Cryptocurrency interest spiked in early 2023. Multiple Super Bowl commercials pushing various crypto companies to the masses commanded investments of all sizes from individuals and organizations of all types.
Cryptocurrency continues to be a popular investment option, with the value of Bitcoin alone reaching more than $60,000 in 2021 and hovering around $30,000 at the time of publication of this article. With a market cap of more than $568 billion, Bitcoin alone holds massive financial implications for investors and non-investors.
As with any new technology or mass market interest, with the rise in awareness and general interest comes a rise in cybercrime looking to capitalize on the influx of attention.
Crypto scams and phishing attacks deploying crypto scam themes are on the rise. In recent years, cybercriminals have become more sophisticated and are utilizing innovative tools and phishing kits at their disposal to lure unsuspecting victims into investing their money in fake cryptocurrencies or divulging privileged financial information via fraudulent phishing sites.
Crypto scams have become a common phishing threat theme. Scammers and cybercriminals first create websites or social media accounts designed to steal authentication credentials and private keys.
This tactic provides cybercriminals with the necessary information to access victims' cryptocurrency wallets and steal funds.
As phishing attacks have “leveled up” in their sophistication and creativity, scammers are now capable of creating domains that mimic real, legitimate cryptocurrency exchanges or wallets.
One example dates as far back as 2019. A group of hackers launched a phishing campaign targeting Coinbase users. Distributing phishing emails appearing to be from Coinbase support, the hackers were able to drive users to a doppelganger login landing page and obtain target account authentication credentials.
Scammers have also deployed Ponzi schemes promising high returns on cryptocurrency investment. Instead of investing the provided funds in anything at all, the cybercriminals use the funds to pay off earlier “investors” and continue the perpetuating cycle of siphoning monies from the next victim to grift more, longer.
One example of how this was executed is the Bitconnect scam. The United States Securities and Exchange Commission (SEC) shut down the scheme in 2018. Bitconnect promised investors high returns on their investments but never delivered tangible results and the SEC discovered the program was a Ponzi scheme successful in defrauding investors out of millions of dollars.
Another cybercriminal cryptocurrency threat attack theme is the initial coin offering (ICO) scam. Scammers create a “new” cryptocurrency and sell it to investors through an ICO. Think of this just like a standard initial public offering (IPO) companies have when they go from private ownership to being publicly traded…with one catch.
Unlike IPOs, ICOs are unregulated, making them an attractive target for scammers. In 2018, a group of cybercrime scammers created a fake ICO for a cryptocurrency called "Giza," which they claimed would “revolutionize the mobile phone industry.” The scammers were able to “raise” more than $2 million from would-be investors before the scam was shut down.
So how can you avoid falling victim to these crypto scams?
Be aware of the warning signs!
One of the most significant warning signs, as with any general phishing theme, promises an offer too good to be true. High returns on investments with little risk are a red flag.
If you’re contemplating investing in cryptocurrency, be cautious of unsolicited emails or social media messages claiming to be from cryptocurrency exchanges or wallets delivering enticing, limited-time offers. Legitimate companies do not contact customers in this way.
Do your homework! Before making any investments of any kind, you should research the company, in this case, the cryptocurrency or ICO. Check for a legitimate company website and social media pages and even search the company name with the Better Business Bureau and investigate any findings of news articles to determine if the company is reputable.
And if you’re already a cryptocurrency investor, keep your wallets and accounts secure. Use strong passwords, enable multi-factor authentication (MFA), and protect your private keys and privileged information. Don’t use public Wi-Fi networks, which can be easily hacked, to access your accounts.
Bottom line? Cryptocurrency has provided investors with an opportunity and a new option for investment. Staying aware of phishing attacks, Ponzi schemes, and ICO scams is critical to staying ahead of cybercriminals and scammers looking to prey on investors.
To train your organization on the latest cyberattack types and become cyber aware, contact our team of subject matter experts committed to keeping clients as safe and prepared as possible for a tailored cybersecurity training program recommendation.
What are the strengths, weaknesses, opportunities, and threats to a security awareness training program?
Phishing kits are becoming one of the most accessible components within a cybercriminal's arsenal.
Deepfakes are on the rise with AI. Are you ready to defend against them?
