During the past year 2020, cryptocurrency scammers pocketed more than $4 billion, and the difficulty in tracking or identifying the holders or owners of these currencies is a great incentive for cybercriminals.
The ways in which scammers resort to deceiving their victims are truly surprising and capable of confusing even the most expert or technologically fluent users.
Some of these scams range from software that locks your computer and requires payment in Bitcoin to be able to use it, to one that is capable of modifying the transactions you make so that, instead of being directed to your accounts, they go to those of thieves.
When it comes to avoiding being scammed, knowing how these thieves act is a very determining factor, and that is that “if we know how the thief is dressed, we will see him arrive from afar.” Unfortunately, there are many people affected by this type of scam who come to us to recover their money, and for this reason and because we want to prevent you from being one of them, we explain how these thieves generally act.
Scam through fraudulent ICOs
Before explaining this type of scam, it is important to know what an ICO means and what it consists of.
“ICO” is an acronym for Initial Coin Offering. This process or stage of a cryptocurrency is the one that most developers or “creators” of cryptocurrencies resort to, with the aim of financing the project in its earliest stages – even before the start of its development.
ICO scammers use creativity to invent very attractive ideas, even developing real action plans or roadmaps, with the sole objective of promising investors a great development result after receiving the necessary financing.
These initial offers have the attraction that their creators make the promise that when the cryptocurrency enters circulation, its initial price will be higher than the acquisition price during the ICO, allowing the investor to recover the initial amount plus the profits from the first day of launch.
The deception lies in the fact that, after investing in the financing, time passes, but the cryptocurrency never enters circulation, and of course the supposed developer or team of developers (who are generally fake profiles with excellent academic and professional careers), it will not allow you to recover your investment.
- How to avoid the ICO scam: Research the team that develops it very well: Don’t trust a photo, a name, and a long list of titles and professional merits. Look for their profiles on different platforms such as LinkedIn, and don’t be afraid to write a message to their developers, since sometimes scammers usurp the identity of real professionals in order to benefit from it.
- Make sure that the project has a “whitepaper”: A whitepaper is the name given to the documents issued by organizations that develop cryptocurrencies, to define the functionalities and bases of the project. The fact that an ICO does not have a whitepaper is not a confirmation of “fraud in plain sight”, but… who would intend to request funds for a project without explaining what it consists of?
- Is it possible to see the evolution of the ICO in real-time?: To offer transparency to investors, ICOs usually have their own token or cryptocurrency, so that all investors can evaluate at any time how much money goes into the campaign, and know the progress of this. If developers ask for funds but do not offer information about their accounts, be suspicious.
Scam using computer software: the “address switch” or account manipulator
This type of deception is as sophisticated as it is simple at the same time. Scammers have invented different computer viruses that are capable of manipulating a device to change the destination of your transactions without you realizing it.
The trick is that this software, which runs in the background and is not perceptible to the user, changes the destination address or wallet of your transactions, so that if you try to make a transfer to the account “12345 67”, even if you copy it to the clipboard, when you paste it, the numbering will have changed slightly to “12345 76”, and your transaction will never reach the desired destination but to the scammers’ accounts.
To avoid this type of deception, we recommend that you keep your devices protected with antivirus systems and subject to periodic scans, as well as that you meticulously review addresses or accounts after writing them.
Mining in the cloud, via web or software
We will not go into depth about cryptocurrency mining since it is a fairly complex topic, but, in short, it consists of allocating computing resources (generally processing, or graphics card) to obtain cryptocurrencies in return.
This action implies greater energy consumption since the device components work at a higher performance, which also implies more accelerated wear of the device components and a higher electricity bill, or greater battery consumption and charging rate. data for mobile devices.
Fraud lies in the fact that there are different types of viruses or hacking systems that manipulate devices to mine cryptocurrencies without the user’s consent or perception. As you can imagine, the result of this mining will not benefit you, but rather the scammer, since all the cryptocurrencies obtained through this process will go directly to his pocket.
This deception can also be executed at the web browser level, that is, your device is affected only while browsing one or more websites. To avoid this, we recommend that you use an anti-mining browser extension, which will warn you when your browser is suffering from this type of attack.
Furthermore, to avoid this type of fraud, we recommend that you use an antivirus for Windows, Android, iOS or the operating system used by your device so that you will also avoid this fraud when it is executed at the system level, and not at the level. of browser.
The scam through fraudulent emails
Scammers are knowledgeable about the exchanges most used by cryptocurrency investors, so they frequently launch fraudulent email campaigns in which they pretend to communicate something to you under the identity of these platforms.
An example of a fraudulent email could be from an investment platform where they tell you that your account data may have been compromised and you must “confirm” them to prevent your investments from being in danger.
If you “take the bait” and follow his instructions, one or both of the following will probably happen:
- That the link takes you to a website with an appearance identical to what you expected to see, but that is not the real one, and clandestinely captures all the data you enter.
- That the link leads you to some type of malware or computer virus download that compromises, at a minimum, your cryptocurrency investment portfolio.
Tip: Do not trust a link just because it appears to lead to a website, since appearance does not necessarily imply legitimacy. An example of how a fraudulent link works can be seen in the following link, which apparently should direct you to Google, but instead, directs you to Yahoo: https://www.google.com. This technique is widely used by hackers to camouflage fraudulent links.
