While Bitcoin and Crypto scams abound on the internet and social media, banks and exchanges are required by law to KYC ( Know Your Customer). That should be the mentality if you come across something too good to be true. So know what, where, and who is asking about your crypto investments.
Red Flags should go up on any unsolicited Crypto or Bitcoin questions, offers, or possible scams. By avoiding the most common scams, you should be able to keep your Bitcoin and Crypto safe and secure.
The Web3 ecosystem has continued to grow at an unfathomable pace over the last couple of years, with some studies suggesting that by the end of the coming year, this fast-evolving space will be worth $6 trillion, growing at a CAGR of 44.6% between 2023 to 2030. However, this enormous growth has not been without its fair share of problems, with security issues — particularly phishing attacks — rising dramatically in recent months.
In its most basic sense, a phishing attack is a type of online fraud that tricks unsuspecting users into revealing their sensitive private data — such as passwords, credit card numbers, etc. — to cybercriminals posing as trustworthy sources. These schemes can be facilitated via various avenues, including email, social media, or malicious websites.
In this regard, a report released by popular blockchain security firm Certik notes that in Q2 2022 alone, phishing attacks within the Web3 arena have surged by a whopping 170% compared to the previous quarter, with most hackers exploiting users’ social media platforms to facilitate their nefarious activities. Not only that, between April and June of this year, a total of 290 phishing campaigns were identified, which is substantially higher than the 106 attacks that took place just a few months earlier.
Also Related: Have you been scammed?
Lastly, the study states that over the first half of 2022, various hacks and exploits compromised over $2B. For perspective, this figure is already more than the total volume of funds lost during all of 2021. Researchers also believe this number will continue to rise in the near- to mid-term.
Phishing Remains the Most Popular Form of Cyberattack
According to Web3 cybersecurity firm TRM Labs, crypto assets and non-fungible tokens (NFTs) continue to be the most popular targets for hackers — so much so that between June and July of this year alone, the NFT market witnessed phishing attacks/scams worth over $22M. One of the many victims of these attacks included actor Seth Green, who lost a total of four NFTs — including Bored Ape #8398 — suggesting that everyone is susceptible to these ploys.
Phishing remains the first vector of attack for most hackers because it is designed to psychologically manipulate users — especially individuals not well-versed in today’s pervading cybersecurity trends.
To this point, most phishing scams use social engineering tactics where hackers send messages to their potential victims. These typically involve letting them know about a lucrative token launch, potential account breach, moonshot projects that can allow them to maximize their capital within days, etc. Furthermore, most of these messages require users to act within a fixed time window, thus playing up the element of FOMO (fear of missing out) in victims’ minds.
Types of Phishing Scams Permeating the Market Today
Airdrops (that appear too good to be true)
In essence, airdrops are promotional tools that many companies implement to get people to use their services. Because they provide signees with free money, they have become prevalent among crypto enthusiasts over the past couple of years.
With that in mind, it’s no wonder why airdrops are prime avenues for carrying out phishing ploys. For instance, hackers can send out messages to unsuspecting individuals, telling them their wallets have been credited with a particular digital asset. Once the victim is lured in, they are redirected to a trading platform where they need to connect their wallets. However, the hackers can steal their funds as soon as this happens.
Social Fraud + Clone Phishing
As pointed out earlier, the most common means of phishing attacks is using fake emails and URLs. Since the Web3 ecosystem is still relatively young, it is full of fraudulent yet realistic website fakes, copycat social media accounts, and more. Therefore, it is vital that users not respond to any unsolicited messages, no matter how tempting or natural they may appear.
In this regard, it should be pointed out that late last year, an employee working for prominent crypto trading platform bZx opened a phishing mail that cost his firm a whopping $55M.
Also referred to as ‘Ice Phishing,’ this is an elaborate scheme where hackers need to make amendments to the smart contract UI of a platform, primarily by injecting it with a malicious script. As a result, users unknowingly send funds to the wrong wallet address.
Seed Phrase Phishing
As most crypto users may be aware, a seed phrase is a set of random words that serves as a sort of ‘master key,’ allowing anyone possessing them to access a person’s assets. In recent months, more and more hackers have begun using novel means (such as copycat websites, fake browser extensions, etc.) to phish out users’ seed keys. Once obtained, they can immediately drain the victim’s wallet of its holdings.
Understanding how to Protect Yourself
To fortify from phishing attacks, users must not respond to emails, SMSs, or other third-party messages (received via Telegram, Whatsapp, etc.) from an unknown source. Moreover, users must never supply their credentials or personal information in response to these messages since most reputable crypto firms will never ask their clients for such details.
It is also in crypto owners’ best interest to avoid sharing their credentials or personal information when using a public or shared WiFi network. Another good practice is to avoid having a false sense of security because one may be using a particular OS or smartphone that has been touted as ‘unhackable.’ Whether one uses an iPhone, Linux, Mac, or iOS, the problem is not the device or the operating system itself — but the website in question.
Even if the Web3 ecosystem becomes more resilient to phishing attacks, hackers will still find novel ways to facilitate their nefarious deeds. Thus, it is in the best interest of crypto users to become wary of the various tactics employed by hackers, as well as the duty of cybersecurity firms to educate the masses to mitigate any potential issues.
Get your Free “Beginners Guide to Crypto & Defi” here