Kaspersky says that fake exchanges, fake mining hardware and wallet phishing are the most popular crypto scams of the year, many of which it said have a higher-than-usual level of detail.
Kaspersky has been busily tracking cryptocurrency scams since the beginning of 2021, and is now reporting its findings, chief among them that this year’s scams are incredibly detailed, putting even computer-savvy individuals at risk.
Kaspersky said it has detected more than 1,500 different scams aimed at cryptocurrency investors and miners operating in the first half of 2021. The company also said its security software prevented more than 70,000 attempts to visit those sites, which it said were predominantly of three types: Fake cryptocurrency exchanges, fake sales of crypto mining hardware and phishing pages designed to steal cryptocurrency wallet private keys.
SEE: Security incident response policy (TechRepublic Premium)
“Lately, many have become interested in cryptocurrencies, and attackers would not pass up the opportunity to use this to their advantage. At the same time, both those who want to invest or mine cryptocurrency and simply the holders of such funds can find themselves on the fraudsters’ radar,” said Kaspersky’s head of content filtering methods development, Alexey Marchenko.
Marchenko also described a type of scam that was popular when COVID-19 vaccines first appeared: Offering early access to vaccines in exchange for bitcoins. “The target needed to make an advance payment in bitcoins, with the money going to the cybercriminals’ account and the person receiving nothing in return,” Marchenko said.
The top types of crypto scams in 2021 mentioned above are a bit less targeted, and try to lure in anyone interested in the crypto market. Fake exchanges, for example, try to lure victims with coupons promising a bitcoin payout in exchange for a verification payment “usually no more than 0.005 bitcoin (about $200),” Kaspersky said. That $200 investment, obviously, nets nothing in return as the criminals vanish into the digital ether from which they came.
The ongoing global chip shortage may have triggered the second type of scam, in which cybercriminals send out messages advertising a fake crypto mining equipment sale of items like video cards, etc. An advance payment is required, at which point the criminals vanish with their funds.
The third type involves plain old phishing, of which Kaspersky didn’t go into detail. Suffice it to say, criminals have created a lot of phishing pages “with various content to steal private keys, which allow cybercriminals to gain access to all digital assets associated with a crypto wallet,” Kaspersky said.
Most troubling of all, Kaspersky said that the crypto scams it is seeing online are incredibly detailed. Fake crypto exchanges, it said, will often have feeds of real bitcoin price data from other sites. The reason for the details, Kaspersky said, is due to the high barrier of entry that comes with investing in, or mining, cryptocurrencies. “People investing or interested in this area are often more tech-savvy than the average user. Therefore, the cybercrooks make their techniques more complex in order to get data and money from these people,” Kaspersky said.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
These complicated, legitimate looking pages fly in the face of common beliefs about digital scams, which are typically believed to be obvious, riddled with poor spelling and easy to spot from a mile away. Outsmarting smart criminals can be tricky, so Kaspersky makes the following recommendations:
- Links sent via email, messaging app or social network offering a crypto deal can be dubious. Don’t follow them, and instead research the name of the exchange or online store making the offer to determine if they’re legitimate.
- Be wary of extremely generous offers: If it’s too good to be true, it probably isn’t.
- If anyone offers you access to a crypto-related app that has to be downloaded from outside the official iOS, Android or other app store, don’t download it. Only apps from trusted sources should be considered safe.
- Use a security product that can detect phishing and other scams.
- If you’re unsure of the safety of an online store take extra precautions, like studying the site’s WHOIS data and looking for a young registration date or a private owner. If anything seems suspicious don’t make the purchase.