While the year may be young and carry the promise of a fruitful bull run, one must never forget the perils that await at every corner. Crypto scams are ever evolving, and they threaten to pull you from your hard earned stack. Let’s discuss some of the most common crypto scams currently making the rounds, and how you can make sure you don’t fall victim to them.
#5 Phishing Attacks
Phishing attacks represent a pervasive and insidious form of cybercrime, designed to exploit human psychology rather than technical vulnerabilities. Typically carried out through deceptive emails, messages, or websites, phishing seeks to trick individuals into divulging sensitive information such as login credentials, financial details, or personal data. The term “phishing” is a play on the word “fishing,” reflecting the attacker’s use of bait to lure unsuspecting victims.
Thanks to countless data breaches, scammers may already have your phone number and/or email address, complete with knowledge of potential accounts you associate with it. From there, it’s just a simple poke and prod with misleading notices meant for you to take action…by clicking on the link they provide, of course. Once they gain access to your account, they can gather even more sensitive information or use the access they have to drain your balance.
-Sending email address is different from official website url
-Spelling or grammatical errors in message contents
-Call to action with a direct link to the scam
How to Avoid:
It may be a sobering thought, but you cannot trust anything sent to you. Regardless of how legitimate that email or text message may look, you have to assume that it could be a trap.
Pay attention to the sending email, and see if it matches earlier known official communications. If a company or service reaches out to you to give notice or instructs you to take action, it is best to contact the provider directly for confirmation. This means using publicly available contact information and NOT what is listed in the message.
#4 SIM Swap Attacks
A SIM swap attack is a sophisticated form of identity theft that exploits the vulnerabilities in the authentication process used by mobile carriers. The attack involves the unauthorized transfer of a user’s phone number to a new SIM card, usually controlled by the attacker. This nefarious technique allows the attacker to gain access to the victim’s personal and financial information, as well as control over their various accounts linked to the compromised phone number.
SMS text verification may be better than nothing, but there are still vulnerabilities to consider. Data breaches (are you seeing the pattern?) can reveal what accounts are tied to your mobile number. With the right tactics, and maybe even an inside connection, scammers can have your number ported to a SIM card in their possession. From there, your accounts…and anything in them, are in the control of bad actors.
-SIM swap attacks happen suddenly and swiftly. There may be no indication that you have suffered a SIM swap attack until it has already happened.
How to Avoid:
Keep your phone connected to a trusted WiFi network when possible. Even if your phone is compromised, web data should still be working and allow you to receive emails indicating critical account changes.
Authenticator apps will be your best friend to supplement account protection. Apps like Authy (hyperlink) and Google Authenticator (hyperlink) provide time sensitive codes to enter at the point of login. They may take a little extra time to implement, but isn’t your account worth it?
Additionally, our partners at Efani (affiliate hyperlink) are the leading mobile provider to keep your SIM card safe. Through stringent multi-step security protocols, your cell phone stays resistant to unauthorized account changes. To learn more about Efani and how they keep your phone safe, click here.
#3 Employment/Gig Scams
Employment scams are deceptive schemes that prey on individuals seeking job opportunities, exploiting their eagerness for employment to swindle them out of money or personal information. These scams have proliferated in the digital age, leveraging online platforms and sophisticated tactics to appear legitimate. One common method involves fake job postings on reputable job boards or websites, enticing job seekers with attractive positions and competitive salaries.
In the crypto world, this scam will often manifest by the outreach of “recruiters”. Perhaps you responded to a seemingly legitimate job posted. Perhaps you posted you are looking for work opportunities. Regardless of the circumstances, you will be approached with a generous offer.
From there, you will perform legitimate tasks and receive payment for them in the form of crypto. This crypto will be available to withdraw, gaining further building your trust in the opportunity. Eventually, you will be offered more lucrative tasks where the payments will accumulate in your payment balance. Often blocked by new withdrawal limits, it will grow larger and further entice you to push forward. It’s only when you are finally able to withdraw that you realize you are unable to.
Contact with your recruiter or technical support will reveal that “taxes & fees” will need to be paid before you are available to withdraw. The ultimate problem is that there is no intention on the scammer’s side to allow any withdrawal, because the money you think you are owed doesn’t even exist. It is often a fabricated work portal with made up numbers to represent your earnings. This scam only ends in one of two ways…you either give up or run out of money in erroneous fees.
-Being approached after posting or responding to a post is normal. Being approached outside of official channels should be looked upon with suspicion
-Scam recruiters often try to direct the conversation towards private WhatsApp, Discord, or Telegram groups. This is often how they isolate the victim and control the narrative. Nothing is to be trusted there
-An initial “buy-in” is required, often explained as part of costs for onboarding, training, or to prove your seriousness in participating. They will often claim this is refundable at a certain point (hint hint: it won’t be)
-Payment is only via cryptocurrencies. While not suspicious in and of itself, it is highly suspicious when combined with other spotted red flags.
