In late 2017, the Bitcoin investment craze went mainstream in the media. News outlets reported about a variety of investors getting a windfall from buying Bitcoin early in its existence.
For instance, Yahoo News featured Eddy Zillian, a grade school student who received $5,000 from his parents to start an investment fund. Rather than putting the money towards stocks, he bought cryptocurrencies, including bitcoin. After adding another $7,000 in summer job earnings, Eddy’s $12,000 investment eventually rose in value to more than $500,000.
After learning about success stories like the one above, many investors decided to buy cryptocurrencies, including Bitcoin. A cryptocurrency is an anonymous digital currency tracked in an online public ledger. To investors, each initial coin offering (ICO) of a new cryptocurrency may be the moment they strike it rich. Sadly, the hype over cryptocurrency investing is another chance for con artists to steal money from people. These crooks can manipulate people into acting quickly and carelessly by preying on their fear of missing out on this modern-day gold rush. Moreover, some people may manage their cryptocurrency investment tasks on the company network, which can put the cybersecurity of your organization at risk.
How can cryptocurrency scammers attract their victims?
- Phishing emails: Thieves will send emails pretending to be from an established cryptocurrency wallet provider. A few examples of phony email messages are two-factor authentication notices, sign-ins from different devices, and requests to sync the wallet with a network. Targets are told to click on an email hyperlink to a cloaked portal, and then enter their e-wallet login credentials. When the crooks get this data, they can log into accounts and steal funds. They may also use these malicious portal sites to install spyware and ransomware on your device.
- Google AdWords campaigns: Fraudsters will pay to have their phony cryptocurrency wallet site show up on Google search results. As an example, a scam wallet called bestwalletbtc.com created an advertisement and paid for it to appear in the Google results for “best Bitcoin wallets.” Once somebody clicks on the ad, these people are redirected to a professional-looking website landing page. The victims registered for the scam program and unknowingly sent their bitcoins directly to the thieves.
- Mirrored websites: Scammers can create a replica of a legitimate cryptocurrency wallet service with a slightly misspelled web address. For example, for the wallet provider blockchain.info, a Ukrainian cybercrime gang called Coinhoarder used the website names “block-clain.info” and “blockchien.info. Targets went to the imitation websites and entered their blockchain.info information, which was then sent instantly to the Coinhoarder gang.
- Social networking accounts: Scammers can join legitimate Facebook, Slack, and Reddit groups and then promote fake cryptocurrency airdrops to investors. An airdrop is a free giveaway of coins by a cryptocurrency project to build awareness and encourage future purchases. The scammers will persuade investors to act on their deal immediately and without caution. To receive the airdrop, the scam will require users to enter their wallet private key to a fake portal.
How can you protect yourself from cryptocurrency scams?
- Keep your device and antivirus software updated. Devices must be scanned with antivirus software every week.
- Look out for phishing emails, especially if it shows sloppy details, such as the misspelling of words, email addresses, and URLs. Also, watch for pixelated logos and photos in the email.
- Enable filters for company email accounts and website activities. As an option, your business may use content filtering software to block employees from accessing cryptocurrency websites on the network.
- Set up rules for acceptable use of email, internet browsing, and social networks. For example, staff members should stick to conducting their investment activities on their private devices and networks. Warn employees that fail to follow acceptable use rules could result in disciplinary action and/or termination.
- Use a VPN when on public Wi-Fi networks. Don’t log into financial accounts on a public Wi-Fi signal, such as a cryptocurrency wallet account. A hacker nearby can spy on your activities or even install performance-hogging cryptocurrency software on your device.
- Store your account login information (especially wallet private keys) in an encrypted password manager. Passwords should not be plain text in a Word document nor written down in a notebook.
- Use two-factor authentication on private accounts, including cryptocurrency wallets.
- Educate employees on phishing scams. Perform regular cybersecurity training and phishing email simulations.
- Keep your social media accounts private and don’t have your contact information readily available.
- If you receive an announcement in an email or through social media regarding a wallet vendor, cross-check it on the official website.
- If you are trying to follow a wallet vendor’s social media account, check when the account was made and how many followers it has.
- Don’t give out the private key. Wallet providers will not ask for it.
If you have questions or concerns about your cybersecurity, you may contact us at 877-794-3811 or info@swifttechsolutions.com. We can provide added protection in our subscription-based cloud service called Security as a Service. It includes email security, web security, enterprise anti-virus/anti-malware protection, ransomware protection, intrusion prevention, and security monitoring.