Cryptocurrencies have slowly evolved from a purely speculative instrument to a more accepted form of payment. Bitcoin is now supported at many online retailers and is being used for more traditional types of transactions. Fully aware of this transition, cybercriminals are targeting more people and organizations with cryptocurrency scams. A report published Thursday by fraud prevention company Bolster looks at the latest types of crypto scams and suggests way to avoid being a victim.
In its “Cryptocurrency Scam Report,” Bolster discovered more than 400,000 crypto scams created in 2020, an increase of 40% from 2019. Based on current projections, this number could jump by as much as 75% for 2021. Bolster attributed the rise in these scams to the growing popularity of cryptocurrency as well as the greater number of people looking for financial help during the coronavirus pandemic.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
In a broad view, Bolster cited four specific types of crypto scams:
- Fake prizes, giveaways or sweepstakes
- Investment-related scams
- Advance fee schemes
- Celebrity impersonations
As one example, a cryptowallet validation/giveaway uses Elon Musk and Tesla to promote a twice-back offer. Just send anywhere from 0.1 to 30 Bitcoin (BTC) to the listed payment address and you’ll receive 0.2 to 60 BTC in return. Though the message looks legitimate with an image of Musk, a barcode and other details, Bolster confirmed that it’s a scam site.
As another example, a page uses pictures of the Winklevoss brothers and their official Gemini logo, promising twice your payment back if you send between 0.1 and 20 BTC or 3 to 200 Ethereum (ETH), but there are warning signs that this is a scam. The site uses a top level domain of .ph, which belongs to the Philippines but it’s hosted in the UK. Plus, Bolster found multiple cryptocurrency foundation sites hosted on the same domain.
To protect your organization and yourself from crypto scams, Bolster offers the following tips:
- For cryptocurrency foundations and business that operate directly in the cryptocurrency industry, know that you are increasingly a target. Thieves will attack your brand, stepping on your domain and publishing fake sites to fool and scam your customers. Be prepared with systems that can detect brand infringements, fraud campaigns and scams, and can help you stop them.
- For businesses in general, recognize that your employees will increasingly be targets of cryptocurrency scams through emails or by sharing links. To stay ahead of this, consider a real-time URL scanning capability to detect and block malicious links traversing your enterprise.
- As an individual, you’re just as much a target. As always, practice safe web browsing and emailing and remain vigilant. Avoid clicking any URLs sent your way if even slightly suspicious. If you’re uncertain about a link you’re about to click, use a free URL scanner like CheckPhish.ai to check it in real-time.