apply pressure to act quickly, attempting to coerce victims by contacting them on private email addresses or telephone numbers.
Goods and Services Scams
Fraudulent merchants will use their website—or listings on secondary sites—offering to ship goods or promise a service. Scammer merchants will happily accept crypto without ever intending to ship the goods sold or render the services promised.
With rising rental costs, scammers who ask for cryptos to be transferred before an affordable flat can be visited, or scammers impersonating recruiters or job seekers to earn crypto by requiring cryptocurrency as payment for job training are on the rise.
Therefore you should only buy from trusted sellers when paying for services or merchandise with crypto. Before buying, do thoughtful due diligence.
NFT mint scams as an example of Rug Pull scams
Rug pull scams involve investment scammers “pumping up” a new project, nonfungible token (NFT) or coin to get funding.
Fake NFT mints are one of the most common Rug Pull scams that go after the fake website playbook. Fraudsters create a real-looking website and social media accounts to hype an upcoming mint,
When the project is launched, instead of connecting a wallet to mint a new NFT, the victims’ wallets will be drained and all funds sent to the hacker’s wallet. After a successful attack, it is standard for the fake website and all social media profiles like Twitter and Discord to be deleted within days.
After the scammers get the money, they disappear with it.
A popular version of this scam was the Squid coin scam, named after the popular Netflix series Squid Game. Investors had to play to earn cryptos: People would buy tokens for online games and make more later to exchange for other cryptocurrencies. The price of the Squid token went from being worth 1 cent to about $90 per token.
Eventually, trading stopped, and the money disappeared. The token value reached zero as people attempted but failed to sell their tokens. The scammers made about $3 million from these investors.
So How to avoid crypto scams?
It is essential to be able to recognise the different crypto scams and to know how to avoid them.
When sending cryptos, always stay alert for potential scammers. Be aware that in any crypto transaction, there’s no way to retrieve your money back once you’ve shipped it.
a)Never share your financial information or private keys
Even if you are sure you are interacting with a trusted party—such as a wallet or cryptocurrency provider—you should act carefully and refrain from sharing sensitive information.
b)Be wary of offers that seem too good to be true.
If you are promised an investment that guarantees returns that sounds too good to be true, then it’s likely a scam. Cryptocurrency investments can be a great opportunity, but no one can guarantee instant returns. Those that make such promises are not to be trusted.
c)Never reply to people that contact you out of the blue
Not every unsolicited opportunity may be a scam, but you should always be wary of offers made without prior contact. Scammers may contact you via social media or phone, promising trading returns, special promotions, and other fraudulent offers.
d) DYOR: Do your research on who you send crypto to
Check the website domain name or social media handle to ensure that you do not send money or information to someone falsely posing as a legitimate individual or business. You can even send a message to the official channel on the social media platform to ask if the account in question is honest and also let them know if there are any suspicious copycat fake accounts out there.
You should only send crypto to a wallet that you or trusted third parties control. Something straightforward you can ask yourself is if the other party seems like a legitimate company or individual. If they claim to be a business, make sure they are a legitimate company by performing a Google search. Check how long they have existed and check on the personal profiles on Linkedin (or other equivalent social media channels of the people given as the management. If you want to transfer a material amount, contact the people via private message on Linkedin and talk to them.
e) Don’t feel pressured to respond to threatening messages
If the person you are in contact with is messaging you with threats or warnings, this is likely an attempt to get you to send cryptos quickly without fully thinking through the proposition. When acting out of fear, you’re less likely to consider all facets of the situation and are prone to making rash decisions.
-Never send money, trade, or invest based on the advice of someone you have only met online.
-Don’t talk about your current financial status to unknown and untrusted people.
-Don’t provide your banking information, Social Security Number, copies of your identification or passport, or any other sensitive information to anyone online or to a site you do not know is legitimate.
-If an online investment or trading site is promoting unbelievable profits, it is most likely that—unbelievable.
-Be cautious of individuals who claim to have exclusive investment opportunities and urge you to act fast.