As we approach the end of the year, it is time to summarize the past 12 months. But as you know we eat and breathe security and our summary is more like a short guide on fraudsters’ favorite tactics and how to avoid them. As if the bear market was not enough, the cryptocurrency community had to withstand the rise of crypto-related scams. Unfortunately, there isn’t a sole thing that can guarantee you a 100% protection. But the good news is that by investing a couple of minutes (and some brain cells) a day, you can stay afloat the swindle ocean.
So without further ado, here’s the list of cryptocurrency scams that rose to prominence in 2018.
There is nothing fancy about it except the fact that the evilest and powerful hacking entity is Lazarus. In case you’ve missed the news, Lazarus is the brainchild of the North Korean regime. Yeah, that’s right, the commies have their own hacking entity, which is believed to be behind the infamous Coincheck hack.
Kaspersky Labs has been closely following Lazarus over the years and has warned that it is already building a brand new malicious software aimed to take on Linux. The cybersecurity company states:
“It would seem that in the chase after advanced users, software developers from supply chains and some high-profile targets, threat actors are forced to develop Mac OS malware tools. The fact that the Lazarus group has expanded its list of targeted operating systems should be a wake-up call for users of non-Windows platforms.”
Lazarus has become notorious for penetrating Windows and Mac systems, fintech companies, exchanges, and whatever comes to your mind. Since the group is not kidding we believe that the smartest thing to do is to refrain from using online wallets. It would be much better to go for a hardware wallet instead. If you are not sure why, check our cryptocurrency wallet guide.
While blackmailing is a classic move, it wasn’t until that summer that it became a thing in the crypto world. Here is how it goes. You open your email and there is suddenly someone telling you they know your password (which they do) and have photos of you doing your thing while watching those nasty movies (which is most likely a false claim). The bad actors tell you that if you don’t pay a certain amount of Bitcoin, they will send all of your “Oh” photos to your contacts.
But don’t panic. While the baddies might indeed have some of your passwords it doesn’t mean that they know something about you, neither do they have any photos. These are just randomly sent emails, which rely on recipients fears. For your own safety, it is better to change passwords and cover your laptop camera. However, you can always check how the culprits got your password using this search engine.
Did I fail to mention not to pay the ransom? Well, don’t! Those fuckers don’t deserve a penny. Do not respond to their email either.
These are designed to spread malware all over the internet and infect websites, computers, servers, etc. Once the baddies infect their targets, they can control them directly all pull all sorts of nasty tricks. Luckily, the cybercriminals are often using them for cryptojacking purposes, which you can easily block by using the right browser extensions.
In worse case scenarios, you might be tricked into downloading malicious files. Despite that, a top-notch antivirus should be able to handle the situation.
Some culprits prefer to do it the old-school way. Unfortunately, social engineering and phishing still work surprisingly well. According to Kaspersky, over 100,000 malicious pages have been used to redirect traffic to authorization pages of renowned exchanges like Bittrex, Binance, and Kraken. Of course, these are just copycats aiming to steal your credentials. And even EtherDelta users ate some phish (pun badly intended) earlier this year.
“Scammers also try to use the speculation around cryptocurrencies to trick people who don’t have a wallet: they lure them to fake crypto wallet sites, promising registration bonuses, including cryptocurrency. In some cases, they harvest personal data and redirect the victim to a legitimate site. In others, they open a real wallet for the victim, which is compromised from the outset.”
Sadly, the only way to protect yourself from phishing and social engineering is to be extra cautious when typing private seeds and passwords. Plus, it is advisable to enable two-factor authentication (a.k.a. 2FA) just in case.
Google Play and Apple’s AppStore are plagued with copycats of legitimate cryptocurrency wallets. Always pay extra attention to tiny details such as publisher, publishing date, number of downloads, etc. In addition, do your research before installing a mobile wallet and double-check its rating and reviews. And as always, please don’t go for wallets that offer you some free tokens upon registration, you’ll thank me later.