According to a paper from Chainalysis, cryptocurrency-related scams reeled in an estimated $8.6 billion in 2019. Still lacking strong regulation, the crypto industry is growing increasingly rife with opportunistic criminals. Although regulation nor self-policing can ever remove all crime from a geographical area or economic sector, the cryptocurrency world needs it more than ever.
Whether the setting is digital or analog, crime is inevitable. Using digital means, however, criminals can strike victims more discreetly. Cybercriminals also have a wider reach than their in-person counterparts.
Being online-based, cryptocurrency opens the doors to tons of opportunistic criminals. Even those with little technical knowledge can overpower fellow internet users, stealing their information, potentially ravaging their personal finances.
We all know that cryptocurrency has long been linked to crime. Cryptocurrency users need to protect themselves. Even once stronger regulations become commonplace, cryptocurrency users will ultimately be responsible for their security online.
Although they often offer smaller payouts than well-established, sophisticated users, hackers like targeting new cryptocurrency users because they have better success with newbies. Why, exactly, are cybercriminals targeting new users? Also, how are hackers breaking through?
Phishing — A Well-Documented Scamming Tactic That Still Works
Phishing uses social engineering to take advantage of innocent internet users. One phishing scheme involves posing as a popular company, including Netflix or Microsoft, and sending emails to hundreds or thousands of accounts.
These emails warn recipients that their accounts have been compromised. Luckily, however, these purported attempted logins weren’t successful. To regain control of their accounts, the emails ask recipients to follow the included link to login, where they’ll be able to change their passwords, protecting their accounts from further unauthorized login attempts.
Recipients follow the link, ending up on a seemingly legitimate website. They enter their information, unknowingly relinquishing it to cybercriminals. From there, cybercriminals use this login information to take control of victims’ accounts.
While large batches of fake emails might only trick one user, phishing is well worth the effort. Customer lists are cheap to purchase and sending thousands of emails only takes one click. Designing fake websites, emails, and other assets is the most time-consuming part of phishing, which doesn’t take that long.
According to Cisco senior research engineer Jeremiah O’Connor, the Ukraine-based group Coinhoarder is alleged to have stolen $50 million using cryptocurrency-related phishing attacks.
Phishing With Google Ads
As internet users, we’re used to seeing ads online. For most Google search results, the website lists between two and four paid results above the fold. At least one can be found at the bottom of each search engine result page.
Hackers buy ads for phrases like “bitcoin wallet,” directing unsuspecting victims to websites like “blockchien.info,” a spoof of blockchain.info, one of the internet’s leading cryptocurrency exchanges and online wallets.
O’Connor believes this pay-per-click ad strategy works so well because internet users are usually only warned not to click on fishy emails. Most people aren’t weary of advertisements, playing into cybercriminals’ hands.
Hot Wallets Pose Threats to Cryptocurrency Owners
Hot wallets are cryptocurrency wallets that are connected to the internet. Many new crypto owners leave their assets in internet-connected wallets, potentially giving cybercriminals access to their portfolios.
Cybercriminals love to target hot wallets, using malware to slyly collect owners’ private keys, later directing victims’ cryptocurrencies to their own wallets. Ultimately, education and strong operating security is the answer to these schemes. Without fail, countless new users will fail to be diligent, playing right into hackers’ hands.
