4 Signs of Crypto Scams
Who Is John Smith, Really? When someone
envisions an online impersonation scheme, they might conjure up an image
of a man in sunglasses and a dark hoodie, surrounded by monitors of neon green
“Matrix” code. In reality, online impersonation can be pretty low-tech.
We’ll explore some frequently-seen schemes, from the easy-to-spot to tricky to
catch: In this case, you would be contacted by someone whose name does not match
up with the real person. Our users have reported being contacted by
scammers on Telegram. Names or emails may be an obvious
jumbled mess of letters and numbers. If this is the case, this is a likely and
obvious scam. Example: “Yes, my Telegram name is wrestlingfan316, but I
am really Bill Gates and I need to verify your account number in order to
send you money.” This method is an additional step-up from a
scammer who claims to be someone else, since the impersonator will go
through the effort to make a realistic-sounding ID. The regulation of
names on chat programs or social media is more popular, but not ubiquitous. This
means a scammer can potentially set their name to “Bill_Gates” or
“Microsoft_Bill” without credentials to back it up. There’s no guarantee
that a party is actually who their username claims to be, unless there is
some sort of verification process that shows official accounts
like the “Blue Check” on Twitter. Be careful when you receive a
suspicious, unsolicited message without verifying the name first.
Example: “My Telegram name is Bill_Gates. Only the real Bill Gates would
have this name, so I must be him!” Ok, you’ve verified the actual
username that Bill Gates uses, and it’s “Bill.” You’ve been talking with
“BiII,” so you should be fine, right? This is unfortunately, wrong. Take
another look at the two names above. The official username
is “Bill,” which is spelled with a pair of lowercase L’s. The imposter “BiII”
was able to create an account with what seems like the same username, instead
using a pair of upper-case i’s to create the username. Unfortunately,
this “look alike letter” spoofing is a low-tech, but highly effective
impersonation trick that many buy into without conducting their own
verification check. This method can be used in spoofed email
domains as well, giving correspondence a seemingly “official” appearance. For
example, using an upper case “i” for a lower case “L” can make a
“@GoogIe.com” and “@Google.com” email domain virtually indistinguishable.
Another easier-to-spot method would be to swap, add or jumble letters of
a well-known domain. If you aren’t paying close attention, an illegitimate email
from “Mircosoft” might appear to be coming from “Microsoft.”
Example: “Hello! This is [email protected]! I have some money to
transfer to you, all that’s required is some details!” Of all the methods
we’ve shared so far, this malware method requires the most technical
know-how to pull off. Unfortunately, this also makes it the most difficult to
spot. In our previous example, spoofing is identified by carefully
spotting details that are visible to the human eye. In email
spoofing, a nefarious party has edited the metadata of an email to match
the details of the party it seeks to impersonate. Since this data is
hidden by default, a recipient will not be able to identify spoofing
unless they closely examine invisible email headers. Even in these cases, a
suspicious party needs to know what details to look for, in order to
identify abnormalities. Luckily, client-side detection has improved, and
programs like Gmail are able to identify some spoofed data mismatches by
flashing huge warning messages like these: However, scammers are in a
constant arms race with security researchers, and new exploits can fly under the
radar until new methods of verification are devised. Whenever a new world-
changing technology is released unto the masses, inspiring, industrious
individuals inevitably start thinking of positive use cases. On the flip-side,
other individuals nefariously plot how this technology can be used for their own
under-handed gain. In the internet’s case, for every exciting new
invention, we’re forced to contend with 10 Nigerian prince scams. And while
scammers are nothing new, thanks to cryptocurrencies, those committing
fraud have another means of receiving illicit funds. After all, we can now send
and receive large amounts of money pseudonymously over the internet
without the involvement of banks or governmental bodies. We are essentially
transporting money between alphanumeric strings, with no name, address or
identifying details attached. The most recent example of a large-scale attempt
at fraud through a Bitcoin scam occurred just this week, when an unknown
hacker(s) was able to gain access through social engineering to high-profile
Twitter accounts (like Barack Obama’s) and asked the public for Bitcoin. Twitter
