Common Crypto Scams and How to Avoid Them
From social media impersonations, wallet theft all the way to plain old phishing attempts; cryptocurrency users can find themselves bombarded with scamming attempts that even the most diligent of people may fall prey to.
Being caught in a scam, whatever the situation, is going to hit you hard, and that is something that we do not want. So to help you our, we’ve put together a list of the most common scams in the hope that being forewarned and informed will help you stay safe on your journey with cryptocurrencies.
Social Media Impersonation
One of the most common cryptocurrency scams is the impersonation of public figures known to be involved in the crypto scene over social media. This type of scam can be found on almost all social media channels, however, it is most common on Twitter.
The main tactic employed by these scammers tends to be:
- Register an account with a username that is almost identical to the person that they are posing as; usually, this involves a slight misspelling of their name.
- Copy their targets profile layout.
- Reply to tweets made by the real person, telling people to send them a small amount of crypto (usually Ether) in order to receive a bigger amount back.
- Sometimes, the scammer would also create multiple ‘random’ accounts that are used to reply to the scam in an attempt to make the scammers offer look like a real giveaway.
An example of such a scam attempt would be:
How to protect yourself?
Thankfully, there are ways to protect yourself from these types of scams.
- The “too good to be true” rule. If it appears like it’s too good to be true, there’s a good chance it is.
- Look carefully at the twitter name, is the twitter verified icon missing? Is the username spelt strangely? These are all telltale signs of an impersonation attempt.
- If you feel that you are easily fooled by these scams, use the EtherSecurityLookup extension for google chrome. This extension will help you highlight twitter accounts that look to be impersonating someone else.
Looking back at our previous example, but with the extension installed, the scam attempt is now highlighted in red with a clear warning.
Phishing attempts have existed for a long time, well before cryptocurrencies became popular. However, with the rise in popularity of cryptocurrencies, phishing attempts aimed at acquiring your wallets private keys and your crypto coins and tokens are becoming much more common.
Phishing attempts are carried out in multiple ways, we’ve listed some of the most common methods employed by scammers.
Many crypto projects make use of Slack or Telegram as their chat program of choice, allowing investors to talk with the projects team. This makes these platforms an ideal prowling ground for scammers to push their phishing links, either by impersonating a member of the team or by simply sharing private messages that claim to try to help you.
Private messages such as this (a phishing attempt) are extremely common.
Hovering over the link provided will display the link address on the bottom right, in this case, it clearly does not direct you to the MyEtherWallet website, but instead to a phishing site.
As cryptocurrencies become more profitable, scammers have moved to more sophisticated ways to spread their phishing links. Lately, Google Ads has become an increasingly popular option, where the scammers would pay for ads that direct users to the phishing pages. This type of phishing is heavily targeted at online wallet providers and cryptocurrency exchanges.
Fake Social Media Accounts
This method is similar to what we described in our social media impersonation segment, however instead of prompting followers to send small amounts of crypto in order to receive bigger amounts back; these accounts are created to direct you to phishing websites.
Special Characters in URLs
This method is particularly dangerous as the end result can be a URL that looks practically identical to the real website. Looking at the example below, even the most careful of people may be caught out.
However, look (very) carefully and you will be able to notice that the ‘a’ in the URL is different, that is because the phishing site uses the alpha symbol instead. Unfortunately, this is not an isolated case, as there have been numerous phishing attempts made by using special characters.
How to protect yourself against Phishing attempts?
However scary these phishing methods may seem, there are many ways to protect yourself, both from a human side and from your browser.
From your browser, there is a chrome extension that will prevent you from visiting known phishing websites. You can get the extension from the creator’s homepage. Additionally, you can make use of the etherscamdb site to see a list of active and inactive scam/phishing sites.
From the human side the precautions that you should take are:
- Always bookmark the pages that you use, and only visit the pages from those bookmarks.
- If you are looking for something new, the best course of action for you would be to search for the project yourself and use a link from a reputable source and remember to always hover your mouse over any links provide and check the link address.
- For example, looking back at the Slack phishing attempt from earlier, when you hover over the link, it is painfully clear that the link address is not what it should be.
Hardware Wallet Thefts
In an earlier article, we spoke to you about the importance of using Hardware wallets to hold your coins and tokens. Unfortunately, the sense of security that a hardware wallet provides often leads to people forgetting the best practices for crypto safety, and leave themselves vulnerable.
The most common scam with hardware wallets involves the sale of wallets (through a third party) with a ‘pre-configured’ seed phrases. The buyer is then instructed to simply use the seed phrases provided to set up the wallet. If the buyer follows these instructions they would have set up a wallet that the scammer would then be able to have access to, as they too would have the original, unchanged seed phrase.
How to protect yourself against hardware wallet thefts?
Thankfully this scam can be very easily avoided by following two easy steps.
- Only buy your hardware wallets from the official source.
- Your wallet should never provide you with a pre-supplied seed, a hardware wallet will prompt you to create a seed phrase when you first use it. If your wallet does provide a pre-supplied seed (even behind a scratch seal) wipe the device and upgrade the firmware before using.
Exit Scams, Shady ICOs and Ponzi Schemes
Unlike the micro-scams that are perpetrated on Twitter, Telegram, and Slack every day, these are scams on a much larger scale. These are projects that are designed to defraud investors with products that have no real-world application, designed to simply complete the fundraising portion and then vanish, or operate on a pyramid scheme.
Famous projects such as Bitconnect, OneCoin, Prodeum, LoopX are but a few projects that have either pulled an exit scam (disappearing after raising money) or have temporarily been able to function, only to dramatically crash (Bitconnect).
Protecting yourself against shady projects
This time protection comes entirely from the investor. A famous case of due diligence being performed to perfection can be found on reddit where the redditor outlined his process and how he came to the conclusion that the project was a scam (a month later he was proven to be entirely correct).
As an investor, you should be aware that the cryptocurrency that you are investing with has a value and in many cases a huge value. Put yourself in a hypothetical situation where if a project manager (that you had never met before) were to approach you, ask for a $600 investment (approximately the value of 1 Ether at the time of writing) and promise you $1200 back in the next few months, what would you reaction be? Or perhaps the project manager is telling you that he will re-invent the wheel, but with modern-day technology. As ridiculous as the examples may seem, when broken down a lot of crypto-projects can fall into these categories. But do not be disheartened, there are some truly amazing projects that are worth backing, you will just have to sift through the mountain of coal in order to find that diamond first.
This concludes our take on the latest scams in the cryptocurrency world. However, it is important to know that as the scams are constantly evolving you should always spend a little time keeping up to date on the latest scams and remember, if something looks too good to be true, then it most likely is not true. Do not let greed and hype be the reason to fall for a scam and most importantly — stay safe.