Jul 16, 2020
Its Alt-Coin Season!
It’s Altcoin Season, so we thought we’d offer a bit of a guide to Spotting Virtual Asset Scams.
It seems recent events have overtaken us, with the hijack of several high-profile Twitter accounts soliciting Bitcoin donations to return ‘double’. Just out of the goodness of their hearts. It’s an old adage, but it still stands: if it’s too good to be true, then it probably is. Alarm bells should have been ringing long before, but when Warren Buffet tweets about giving away Bitcoin, that should have been the nail in the coffin.
Though this is something that has been around the Virtual Asset Community for a long time, sadly.
One of the most frequently used terms to negatively describe Virtual Assets is ‘scam’. The rapid ascent of Bitcoin’s value in 2016 that captured the attention of many who were excited about the prospect of a new payment technology, also gained the attention of another group: fraudsters. And while many might say there are other threats to the survival of Bitcoin, such as regulation, control of mining, and volatility, the stark reality is that scammers are an existential threat, and perhaps the greatest risk to our nascent industry. Undermining the confidence of individuals wanting to take advantage of the technology limits its adoption, particularly among businesses looking to reduce the cost and time taken for transactions to be processed.
So we thought we’d take some time here to discuss what to look for when identifying a scam. There are some excellent resources out there to help you with this, but here’s a few pointers to get started:
You see the words ‘Free Token Giveaway’, ‘Airdrop’, ‘Cloud Mining’, or ‘Multiplier’
It’s true that there are no free lunches; if I’m spending money mining, coding, hosting, or doing anything else, am I going to be giving my away time for free?
Look at the offer. Think about how much money the proposal is likely to cost as an operator — hosting, staff, development. If what they’re giving away looks like it would be more than that cost, it’s probably better to walk away or limit your investment substantially.
Beware a Shiny Website, Doubly So a Shoddy One
There it is. A professional website that has some incredibly well composed pictures of the staff. What a fine-looking team, they must be worth a fortune! Time to make some profit, surely?
Compare that with the one that looks like it was assembled in 1997 using nothing more than Notepad.exe, and an old HTML coding-guide salvaged from a rubbish dump. The site with poor grammar, formatting and readability isn’t fooling anyone, like those emails from a wealthy benefactor offering to give you $500 million USD if you can just pay ‘the release fee’. Well, people do sadly, though they’re getting better at seeing through these deceptions; and if English isn’t your first language, or you have specific learning issues that make it harder for you to read, checking for grammar and spelling might not be so easy.
What’s worse, more advanced scammers like to enhance their credibility by using slick websites. And these days, very little expertise is required to get a professional site up and running, with solutions like Wix or Squarespace. Stock photos are really useful to make a business look credible too. Graphics, colors and fonts are all on hand to make something look really quite special for would-be investors and clients.
The internet is by default, mostly anonymous — it is quite difficult to determine who’s really sat at the other screen when most content is textual. That being said, there are some methods you can use to check on the bona-fides of a site, that might save your money from the scammers.
Things to look out for
A Newly Registered Site, Poor Ranking, Self-Signed Certificate
This isn’t a great metric, particularly for a start-up, but if there are other signs that raise suspicions, it can help to make the decision one way or another.
To do this, we’d recommend running the site URL through something like https://urlscan.io, which will show you some useful information about how long the site has been active, and where it is hosted. Here’s an example, taken from a scam accusation post, reported on BitcoinTalk:
What we’re interested in here is the section marked ‘TLS certificate’. This is what makes the site ‘HTTPS’ and not HTTP, and hiding the usual alarm that Chrome/Firefox/Edge sound when you connect to a site without it.
The certificate was issued quite recently (May 2020, two months before this post), by cPanel, Inc. Certification Authority; this is not how old the site is, only how old the certificate is. This is also a self signed certificate, which means the owner hasn’t had to pay an external Certificate Authority (CA) to obtain it. We’re not against self-signed certificates, but it certainly makes it easier for a scammer to appear legitimate. Compare that with a known reputable provider, like Coinbase, who moved from self-signed to a CA provider in September 2019 for its main site, coinbase.io.
Bad Formatting
If the site looks poorly designed, with little attention paid to detail or readability, even if it isn’t a scam, would you give them your backing if they are so careless? Think of it like a candidate for a job interview at your business; you’d expect them to come dressed smartly, and be well prepared. If the website isn’t, maybe think twice.
Stock Images, or less-known Celebrities
Do the images ‘The Team’ look unusually well composed, lit, and not at all awkward? Maybe it is worth having a sanity check. Reverse image search engines, such as TinEye or Google Image Search are excellent sources to help determine if an image has been re-used elsewhere on the internet. Consider this team image, taken from a scam accusation:
Reverse image searching those individuals, I’ve redone the organization chart:
Incoherent description of a technology or service, that’s ‘under development’ or ‘in beta testing only’
Consumers are used to seeing marketing speak to describe the latest and greatest product offerings. Today, we have ‘blockchain’, ‘artificial intelligence’, ‘internet of things’, ‘cloud hosting’ and so forth. We’ve all survived numerous iterations of these terms, looking to push a product on us, often to the chagrin of engineers and scientists. These terms are used liberally by scammers seeking to blindside consumers into believing that they are experts in the field, and they’ve seen the breakthrough that no one else has.
To be clear, it was once said to me that ‘if someone can’t explain it in simple terms, then they probably can’t explain it at all’.
Look for a License, and Company Registration
Virtual Asset Service Providers must be registered with, and licensed by, a national authority, under the requirements of the Financial Action Task Force (FATF). Businesses too should be registered in the country that they are operating in. If there isn’t either of those, ask for it. If you don’t get something, walk away. You can search for Company Directors and Registrations at OpenCorporates , though it isn’t always reliable as companies may be created using agents or nominees.
This leads to this final, and perhaps most critical piece of advice:
Research the project before you put any money down.
Search for the project, the technology, the problem or niche it is addressing, and the people involved. Your parents were right: do your homework. Ignore the high-pressure sales tactic saying that there are ‘only 20 spaces left for 200% increases’. Get someone you trust to check the facts with you; reviews are helpful, but you don’t know who’s writing them — good or bad. Once you think that you have done enough, work out what you can afford to lose. Going all in might seem like a good idea at the time, and you may kick yourself if the project is the next big thing, but it’s not a sensible investment strategy, unless you’re willing to lose it all. If something is missing, take no excuses.
Finally, here are some resources that can be used to check for scams, that we used to produce this article:
We’d strongly recommend checking the forums at bitcointalk.org, particularly Scam Accusations. It is a pretty lively community, and there is plenty of mud-slinging, but perhaps you’ll find something you’d not seen or considered before. If you report something to BitcoinTalk, you’re doing everyone a service. We’d like to thank those who posted the example links to those sites for helping to educate others.
International Organization of Securities Commissions
The Investor Alerts Portal contains a list of worldwide reported investment frauds, not necessarily Virtual Assets, but of all types. You can search for a company name , if you have it available.
Behind MLM (Multi Level Marketing) is a great resource to profile some of the tactics used by investment fraud websites and individuals, and sometimes highlights Virtual Asset ICOs and Ponzi Schemes.
Offshore Alert’s founder, David Marchant, isn’t very favourable when it comes to Virtual Assets, but his website often reports court proceedings that haven’t been shown elsewhere. Using the following search in Google might help you locate indications that a person or business has/is facing charges in an offshore jurisdiction:
site:offshorealert.com + intext:[business/persons name]
That’s it! Enjoy the altcoin season responsibly!