users were bombarded for several hours on July 15 with giveaway tweets from the
likes of Elon Musk, Kim Kardashian and Apple — but also cryptocurrency exchanges
Binance and Coinbase, Coindesk and Justin Sun — asking them to send BTC to a
Bitcoin wallet and receive double back. Needless to say, the around 14 BTC that
was sent to the fraudster’s wallet is not being returned to anyone, anytime
soon. The irony is, cryptocurrencies are technically very safe and
efficient. Due to the “crypto” portion of cryptocurrencies and the
blockchain itself, transactions themselves are incredibly secure. This means
that the most vulnerable part of the crypto landscape is the human
element, which is incidentally the target of most scammers. Despite all of the
technology and security measures cryptocurrencies adhere to, familiar and low-
tech tricks such as spoofing and impersonation are now the most effective way to
scam money from unsuspecting users. Now more than ever, it’s important to ensure
that your crypto funds are being sent to the intended recipient rather
than an attractive or deceitful proposition. While paying attention to senders
is important, the messaging and content can easily tip you off of suspicious
activity. We also suggest being on the lookout for the following: Beyond any
obvious scams (Let’s say you were able to spot “Mircosoft” and cut off
communication with “BiII”), there are a few steps that you can perform to verify
an identity. This may seem like a momentum-ending reset button, but it’s the
surest way to verify that your contact is who they say they are. There are some
key things to remember: At any point, you have every right to request a method
of verification. This can include placing key details on a site’s official
channel or having a phone call via an officially listed number/extension. As a
humanoid arachnid’s Uncle Ben once said, “With great power comes great
responsibility.” The same is true with the internet and its seemingly unlimited
potential. Thanks to the internet, we have thousands of ways to communicate,
which unfortunately provides thousands of ways to be tricked. With crypto, we
have an untraceable, anonymous method of sending money, and we also have a
scammer’s dream. Hopefully this article has provided you with some tools to help
protect yourself from impersonation and scams in a crypto-based world. Be safe
out there!
Who Is John Smith, Really? When someone
envisions an online impersonation scheme, they might conjure up an image
of a man in sunglasses and a dark hoodie, surrounded by monitors of neon green
“Matrix” code. In reality, online impersonation can be pretty low-tech.
We’ll explore some frequently-seen schemes, from the easy-to-spot to tricky to
catch: In this case, you would be contacted by someone whose name does not match
up with the real person. Our users have reported being contacted by
scammers on Telegram. Names or emails may be an obvious
jumbled mess of letters and numbers. If this is the case, this is a likely and
obvious scam. Example: “Yes, my Telegram name is wrestlingfan316, but I
am really Bill Gates and I need to verify your account number in order to
send you money.” This method is an additional step-up from a
scammer who claims to be someone else, since the impersonator will go
through the effort to make a realistic-sounding ID. The regulation of
names on chat programs or social media is more popular, but not ubiquitous. This
means a scammer can potentially set their name to “Bill_Gates” or
“Microsoft_Bill” without credentials to back it up. There’s no guarantee
that a party is actually who their username claims to be, unless there is
some sort of verification process that shows official accounts
like the “Blue Check” on Twitter. Be careful when you receive a
suspicious, unsolicited message without verifying the name first.
Example: “My Telegram name is Bill_Gates. Only the real Bill Gates would
have this name, so I must be him!” Ok, you’ve verified the actual
username that Bill Gates uses, and it’s “Bill.” You’ve been talking with
“BiII,” so you should be fine, right? This is unfortunately, wrong. Take
another look at the two names above. The official username
is “Bill,” which is spelled with a pair of lowercase L’s. The imposter “BiII”
was able to create an account with what seems like the same username, instead
using a pair of upper-case i’s to create the username. Unfortunately,
this “look alike letter” spoofing is a low-tech, but highly effective
impersonation trick that many buy into without conducting their own
verification check. This method can be used in spoofed email
domains as well, giving correspondence a seemingly “official” appearance. For
example, using an upper case “i” for a lower case “L” can make a
“@GoogIe.com” and “@Google.com” email domain virtually indistinguishable.
