Where there is money, there will be swindlers attempting to obtain it through crooked means. And fraudsters now seem to be inevitably part and parcel of the crypto ecosystem – much to the chagrin of the community. These scammers lure or coerce users into sending funds to some setup wallets.
And mark you – it’s not just crypto newcomers that are vulnerable. Crypto experts and newbies alike have lost money to these scheming individuals. The tactics applied vary, but the common ones are known and will be the subject of this article. Read on to know how to spot them and avoid falling victim.
What is Social Engineering?
Social engineering can best be described as the hacking of the human mind. It is a technique mostly used by hackers to get information about computer users. But with the alluring nature of crypto, it was only a matter of time before the scam found its way in the industry.
In a typical social engineering attack, the scammer will entice you to provide information that they can then use against you. Less experienced attackers can be easily spotted and stopped right in their tracks. But there is a breed of social engineers who can fool even the most sophisticated user. But make no mistake, both breeds are dangerous, and it’s worth learning how to identify them.
Tactics used by social engineers are numerous, and they keep evolving as new crypto capabilities are developed. Some will directly target your wallet. Others will entice you to send them funds. Let’s take a look at how some of these scenarios play out.
Phishing is a method of luring people to divulge information that should otherwise be secret. Phishing experts usually send a convincing email or instant message asking for this or that. The level of personalization of these messages will hardly raise an eyebrow. The scammers will address you by your full name, home address, and even tell you about a purchase you made recently. How they obtain all this information is beyond the scope of this article, but it involves the prior harvesting of your information either on social media or through hacking.
Regardless of how they address you, the underlying message is usually something like, “please share your username/ account number/ password so that we can address an issue with your wallet.” In this kind of attack, the scammer usually targets to get full access to your wallet. It’s one of the most dangerous attacks.
Another common phishing scenario involves asking you to send funds to the scammer’s wallet. A convincing personal message will be drafted, asking you to complete a purchase or make a payment for one of your subscriptions. Again, it might be difficult to tell that there’s something suspicious with the request because the message will be very personal. This attack is not catastrophic, but you can still lose substantial amounts.
Some scammers have learned that fear is valuable merchandise, and they will wield it over their victims without scruples. You may get a message telling you that your private photos are in their hands and are about to go public. Usually, they’ll tell you the only way to prevent this is to send a certain amount of crypto to their wallet.
Whether they would actually be having the said photos may not matter at that time. The fact remains it is one of the most powerful social engineering tactics that can be used against you.
#2. SIM Swapping
SIM swaps have become notoriously common in the recent past. Users have lost access to their phone numbers, online accounts linked to their phones, and of course, crypto wallets too. All this thanks to SIM swaps.
Without delving deep into the mechanics of a SIM swap, scammers request your SIM provider to replace your line by faking your identity. Combined with phishing, a successful SIM swap can give a scammer full access to your crypto wallet. This is particularly true for wallets that use your phone number for multi-factor authentication. What happens after the scammer gets full access to your wallet is a fearful sequence of events. You could potentially all your funds, and the scammer might decide to use that info to manipulate you in the future.
#3. Crowdfunding Scams
Cryptocurrencies have made crowdfunding easier than ever before. If you have a noble cause, say, raising funds to stop climate change, you can easily get people from around the world to contribute to your cause. All you need to do is create a convincing online campaign, set up a crypto collection account, and wait for the donations to trickle in. Such was the case for the young Maejor Page, who lured sympathizers of the Black Lives Matter movement and then squandered their donations.
This kind of social engineering is not particularly dangerous. But still, the thought that you might have been scammed into contributing to someone’s personal expenses can be disturbing.
#4. Fake Investment Schemes
Ponzi and pyramid schemes have existed for not less than a century. Nevertheless, people still fall for these tricks a hundred years after their invention. While the ventures traditionally ran on fiat money, scammers have quickly adapted them for cryptocurrencies.
An Initial Coin Offering (ICO) is one of the fake crypto investments you might find yourself entangled in. An ICO is a strategy used by startups to raise funds by creating their brand of tokens and selling them to prospective investors.
It’s not to say that ICOs are fraudulent, but some are simply not going nowhere. But still, the startups behind them will continue to market their idea to potential victims. In the end, the startup collapses, and investors are left with useless tokens that they can’t redeem anywhere.
How to Protect Yourself
Don’t be greedy – Greed can usually undermine reason, making people think they can earn easy money. When you come across a crypto investment that you find interesting, do your due diligence before committing your money.
- Be alert – Being alert is arguably the most effective defense against social engineering. Being alert makes it substantially difficult for scammers to entice or coerce you with offers or scare tactics.
- If planning to invest in an ICO, evaluate whether the startup’s business idea is sensible/feasible. This doesn’t mean a sound business idea cannot be used to bait victims, but it’s just that it is less likely to be used for such purposes.
- Follow the security guidelines provided by the developers of your crypto wallet. Also, ensure you check out your SIM provider’s swapping procedures, especially if you’re using multi-factor authentication for your wallet.
The adoption of cryptocurrencies has created a new playground for social engineers. While fraudulent schemes traditionally depended on fiat money, new social engineering ventures are now targeting even crypto users. The most common tactics involve threatening users to send funds, enticing them to divulge wallet credentials or even the more sophisticated SIM swaps. Regardless of the sheer scamming tactics out there, you can avoid falling victim by doing your due diligence when approaching investments, staying alert, and following security guidelines for your wallet(s).