The crypto business: more lucrative, but increasingly dangerous
That’s not surprising or unexpected, which makes the following all the more alarming. Rising crypto rates are causing a surge in virtual crime in the form of pilfering from lucrative pies by illegal means. From phishing e-mails via fake brokers to stock exchanges that seem real – there’s everything you could think of to make a cyber criminal’s heart skip a beat. A lot of them sense the opportunity for easy money. After all, the unstoppable growth of crypto attracts not only financial professionals and coin experts but also a lot of beginners and more reckless investors.
Everything comes at a price
Blockchain technology [link in German], which underlies cryptocurrencies and supports these types of investments, is extremely secure by nature. However, cyber criminals manage to circumnavigate all these mechanisms in bold but effective ways. Virtual gangsters use all the tools the Internet has available for their illicit practices. If you’re not careful, you won’t be immune to a potential attack, no matter where it happens – be it via e-mail, on social media or ordinary websites.
Twitter in particular seems to be good fodder for crypto con artists. The increase in fraud cases via Twitter suggests that this is the social media platform for making the quickest and most money. It’s where fraudsters pitch fictitious investment opportunities or suggest giveaway scams by manipulating or imitating business or celebrity accounts. For example, cyber criminals pretended to be Bill Gates in this tweet.
However, Bill Gates wasn’t the only celeb to have their account abused. In July 2020, online teenage thieves managed to make off with almost 120,000 US dollars in just a few minutes with this social media trick. They were using an internal Twitter tool to get around security procedures in account verification and thereby access a number of high-profile individual and business accounts. They published various tweets under fake names which drew in thousands of victims with the prospect of easy money and got them to fall into their trap. The «only» thing victims had to do was send a relatively small bitcoin amount to another wallet. They were then meant to receive twice the amount back... but it never happened.
Scams like this keep doing the rounds on Twitter. In one week in February 2021 alone, MalwareHunterTeam, a group of safety experts specialising in online scams, called attention to almost 50 tweets that were meant to mislead users into sending cryptocurrency to criminals. Unlike the attempt above, in this instance, Internet criminals were using accounts no longer in use or not well secured. They then changed the accounts so they’d look official, certified and managed by a celebrity such as Elon Musk.
And that's exactly what happened to the person who’s probably the most famous Bitcoin billionaire. Crooks used an old certified Twitter account and masqueraded as Elon Musk to guide potential victims to a domain set up specially for their scam. Once there, victims were enticed by a 5,000 bitcoin reward disguised as an official Tesla offer. Anyone who transferred a small bitcoin amount to the given account was then meant to get ten times the amount back. If they’d taken a closer look, shrewd users would have spotted that the fake page loaded a lot of content from a host that had already been associated with attempts at deception the year before. On that occasion, the attempts to defraud had also been made under the guise of Elon Musk’s identity. The extent and persistence of these fraudulent activities ruthlessly show how effective they still are and how much money can be made on the crypto market. That’s despite the fact a lot of these scams have already been publicised numerous times and people keep being warned about them.
Too good to be true
Pretending to be a broker, miner or any other online service provider is a tactic that’s even more popular than social media scams. The process involves cyber criminals promising their victims powerful ROIs, free mining hardware or the ability to recover alleged stolen coins. To do so, scammers dupe users by connecting them to websites that seem real and give users the impression they’re on a legitimate platform, either of a trusted crypto broker or a well-known Bitcoin investment company.
One example is Initial Pips. It’s a site that, from the outside, looks like a professional crypto broker’s homepage. But behind the façade, it’s actually just a scam set up to get users to part with their coins. The page lures you in with lucrative options for highly profitable Bitcoin investments. All the subpages and businesses namechecked are purely fictitious and aimed solely at getting unsuspecting crypto investors to part with their digital coins. With the promise of exceedingly high profits, cyber criminals ensnare countless victims on a daily basis thanks to the boom in crypocurrencies. The scammers’ success is down to a strong web presence, which they achieve using HTTrack – free software that lets them copy websites. These look like the original sites, apart from minor changes to the logo, images or branding. You can find more examples of these kinds of scams on the Crypto Scam List 2021, which was published by the Scam News Channel.
Like shooting fish in a barrel
Employing phishing techniques to access login details from crypto service users isn’t just a trend amongst the usual online criminals. It’s also a popular tool that cyber criminals use to gain illegal access to other people’s coins. This is another instance where websites are copied and fake login screens generated. Users then enter their details unsuspectingly, thinking they’re on an official crypto platform. When in actual fact, they’re handing their user name, password and crypto keys straight over to scammers.
Another fraud attempt targeted all Ledger users – in other words, anyone relying on the physical crypto wallet manufacturer’s USB sticks. When users clicked on the «Connect» button, they thought they were linking up to their Ledger account. Instead, they were transferring their login details to cyber criminals. However, highly trained experts discovered that the domain employed the same infrastructure and IP address as other fraudulent pages. And yet, the site is still online, catching out careless crypto investors whenever possible. A similar example is mining-station.uk, where the user is promised profits of 50% per month. trustfundcredit.com falls into the same category. The site tricks careless crypto users into thinking they’ve landed on a trustworthy coin bank page.
Be thorough, vigilant and wary
The pandemic and the anxiety it’s caused has meant that more and more cyber criminals are finding ways to hoodwink unsuspecting people and steal their coins. The methods used are becoming ever fancier and the results often look deceptively real. After all, it’s not only the market that continues to develop; coin thieves are also getting more astute by the day. Given that cryptocurrency rates are going through the roof right now, online scammers are making short work of finding inexperienced crypto victims, who themselves are trying to make a quick buck on the Internet.
That’s why it’s increasingly important to check carefully if you think you’ve stumbled upon a magic money tree. It doesn’t matter if you’re an expert or just getting started with crypto, if an offer sounds too good to be true, 99.9% of the time, it is. So, what should you do? Stay clear of any deals that sound dodgy. Whatever you’re planning to do, be careful and do your homework before you rush blindly into an investment. Ask yourself first if you can really trust the broker, bank or service provider. Certificates at the bottom of the page aren’t reason enough to have confidence in them. Ask around in the community and brush up on your knowledge using sites such as RiskIQ so you have the latest information about scammers. If you recognise their methods, you can better protect yourself from them. That way you also help the whole community by preventing crypto fans and those new to the world of crypto from being at the mercy of online fraudsters.