Browsing Tag

cryptocurrency wallet

security,

Top 5 Cryptocurrency Scams And How To Avoid Them

As we approach the end of the year, it is time to summarize the past 12 months. But as you know we eat and breathe security and our summary is more like a short guide on fraudsters’ favorite tactics and how to avoid them. As if the bear market was not enough, the cryptocurrency community had to withstand the rise of crypto-related scams. Unfortunately, there isn’t a sole thing that can guarantee you a 100% protection. But the good news is that by investing a couple of minutes (and some brain cells) a day, you can stay afloat the swindle ocean.

So without further ado, here’s the list of cryptocurrency scams that rose to prominence in 2018.

Straightforward hacking

There is nothing fancy about it except the fact that the evilest and powerful hacking entity is Lazarus. In case you’ve missed the news, Lazarus is the brainchild of the North Korean regime. Yeah, that’s right, the commies have their own hacking entity, which is believed to be behind the infamous Coincheck hack.

Kaspersky Labs has been closely following Lazarus over the years and has warned that it is already building a brand new malicious software aimed to take on Linux. The cybersecurity company states:

“It would seem that in the chase after advanced users, software developers from supply chains and some high-profile targets, threat actors are forced to develop Mac OS malware tools. The fact that the Lazarus group has expanded its list of targeted operating systems should be a wake-up call for users of non-Windows platforms.”

Lazarus has become notorious for penetrating Windows and Mac systems, fintech companies, exchanges, and whatever comes to your mind. Since the group is not kidding we believe that the smartest thing to do is to refrain from using online wallets. It would be much better to go for a hardware wallet instead. If you are not sure why, check our cryptocurrency wallet guide.

Bitcoin blackmailing

While blackmailing is a classic move, it wasn’t until that summer that it became a thing in the crypto world. Here is how it goes. You open your email and there is suddenly someone telling you they know your password (which they do) and have photos of you doing your thing while watching those nasty movies (which is most likely a false claim). The bad actors tell you that if you don’t pay a certain amount of Bitcoin, they will send all of your “Oh” photos to your contacts.

But don’t panic. While the baddies might indeed have some of your passwords it doesn’t mean that they know something about you, neither do they have any photos. These are just randomly sent emails, which rely on recipients fears. For your own safety, it is better to change passwords and cover your laptop camera. However, you can always check how the culprits got your password using this search engine.

Did I fail to mention not to pay the ransom? Well, don’t! Those fuckers don’t deserve a penny. Do not respond to their email either.

Botnets

These are designed to spread malware all over the internet and infect websites, computers, servers, etc. Once the baddies infect their targets, they can control them directly all pull all sorts of nasty tricks. Luckily, the cybercriminals are often using them for cryptojacking purposes, which you can easily block by using the right browser extensions.

In worse case scenarios, you might be tricked into downloading malicious files. Despite that, a top-notch antivirus should be able to handle the situation.

Social engineering

Some culprits prefer to do it the old-school way. Unfortunately, social engineering and phishing still work surprisingly well. According to Kaspersky, over 100,000 malicious pages have been used to redirect traffic to authorization pages of renowned exchanges like Bittrex, Binance, and Kraken. Of course, these are just copycats aiming to steal your credentials. And even EtherDelta users ate some phish (pun badly intended) earlier this year.

Kaspersky elaborates:

“Scammers also try to use the speculation around cryptocurrencies to trick people who don’t have a wallet: they lure them to fake crypto wallet sites, promising registration bonuses, including cryptocurrency. In some cases, they harvest personal data and redirect the victim to a legitimate site. In others, they open a real wallet for the victim, which is compromised from the outset.”

Sadly, the only way to protect yourself from phishing and social engineering is to be extra cautious when typing private seeds and passwords. Plus, it is advisable to enable two-factor authentication (a.k.a. 2FA) just in case.

Fake wallets

Google Play and Apple’s AppStore are plagued with copycats of legitimate cryptocurrency wallets. Always pay extra attention to tiny details such as publisher, publishing date, number of downloads, etc. In addition, do your research before installing a mobile wallet and double-check its rating and reviews. And as always, please don’t go for wallets that offer you some free tokens upon registration, you’ll thank me later.

 

security,

How To Protect Your Cryptocurrency In 1 Single Step

If you haven’t noticed so far we are often bitchin’ about security here. And while there are some things that are out of your control (like hacker’s attacks), others are up to you. For example, talking about how much Bitcoins you own is a bad idea. Doing this in public is even worse because you can easily drag the attention of any fraudsters nearby. Your bragging is music to their ears as they start to see you as a target.

In case you don’t believe us, consider this – a Google executive who specializes in fighting email frauds recently discussed the matter in a chat with CNBC. Mark Risher explained that people who like to talk about their cryptocurrency fortunes in public often fall victims to email hack attempts.

“It could just be a case of mistaken identity or guilt by association,” he said, adding that cybercriminals can easily find your email. He explained that they often monitor social media accounts and target people who are smart enough to reveal they own some tokens.

“They could be using someone who seems to be low value to pivot toward somebody considered a higher value target, like somebody political in nature. Or maybe they saw that you were discussing Bitcoin on a public message board.”

Another bad idea is to use one and the same email address to both log in to social media and back up your cryptocurrency wallet. It is a piece of cake to check somebody’s email on Facebook and then hack it, reset its password and do some other nasties.

Fraudsters are getting smarter

While you are unlikely to fall for the ancient “Nigerian Prince” scam (we hope so) the bad boys often do their research pretty well before contacting you. They might be impersonating someone you know and trust.

“You might think of this generic ‘Dear Sir or Madam, I am contacting you to ask you for a favor,’ but the truth is many of these attackers have done some serious research on their victims. So you might get what we call ‘social truth’ in your message,” Risher adds.

The point here is, don’t talk about crypto. Neither in public nor in social media. Use several email addresses and pay extra caution when dealing with those connected to financial services. Level up your passwords and pins to further enhance your protection.