An unfortunate side effect of cryptocurrencies growing in value and more users adopting them is a rise in scams and frauds within the industry. Many of these scams aren’t unique to the crypto industry but rather twists on existing scams, with most revolving around obtaining private information or gaining access to a target’s funds. Here are a few of the most common tactics used by scammers and how to best protect yourself and your clients from being exposed.
Phishing scams are prevalent in almost every industry and are among the most common attacks on consumers. A phishing scam targets individuals by sending them an email or text message that appears to be from a trusted source in order to trick that individual into revealing private information that is used to gain access to accounts or funds. More specifically, scammers are interested in the private keys of an individual’s wallet. Once the hackers gain access to a user’s private key, they have unlimited access to those funds.
These emails are made to look like they were sent from legitimate companies, so it’s important to remain vigilent. For example, in April and May of 2021, there was a broad phishing attack that took place in which scammers posed as Coinbase customer service or security representatives. These emails appeared to come from Coinbase and were formatted with their logo and company colors. Their messaging attempted to convince users that their account had been locked or requested they click on a fake URL that captured user login information. Sometimes these emails also direct the consumer to a fake website made to resemble the real one and capture the login information when the user attempts to sign in.
Tips for avoiding phishing scams:
- Don’t click on links in emails, even if they seem to come from a reputable source. It’s always better to type the URL directly into your browser to ensure you are going to the real website and not a fake one designed to steal your information.
- Carefully read the content of your emails. Typos and errors are good cause for suspicion. A reputable business will not contact you from a Gmail address.
- Don’t open attachments. If you receive an attachment from an unknown source, do not click on it as it could contain malware that can infect your computer.
- Turn on Two Factor Authentication (2FA). This extra layer of security adds an additional verification step that makes it significantly more difficult for a hacker to access your account even if they get your login information.
Technical Support and Impersonation Scams
A variant of the email phishing scam is the “technical support scam.” Instead of trying to obtain a target’s information via email, scammers pose as tech support to try and get your information over the phone. Similar to the email version, fraudsters impersonate a variety of companies (including exchanges) and make false claims to trick their target into providing personal information. They may offer to help manage your funds if you give them your login credentials or even claim that they need remote access to your computer or other devices.
Tips for avoiding phone scams:
- Never provide sensitive information to anyone who makes unsolicited contact, regardless of the reason.
- Never give anyone remote access to your computer.
- Never give out your 2FA (2-Factor Authentication) security codes or passwords; no reputable company should ever ask you to share sensitive authentication credentials.
- Never send cryptocurrency at the behest of an alleged support agent. No reputable company would ever ask you to send cryptoassets to external addresses.
- Only contact customer support via the phone number listed on the organization’s website.
This scam plays on people’s fear of missing out (aka FOMO). Fraudsters will try to take advantage of bull market hype by promoting fake initial coin offerings (ICOs) to steal a target’s funds. Similar to this is the “Load Up Scam,” in which fraudsters will claim they need a higher account limit in order to continue trading. In exchange for providing them with your crypto wallet address or credit card credentials, the scammer offers a portion of the investment profits. Instead, the scammers “load up” the victim’s account and then take it all for themselves, leaving the victim responsible for the transactions made.
Tips for avoiding investment scams:
- Be skeptical of websites or services promising high returns or unrealistic investment opportunities. If it sounds too good to be true, it usually is.
- Research the organization thoroughly and only send cryptocurrency to trusted third parties. Search for verifiable reviews from public sources.
- Never provide your credentials to a third party.
Social Media Scams
Sometimes scammers will imitate popular figures in social media to obtain information. These imposter accounts have become much more prevalent in recent years. An example of this is when someone pretends to be the CEO of a company or public figure and DM’s you for information. Always check to see if these people are verified, and if you’re unsure, do a search of the person to see if there are multiple accounts. We can assure you that Onramp employees will never, ever reach out to you on social media for information, and if something like this occurs please let our support team know immediately.