How to Avoid:
Never veer off platform when taking work. They are there to safeguard both you and legitimate employers from fraud. Never pay anything upfront to start work. Stay away from 3rd party messaging groups that you are invited to. If the employer only pays in crypto, mandate that it be paid directly to a wallet in your control. An added layer of protection would be to give a wallet that is not your primary, but rather an intermediary. Once paid, you can move the funds as you wish.
#2 Romance Scams
Romance scams, also known as Pig Butchering scams, are a form of online fraud where individuals create deceptive emotional connections with victims to exploit their trust and manipulate them for financial gain. These scams typically originate on online dating platforms, social media, or other online spaces where people seek companionship. The perpetrators, often operating under false identities, develop virtual relationships with unsuspecting individuals, taking advantage of their emotions and vulnerabilities.
As the relationship develops, the scammer introduces a fabricated crisis that requires financial help or recommends an investment platform they’ve successfully used to increase their wealth. Common scenarios include medical emergencies, business ventures, or family issues. The victim, who is emotionally invested in the relationship, becomes more susceptible to manipulation and may be persuaded to send money or provide sensitive financial information.
-Individual claims to be local, but is currently far away for work/leisure.
-Individual is of high status (profession/rank/social)
-Highly attentive and flirtatious, which transitions to love bombing and talk of a future together
-A sudden tragedy befalls the individual
-Suggesting an investment platform
-Inconsistencies with voice and video compared to photos.
How to Avoid:
The promise of true love and companionship can be exhilarating, but do not let it cloud your judgment. You may stick around to see if the person you met is the real deal, but the simplest way to stay safe is to follow common sense and not send them money.
-Why are they asking someone they never met for financial help?
-Couldn’t they ask their personal friends or family?
-If they have none, isn’t it a little convenient they found you?
-Would YOU ever find yourself asking for thousands of dollars from strangers you’ve never met face to face?
#1 Investment Scams
Cryptocurrency investment scams have become increasingly prevalent in the digital age, targeting unsuspecting individuals eager to capitalize on the booming crypto market. These scams manifest in various forms, employing sophisticated tactics to deceive and defraud investors.
One common variation of the scam involves fraudulent Initial Coin Offerings (ICOs) or Airdrops, where scammers create fake tokens and promote them as the next big investment opportunity. These illegitimate ICOs and Airdrops attract investors with promises of high returns, only to disappear with the funds once a certain threshold is reached. Investors are left with worthless tokens and empty pockets. On the other hand, Airdrops entice the victim into signing unverified smart contracts with their web3 wallet to receive the Airdrop, inturn opening an attack vector to have all tokens in their wallet drained.
Another variant shares a lot of common ground with romance scams, but pivots towards investment rather than tragedy. Instead of a plea for help, fraudsters instead offer guidance to invest in crypto through them or a “guru” they are close with. Also similar to employment scams, they will try to move the conversation into private chat groups in order to manufacture false hype. Through fake platforms, victims are instructed to disclose sensitive personal information and deposit funds. Everything looks great until it’s time to withdraw the returns. From there, the platform will demand you owe taxes and fees to receive the balance you see on the screen. These scammers will persist until the victim gives up or runs out of money, at which point they sell your information to other scammers, so they can try their luck with you.
-Conversations with individuals turns to investing in crypto and an offering of help
-The promise of unusually high returns
-Invitation to private “investment” groups on 3rd party messenger platforms
-The use of obscure exchanges that are not readily found through independent web searches
How to Avoid:
While the future of crypto is bright and potentially lucrative, it does not mean easy money. If it sounds too good to be true, it probably is. If someone contacts you and brings up crypto investing, don’t take them for their word. See if what they say passes the sniff test of friends, family, or colleagues. If you don’t know anyone familiar with crypto, take your question to threads like r/CryptoScams and see what they have to say.
Stay away from private groups. For all you know, every user could be part of a group who are carefully trying to lower your guard. It might even be the same person controlling multiple accounts.
Pay attention to exchange domains. Sometimes scammers create fake exchange sites that are very similar to more well known platforms. Don’t assume they are one in the same if there are similarities to the name.
2024 has the potential to change the lives of many crypto users forever. Whether it’s for better or worse depends completely on you and your eye for details. With bull runs comes FOMO, and nothing works better for a scammer than someone who is lured in by it.
We should know…CoinStructive has been helping the victims of crypto scams since 2019. We stand committed to our mission of promoting awareness and education, and our team is dedicated to bringing scammers to justice through our investigative efforts and connections to law enforcement. If you’re a victim of a crypto scam, or suspect you might be, contact us for help or more information.