Watch Out For Cryptocurrency Cyber Scams

 

In late 2017, the bitcoin investment craze went mainstream in the media. News outlets reported about a variety of investors getting a windfall from purchasing bitcoin early in its existence.

For instance, Yahoo news featured Eddy Zillian, a grade school student who received $5,000 from his parents to start an investment fund. Rather than putting the money towards stocks, he bought cryptocurrencies, including bitcoin. After adding another $7,000 in summer job earnings, Eddy's $12,000 investment eventually rose in value to more than $500,000.

After learning about success stories similar to the one above, many investors decided to purchase cryptocurrencies, including bitcoin. A cryptocurrency is an anonymous digital currency tracked in an online public ledger. To investors, each initial coin offering (ICO) of a new cryptocurrency may be their moment they strike it rich. Unfortunately, the hype over cryptocurrency investing is another chance for con artists to steal money from individuals. These crooks can manipulate people into acting quickly and carelessly by preying on their fear of missing out on this modern day gold rush. Furthermore, some people may conduct their cryptocurrency investment tasks on the company network, which can put the cybersecurity of your organization at risk.

 

Cryptocurrency scammers attract their victims through various channels:

Phishing emails: Thieves will send emails pretending to be from an established cryptocurrency wallet provider. A few examples of phony email messages are two-factor authentication notices, sign-ins from different devices, and requests to sync the wallet with a network. Targets are advised to click on an email hyperlink to a cloaked portal, and then submit their e-wallet login credentials. When the crooks get this data, they are able to log into accounts and steal funds. They may also use these malicious portal sites to install spyware and ransomware on your device.

Google AdWords campaigns: Fraudsters will pay to have their phony cryptocurrency wallet site show up on the Google search results. As an example, a scam wallet called bestwalletbtc.com created an advertisement and paid for it to appear in the Google results for "best bitcoin wallets." Once somebody clicks on the ad, these people were redirected to a professional looking website landing page. The victims registered for the scam program and unknowingly sent their bitcoins directly to the thieves.

Mirrored websites: Scammers can create a replica of a legitimate cryptocurrency wallet service with a slightly misspelled web address. For example, for the wallet provider blockchain.info, a Ukrainian cybercrime gang called Coinhoarder used the website names "block-clain.info" and "blockchien.info. Targets went the imitation websites and entered their blockchain.info information, which was then sent instantly to the Coinhoarder gang.

Social networking accounts: Scammers can join legitimate Facebook, Slack, and Reddit groups and then promote fake cryptocurrency airdrops to investors. An airdrop is a free giveaway of coins by cryptocurrency project with the purpose of building awareness and encouraging future purchases. The scammers will persuade investors to act on their deal immediately and without caution. In order to receive the airdrop, the scam will require users to enter their wallet private key to a fake portal.

 

How can you protect yourself?

Keep your device and antivirus software updated. Devices must be scanned with the antivirus software every week.

Look out for phishing emails, especially if it shows sloppy details, such as the misspelling of words, email addresses, and URLs. Also, watch for pixelated logos and photos in the email.

Enable filters for company email accounts and website activities. As an option, your business may use content filtering software to block employees from accessing cryptocurrency websites on the network.

Set up rules for acceptable use for email, internet browsing, and social networks. For example, staff members should stick to conducting their investment activities on their personal private devices and networks. Warn employees that failure to follow acceptable use rules could result in disciplinary action and/or termination.

Use a VPN when on public Wi-Fi networks. Don't log into financial accounts on a public Wi-Fi signal, such as a cryptocurrency wallet account. A hacker nearby can spy on your activities or even install performance hogging cryptocurrency software on your device.

Store your account login information (especially wallet private keys) in an encrypted password manager. Passwords should not be plain text in a Word document nor written down in a notebook.

Use two-factor authentication on private accounts, including cryptocurrency wallets.

Educate employees on phishing scams. Perform regular cybersecurity training and phishing email simulations.

Keep your social media accounts private and don't have your contact information readily available.

If you receive an announcement on an email or through social media regarding a wallet vendor, cross-check it on the official website.

If you are trying to follow a wallet vendor's social media account, check when the account was made and how many followers it has.

Don't give out the private key. Wallet providers will not ask for it.

 

If you have questions or concerns about your cyber security, you may contact us at 877-794-3811 or This email address is being protected from spambots. You need JavaScript enabled to view it.. We can provide added protection in our subscription-based cloud service called Security as a Service. It includes email security, web security, enterprise anti-virus/anti-malware protection, ransomware protection, intrusion prevention, and security monitoring.

 

Contact us at 877-794-3811 or [email protected] for Professional IT Support

get in touch