The most common scam on social media is what is known as the “Giveaway Scam.” These fake accounts attempt to promote a giveaway with hyperlinks to fraudulent websites and hope to gain widespread distribution by leveraging the following of genuine accounts. Oftentimes, scammers will even take it a step further and have numerous other fake accounts (that they own) respond to these posts affirming the scam as legitimate. The fraudulent websites will then ask that you “verify” your address by sending cryptocurrency to the scam giveaway.
Tips for avoiding social media scams:
- Don’t trust offers that come from Twitter or Facebook. Legitimate accounts should never ask you to send crypto to an address in order to receive crypto back.
- Be skeptical of all giveaways and offers found on social media. Never send cryptocurrency to giveaways, especially if they are asking to verify your address. Do not trust screenshots in reply messages or DMs as images can be forged and altered.
- Do research on any entity soliciting you on social media. If the offer sounds too good to be true, it probably is.
- Do your best to ensure you aren’t following imposter accounts and it’s the genuine account of the person you want to follow.
Messaging Platform Scams
A unique aspect of the crypto markets compared to traditional finance is that, because the industry is largely globally distributed and typically open, a lot of coordination and communication happens in messaging platforms like Discord and Telegram. It’s often possible to interact with the development or marketing teams directly on these messaging platforms. It is also a great way for the leaders of a project to get direct feedback from users and respond to customer service issues quickly. However, the downside of these open forums is that scammers recognize the opportunity.
Fraudsters might send private messages to individuals, pretending to be an admin of the forum or a support staff of the project. Similar to phishing scams, these people ask for private information or promise coins to a new project before they are released in exchange for bitcoin, Ethereum, or a stablecoin.
Another scam happening on these messaging platforms is a new take on the original website scam. Scammers will set up a copycat group that closely mimics a legitimate group and invites as many people as they can. They often offer an opportunity to purchase tokens at a discount price or offer a flash “first-come-first-served” sale for pre-launch projects.
Tips for avoiding messaging platform scams:
- Never give out your private key, seed phrase, or other personal information through a private message or direct message.
- If you suspect that you’ve been contacted by a fake admin, copy their username and search the group for posts from this user. If nothing appears, it’s a fake admin.
- Change the group invite settings to “My Contacts” rather than everyone to limit who can send you a direct message.
In the crypto community, Airdrops are a common phenomenon. Airdrops are used by crypto projects and companies to send free coins, tokens, or NFTs to a variety of wallets. They’ll do this to help promote a project, reward early users and supporters, and increase liquidity once the asset is listed on an exchange. Most of the time, the receiver of the airdrops receives these new tokens or NFTs without having to make a financial investment.
When scammers leverage this tactic, they send fictitious coins or NFTs to target wallets or they try to entice the recipient to visit malicious websites in order to claim the “free” tokens or NFT. Rather than claiming a potentially valuable asset, in reality, the victim is unknowingly approving a transfer of their personal tokens to the scammers.
Tips for avoiding airdrop scams:
- Never accept an airdrop without knowing where it came from first. If an asset is airdropped into your wallet without you knowing who sent it to you, do your research and verify its legitimacy first.
- Never provide personal financial information or private keys to an airdrop. If it asks for your private key, it is very likely a scam.
- If you are unsure, do not interact with airdropped tokens. If you are unsure if the airdrop is legitimate, it is often best to leave it in the wallet and not take any action.
- Do not hold high-value assets in the same wallet used to regularly interact with decentralized applications (Dapps). Use cold storage or reputable custodial solutions to hold an asset you do not want to be stolen.
The crypto economy presents a wide variety of opportunities for investors, but as with any emerging technology with potential for fiscal benefit, there will be shameless opportunists. Financial advisors interested in providing guidance on crypto, especially those with clients involved in the space, should remain well-versed in the common ways scammers may attempt to take advantage of their funds. By proactively educating yourself, you can stay equipped to inform your clients of best practices for promoting safe engagement in the crypto market.