Investing in cryptocurrencies requires caution and attention, just like other types of activities like this. Amid the high profits and big tech figures working in the sector, so are cybercriminals, eyeing a type of financial asset that is difficult to track and easy to spray, with scams often resulting in irreparable damage to their victims.
Therefore, prevention is the main weapon. Knowing the ways in which crooks try to target you every day goes a long way in protecting wallets, accounts and profiles on virtual asset services, as well as ensuring safe trading on decentralized platforms. It was with this in mind that Kaspersky indicated the four most common scams for cryptocurrency theft:
fake sites
As in e-commerce, the use of malicious pages that simulate the appearance of real ones is common in the cryptocurrency segment. In addition to the design itself, criminals also use fraudulent domains that are similar to the original ones, with changed or extra characters that can escape the user’s less attentive look. On the other side, of course, are registration fields for data theft, malicious applications and false integration with wallets that end up leaving funds in the hands of scammers.
Attention is the main weapon for defense against these blows. Be aware of the domains accessed, especially if you arrive at them after a search, as criminals can acquire ads or use SEO techniques to make fraudulent results appear at the top of searches. Also note the presence of a padlock in the address bar, which indicates a secure site, and prefer only the official pages of companies and services.
malicious apps
In the same way as websites, software for the Android operating system, mainly, are also usually a gateway for scammers. They may mimic the appearance of legitimate services or promise completely new features, but they will always be on the lookout for wallet access keys or account integrations so assets can be siphoned off.
Protection here is also similar. The user must pay attention to what he downloads and prefer only official solutions from banks, exchanges and other services related to cryptocurrencies. Paying attention to solution developers, for example, is a good way to differentiate a fake solution from a legitimate one, which will have a greater number of downloads, comments and will have been published by the company responsible for the desired platform.
Even downloading from official stores, such as Google Play or the Apple App Store, the ideal is to keep an eye open. Prefer to obtain the applications from links on the official websites of the companies providing the services and just enter your information, mainly wallet keys and other credentials, in certified software.
Dangerous emails and messages
Phishing affects all segments and with cryptocurrencies it would not be different. Investment offers, high returns or free distribution of assets are some of the lures left by criminals in scams of this type, so that the user accesses the aforementioned fraudulent sites or downloads malicious applications, through which access credentials or assets can be stolen.
Again, attention is the main weapon to protect yourself. Watch out for incoming links, especially if they involve free assets or profits that are too high to be true — they usually aren’t. Haste is also the enemy of caution, with such offers often requiring quick action from users, another common sign of a phishing scam.
Here, too, there is an added element, with direct attacks on legitimate companies resulting in incidents of this type. It happened, for example, with the Bored Ape Yacht Club, one of the most prestigious collections of NFTs in the scene; in 2022, the project’s Instagram account was hacked and followers were given fraudulent links. The damage was more than US$ 2.5 million (about R$ 13 million).
When in doubt, always consult the platform’s official websites and profiles, as if the initiative actually exists, it will be published in these spaces. If you are not sure what you are doing, avoid entering information and, mainly, access keys or credentials. Also avoid downloading attachments or applications that are sent via email or direct message.
celebrity fakes
Elon Musk, Bill Gates and Barack Obama, as well as companies like SpaceX and events like Formula 1, have already served as bait for cryptocurrency scams. This is yet another type of phishing, in which the image of celebrities and well-known brands is used as a ruse for an alleged global delivery of assets, which in reality only exists to obtain undue transfers from users.
The scheme is simple. The crooks open a live stream on YouTube and Twitter, with profiles stolen from users with a good number of followers, and offer the bounty, using pre-recorded videos of lectures, events and other celebrity appearances. The idea is that, for each amount sent to a specific wallet, the returns will double or triple, in a large campaign that, as the cybercrime booklet says, only lasts a few hours, as a way to motivate impulsive action by users.
Again, the security tip is to always pay attention to the profiles accessed and not send money, as return schemes in this category simply do not exist. Searching for the official accounts of companies and celebrities helps to catch the scam quickly, so do not download applications indicated by alternative means or click on links sent in live streams and other channels that are not legitimate.