The scam of fake exchanges or investment houses
The high volume that the cryptocurrency market is acquiring not only captures the attention of the investor but also requires or leaves room for more intermediary platforms to participate in the system. This means that new cryptocurrency investment platforms are constantly appearing, and unfortunately, some of them are completely fake.
Scammers develop web portals that closely simulate a real exchange platform, some even becoming fully functional portals, being able to process purchases and sales of cryptocurrencies.
The scam generally comes in two forms:
- You can make an investment, but never a withdrawal.
- You can make an investment and even make withdrawals, but eventually, you will not be able to do the latter.
Identifying one of these fake platforms is not excessively difficult, but it is necessary to pay attention to some details, or even do a little research before putting money in the hands of strangers.
What can you do to identify a fake Exchange?
- Be wary if a platform guarantees a return that is too good to be true. In fact, you should interpret it as a fraudulent signal when a platform or intermediary agent guarantees you profits, especially if they are “quick” or “in a few days. ”
- Don’t put yourself under pressure to deposit funds: Legitimate investment platforms do not use aggressive tactics to persuade their clients to invest more money.
- Before investing, check their commissions: Fraudulent platforms not only deceive you by preventing you from withdrawing your funds, but they also do so through excessively high commissions. Remember that cryptocurrencies are not legally regulated, so it is entirely up to you to accept some commissions or others.
- Are they identified?: Look for data that identifies the person responsible for the platform: a name, address, company name, CIF, or equivalent. Don’t just find it, compare it later.
- Is it an entity authorized by the CNMV?: The National Securities Market Commission’s objective is to ensure the safety of investors, certifying compliance with the regulations and requirements of investment platforms: sufficient capital, organization, adequate means, etc
False intermediaries or brokers
Scammers not only try to deceive through ostentatious fake systems or web portals, but they also do it in a more traditional way: with false promises.
In this type of deception, they take advantage of the technical or operational lack of knowledge of the investor, who does not have in-depth knowledge of the subject and who chooses to entrust their capital to a person who, apparently, has extensive experience in cryptocurrencies and promises to offer them a return…
They are commonly known as brokers or stockbrokers, only when applied to cryptocurrencies, and, in this case, with bad intentions.
It is possible that this scammer profile approaches you offering you high returns (or more modest returns, depending on their aggressiveness in deception) in exchange for a commission.
They will try to gain your trust by inviting you to start with small amounts, which coincidentally will translate into real or apparently real benefits. Little by little and as they strengthen the relationship with you, they will suggest you start working with higher figures, until one day the figure is high enough for the false intermediary, and they choose to interrupt communication with you.
It is difficult to identify an intermediary agent with bad intentions because as we indicated previously, it is a sector that is not regulated and it is very difficult (if not impossible) to offer guarantees.
We simply must resort to the use of common sense, avoiding anything that sounds excessively good, or easy, and try to resort to intermediaries with a justified reputation and a clear and public identity, either through reviews on social networks, or a relevant number of clients. who can prove their good practices, or simply trusted people.
The “crypto locker” scam that will lock your devices
Crypto lockers are computer viruses from the ransom family, whose operation is, basically, the absolute blocking of your device and the encryption of all the information that is stored on it.
The clearest evidence of having been the target of this attack is that, when we try to turn on our device or access a file, we are faced with an interface that warns us that all of our information stored on the computer is at risk, and that if We do not carry out a cryptocurrency transaction to the address or account number that you indicate to us, we will never be able to regain access to the data, or it will be destroyed after a time.
This is already something perverse in itself, but it becomes even more twisted when we realize that, in many cases, even if we pay and agree to the extortion, we will never recover our data.
To avoid this type of attack, we must use basic education in terms of computer security:
- Use an antivirus system that is also capable of scanning attachments in your email inbox.
- Even if you receive an email with an attachment that your antivirus has not labeled as potentially dangerous, be suspicious if you do not know the sender.
- Avoid using external storage devices whose origin is unknown: USB devices, hard drives, or CD/DVD drives may contain malicious autorun files.
It is also very important to make complete backup copies of your devices, since “the only threat” of this system is to prevent you from accessing your data, but it will not prevent you from going to a professional to restore a backup copy (if you have one)…
You should know that, once infected with this type of virus, it is very difficult to disinfect or get rid of them without accessing extortion (assuming that frees your files), or formatting your device.
Conclusion
Cryptocurrencies are a risk asset, not only because of their possible financial volatility but also because managing or even storing them requires or requires minimal computer and technological knowledge.
If you do not have this knowledge, avoid whenever possible carrying out actions of a certain complexity, such as installing wallets in software format, transferring large amounts, risky investments, etc. Try to rely on trusted acquaintances with more knowledge, and if this is not possible, educate yourself: there are many websites that will train you in the use and management of cryptocurrencies and the systems that surround them.
If, unfortunately, something we explain in this guide sounds familiar to you because you have already suffered a scam, what we can recommend is that you contact our team of Cryptocurrency Lawyers, who have already recovered money from a scam. large number of people affected by this type of scam.
