In the last few years the cryptocurrencies have experimented an unprecedented adoption, which converted them into a financial tool and a subject of popular conversations around the world. Likewise, the growth of the prices on the cryptocurrency market during last year and especially in the last couple of month of 2017, created a lot of expectations when it comes to the long-term development of the cryptocurrencies. As it usually happens, the new and popular phenomenon also attracted the attention of scammers. Regulatory and financial authorities from around the world, among which we can point out the Monetary Authority of Singapore (MAS), the United States Securities and Exchange Commission (SEC) and the regulatory authorities of South Korea, have highlighted the growth of scamming systems on the cryptocurrency market. This situation is constantly keeping the governments on alert due to the danger it represents for the free investments of their citizens. False websites, misleading advertisements on social networks, fraudulent initial coin offerings (ICOs), scams masked as donations, imposters that announce token sales on behalf of celebrities and emails with links to phishing websites are some of the many methods used by scammers on the internet to acquire cryptocurrencies. Some of the aforementioned methods used to scam people involved in the cryptocurrency world are explained here, along with the necessary tools to obtain protection from this type of frauds.
One of the most common methods for scam in the cryptocurrency world are the initial coin offerings (ICOs). The ICOs are used to create piramidal schemes, which is why the regulatory authorities of South Korea, China and the United States of America imposed strict regulations and even banned the ICOs in the case of China. Various platforms organized fraudulent initial coin offerings and then had to face the legal consequences because the funds were raised illegally. Some of these platforms are Arise Bank, Centra Tech, Bitconnect and One Coin. All of the aforementioned platforms are linked to open legal cases in different parts of the world. These projects can be used as examples for the most common characteristics of a fraudulent ICO. Some of these characteristics are using false information about the project and the lack of registered securities. In general, the initial coin offerings that search for investors with the goal of stealing their savings from them provide false information to attract the attention of the audience and make their offer more compelling and promising. Likewise, these fraudulent ICOs do not provide the required information to the regulatory agencies, do not register their commercial operations, nor do they apply for licenses to operate with investment assets legally. Whence, if an initial coin offering is not registered with the authorities, there is a high probability we are talking about a risky investment. The fraudulent ICOs are also characterized by ridiculous guarantees they are offering to investors, which are also impossible to maintain as the time passes. Moreover, these ICOs do not provide any information about the risks associated with investing into a highly volatile cryptocurrency market. And if that was not enough, it is also important to revise the entire documentation provided by the company about its project, the goal of the ICO campaign and the subsequent use of the cryptocurrency the company is offering to the investors. This is because it is common for the fraudulent ICOs to provide incongruous information with lack of data, as well as to publish misleading advertisements using the name or image of someone else without their authorization. It is always recommended to examine all the elements of an initial coin offering to verify its legitimacy and to check if the provided information is in line with what the company is saying about its ICO campaign. Moreover, the fraudulent ICOs also hire famous people to promote the ICO campaign and give authenticity and better image to the ICO, but this is not a guarantee the projects are not fraudulent. One such example is the ICO organized by Contra Tech. The company used Floyd Mayweather, professional boxing promoter and former professional boxer from the United States to promote its ICO, which turned out to be a completely fraudulent project.
More and more cryptocurrency users report unsolicited emails or messages received through social networks in which personal information or information about their cryptocurrency wallets is requested. The method used to create false websites used to steal credentials and data of interest is called phishing. A cybercriminal also known as the phisher usually sends emails posing as trustworthy companies and asks the users to send him their personal data by clicking on the link provided in the email. This link then leads the victims of the phishing attack to the false website created by the phisher.
