As eager investors seize ever-growing opportunities in the expanding cryptocurrency market, scammers are quickly adapting their tactics and finding new ways to steal their funds. One way they do this is through social engineering scams.
If you’re planning on investing in the crypto market, it’s important to know how to spot these types of scams and avoid them to protect you and your assets.
What Is Social Engineering?
Social engineering is a broad term used to refer to a variety of scams and other ill-intentioned activities based around manipulating interactions. Scammers often use social engineering to trick their victims into giving up sensitive information or money.
How Does Social Engineering Work?
Social engineering scams usually follow a similar pattern. First, the scammers typically conduct some sort of investigation into their potential victims. This allows them to understand their targets in order to find the most effective ways to manipulate them.
Next, the scammers contact the victim, often online, and attempt to gain their trust. They may do this by impersonating an individual or a reputable company. Once the fraudsters gain their victim’s trust, they begin to bait them into giving up sensitive data or handing over money.
Popular Types of Social Engineering Cryptocurrency Scams
In cryptocurrency phishing scams, the scammers reach out to victims and try to create some sort of false sense of urgency in order to obtain information. For example, they might email you and pose as customer service from your crypto wallet account and say there is a problem with your account in order to get you to give up your username and password. Then, they can hack into your account and steal all your cryptocurrency.
Spear phishing attacks are just more targeted phishing attacks. Whereas regular phishing attacks may target large groups of individuals, spear phishing attacks typically choose specific individuals or companies to attack.
For instance, a scammer might know that a certain company holds a large number of assets in cryptocurrency, so they then target someone at the company with access to the business’s crypto accounts (such as someone in the finance department) for a phishing attack.
Baiting is a form of social engineering scam that plays on peoples’ instinctive curiosity to install malware on their devices. For example, scammers might leave a USB drive infected with malware in a public location, hoping an unsuspecting victim picks it up and puts it into their computer. If you do this, the malware can track things like your logins and passwords on your device, thus giving the scammers access to your crypto wallets.
In pretexting social engineering scams, the fraudsters typically pose as someone you trust, such as a coworker, a friend, a family member, or a representative of a reputable organization. They then contact you about some issue and ask you questions to obtain personal information. In the case of cryptocurrency, they might pose as someone working for a certain crypto company that you have invested in.
Scareware is a type of malware that bombards you with fake alerts and warnings to get you to panic into giving up sensitive information. If scammers successfully get you to install scareware on your device, you may start receiving ads warning you that your crypto wallet account is locked and that you need to enter your user ID and password to regain access, for example.
In DNS spoofing attacks, fraudsters use domain name records to redirect your internet visits to fake sites. For instance, they might make a clone of a cryptocurrency wallet site and redirect you to it without you knowing, so when you enter your login info you’re really giving it to the scammers.
3 Real-Life Examples of Cryptocurrency Social Engineering Scams
MyEtherWallet is a crypto wallet site that was the victim of a DNS spoofing attack. In this real-life example of a cryptocurrency social engineering scam, users of the wallet site were presented with an error notification on the site’s homepage that they had to click through to continue. In reality, the link allowed hackers to empty users’ crypto wallets after they clicked it.
Asking for the Bitcoin Wallet Recovery Code
Another true example of a crypto social engineering scam involved scammers operating fraudulent Twitter accounts posing as Bitcoin wallet recovery services. When unsuspecting users contacted the Twitter accounts, they would be prompted to hand over recovery codes to ostensibly gain access to their Bitcoin wallet. Of course, the scammers used these codes to access the wallets themselves and steal Bitcoin.
The SnatchCrypto Campaign
Crypto scams don’t just target individuals. In what’s known as the SnatchCrypto Campaign scam, fraudsters targeted cryptocurrency startups. The scammers infiltrated various startups and spoke with their owners and employees to gain access to sensitive information that they could use to steal from the companies.
Ways To Recognize, Prevent, and Avoid Social Engineering
Check if a Company Is on a Blacklist on the Internet
Before you trust any company involved in the crypto market, do some independent research on them. A quick Google search will pull up any results for blacklists with their name on them.
Don’t Open Email Attachments From Suspicious Sources
This tip will protect against social engineering and malware attacks: never open attachments from unknown senders. Phishing attacks often try to trick you into thinking you need to click an attachment to fix some kind of issue with your crypto account, but the attachment will install malware to steal your sensitive info.
Use Multi-factor Authentication
Multi-factor authentication helps make your crypto wallet accounts more secure by requiring you to enter a unique code in addition to your password to log in. Whenever possible, turn on multi-factor authentication for your accounts to keep scammers out.
Be Wary of Tempting Offers
Scammers love to bait their victims by making too-good-to-be-true promises. If you ever receive communications from crypto brokers, investment advisors, or crypto wallet companies promising things like huge returns in exchange for little or no effort on your part, don’t believe them.
Update Your Antivirus and Antimalware Software Often
Having antivirus and antimalware software installed is one of the best ways to prevent your computer and other devices from becoming infected with malicious programs that can hack into your crypto accounts. Make sure to regularly update such software to ensure it catches the latest new types of malware and viruses.
Recover From Social Engineering: Use a Chargeback Company To Help You Get Money Back After Social Engineering Crypto Scams
If you’ve fallen victim to a social engineering scam that caused you to lose money or cryptocurrency, it’s easy to think that all is lost — but this isn’t necessarily true. Chargeback companies are a special type of fund recovery firm that specializes in retrieving stolen funds from all types of scams, including social engineering scams.
The experts at a chargeback company have experience dealing with cryptocurrency scams and know how to get your money back, either through a credit card chargeback or by tracking down and pressuring the scammers into returning all or some of your funds. The sooner you contact a chargeback company after you’ve been targeted by a social engineering scam, the better your chances are of recovering your money or cryptocurrency.