Another easier-to-spot method would be to swap, add or jumble letters of
a well-known domain. If you aren’t paying close attention, an illegitimate email
from “Mircosoft” might appear to be coming from “Microsoft.”
Example: “Hello! This is [email protected]! I have some money to
transfer to you, all that’s required is some details!” Of all the methods
we’ve shared so far, this malware method requires the most technical
know-how to pull off. Unfortunately, this also makes it the most difficult to
spot. In our previous example, spoofing is identified by carefully
spotting details that are visible to the human eye. In email
spoofing, a nefarious party has edited the metadata of an email to match
the details of the party it seeks to impersonate. Since this data is
hidden by default, a recipient will not be able to identify spoofing
unless they closely examine invisible email headers. Even in these cases, a
suspicious party needs to know what details to look for, in order to
identify abnormalities. Luckily, client-side detection has improved, and
programs like Gmail are able to identify some spoofed data mismatches by
flashing huge warning messages like these: However, scammers are in a
constant arms race with security researchers, and new exploits can fly under the
radar until new methods of verification are devised. Whenever a new world-
changing technology is released unto the masses, inspiring, industrious
individuals inevitably start thinking of positive use cases. On the flip-side,
other individuals nefariously plot how this technology can be used for their own
under-handed gain. In the internet’s case, for every exciting new
invention, we’re forced to contend with 10 Nigerian prince scams. And while
scammers are nothing new, thanks to cryptocurrencies, those committing
fraud have another means of receiving illicit funds. After all, we can now send
and receive large amounts of money pseudonymously over the internet
without the involvement of banks or governmental bodies. We are essentially
transporting money between alphanumeric strings, with no name, address or
identifying details attached. The most recent example of a large-scale attempt
at fraud through a Bitcoin scam occurred just this week, when an unknown
hacker(s) was able to gain access through social engineering to high-profile
Twitter accounts (like Barack Obama’s) and asked the public for Bitcoin. Twitter
users were bombarded for several hours on July 15 with giveaway tweets from the
likes of Elon Musk, Kim Kardashian and Apple — but also cryptocurrency exchanges
Binance and Coinbase, Coindesk and Justin Sun — asking them to send BTC to a
Bitcoin wallet and receive double back. Needless to say, the around 14 BTC that
was sent to the fraudster’s wallet is not being returned to anyone, anytime
soon. The irony is, cryptocurrencies are technically very safe and
efficient. Due to the “crypto” portion of cryptocurrencies and the
blockchain itself, transactions themselves are incredibly secure. This means
that the most vulnerable part of the crypto landscape is the human
element, which is incidentally the target of most scammers. Despite all of the
technology and security measures cryptocurrencies adhere to, familiar and low-
tech tricks such as spoofing and impersonation are now the most effective way to
scam money from unsuspecting users. Now more than ever, it’s important to ensure
that your crypto funds are being sent to the intended recipient rather
than an attractive or deceitful proposition. While paying attention to senders
is important, the messaging and content can easily tip you off of suspicious
activity. We also suggest being on the lookout for the following: Beyond any
obvious scams (Let’s say you were able to spot “Mircosoft” and cut off
communication with “BiII”), there are a few steps that you can perform to verify
an identity. This may seem like a momentum-ending reset button, but it’s the
surest way to verify that your contact is who they say they are. There are some
key things to remember: At any point, you have every right to request a method
of verification. This can include placing key details on a site’s official
channel or having a phone call via an officially listed number/extension. As a
humanoid arachnid’s Uncle Ben once said, “With great power comes great
responsibility.” The same is true with the internet and its seemingly unlimited
potential. Thanks to the internet, we have thousands of ways to communicate,
which unfortunately provides thousands of ways to be tricked. With crypto, we
have an untraceable, anonymous method of sending money, and we also have a
scammer’s dream. Hopefully this article has provided you with some tools to help
protect yourself from impersonation and scams in a crypto-based world. Be safe
out there!