According to Kaspersky, one of the most famous computer security companies in the world, the unsolicited emails are the most common method for covertly stealing cryptocurrencies. The scammers send an email acting as cryptocurrency service providers such as cryptocurrency exchanges or wallets. The emails are very well thought and carefully written to convince the victims to follow the instructions provided in them. If an anomalous windows is opened by another web browser after clicking on the link in the email, the phisher will try to convince the victim it is a standard account verification process or a survey with allegedly high rewards. The common thing for all these emails is a link on which the victims need to click. The fraudulent websites are also very well elaborated by cyber criminals, which is why the victims decide to leave their personal data on a website that looks convincing. The victims leave data about their wallet or their passwords without suspecting a thing and the data goes into the hands of the hackers. Afterwards, the hackers use this information to steal the cryptocurrencies from the victims. Beside the unsolicited emails, a new phishing method was created on Facebook. Using this method, the phishers replicate groups and communities from Facebook dedicated to the cryptocurrencies. The false Facebook group looks exactly like the original group, which is why after sending a message or tagging the victim in a promotional message, the users do not notice anything unusual. The promotions are usually based on the system of rewarding the loyal users of the platform and the messages contain detailed information about the reward, along with a credible figure and a link that redirects the victim to the phishing website. When it comes to this type of phishing attacks, experts recommend the users to deactivate their notifications from strangers on Facebook, since the users are usually notified because the phishers tag them on Facebook.
Besides the phishing attacks, some scammers are dedicated to creating false websites about initiatives closed for the general public or highly popular ones, such as the case of the initial coin offerings of Telegram, a highly popular instant messaging platform in the cryptocurrency community. The websites created by the scammers are usually almost identical to the one they are trying to replicate, they have a very similar URL (Uniform Resource Locator) and the users can acquire tokens or execute payments if it is a payment platform, just like on the original websites.
For example, in the aforementioned case of Telegram, the false website had a secure internet connection, information register and generated a wallet per user each time a user bought Gram, the native token of the platform. However, even though everything look credible, it was a scam and it was discovered because the authentic ICO campaign organized by Telegram was not open to the public. Just like they replicated an initial coin offering, the scammers also replicated popular cryptocurrency exchanges in order to steal money from the victims. The scammers also replicate websites of the initiatives that gather donations in cryptocurrencies. They create an identical copy of the website in question with the goal of redirecting the donations and steal them for themselves. This anti-ethical practice is active on social networks for several years now. One example is the case of The Water Project, an initiative whose goal is to ensure that the communities in Kenya have drinking water supply. This initiative launched a project called The Water Promise with the goal of collecting donations in cryptocurrencies. The scammers targeted this initiative in an attempt to redirect the donations and steal them.
The false website was identical to the official website of the The Water Promise project. The only thing the cybercriminals behind this scam did was changing the address of the wallet to which the interested users transferred their donations. This way the scammers managed to trick a large number of people and steal their donations. To prevent this type of attacks, the users that would like to donate are advised to use only the links provided by the official accounts used by the non-profit organizations.
Even though social networks such as Facebook, Twitter and instagram banned the advertisements related to the cryptocurrencies as a way of protecting their users from possible frauds, the scammers adopted new method to avoid this obstacle. One of them is the creation of false accounts of people and organizations from the blockchain ecosystem, as we have seen in the case of the Tron Foundation. The scammers created a falsa Twitter account and even managed to verify the account on the social network. To convince the users to donate or invest money in alleged blockchain projects, scammers also created false Twitter accounts of Vitalik Buterin, the co-founder of Ethereum, and Charlie Lee, the founder of Litecoin. Both scams were reported by Buterin and Lee and they even published photos of the messages left by the scammers. The two also advised their followers not to send any cryptocurrencies to the directions mentioned in the messages sent by scammers. Besides using the same profile photo as Buterin and Lee, the scammers also managed to block their real accounts in order to prevent them from posting and reporting the scam. The scammers then commented on the posts published by other important figures from the blockchain ecosystem and offered to give away cryptocurrencies through a special link or called the investors to invest a certain amount of cryptocurrencies in order to generate earning in the future.
Besides Buterin’s Twitter account, his account on Facebook was also compromised when a scammer open a false personal account of Vitalik Buterin with the goal of promoting fraudulent initial coin offerings. This practice keeps alarming the users in the cryptocommunity because it attracts the attention of a large number of people.
The cryptocurrency users need to be much more attentive when performing their operations on the internet, since even talking about the cryptocurrencies on social networks can make them the target of a scammer.
The most recommended thing to do is to access the platforms through official and verified sources, revise the information provided by the investment projects, monitor the web addresses, look carefully at the provided link to detect any irregularity and avoid investing in offers that are too good to be true.