Finnish police estimates that Finnish people lose tens of millions of euros to different investment scams yearly. Phishing for bank details is a common scam, but as cryptocurrencies have become more popular, scammers have started also using them more to lure victims. The aim of this post is to help identify common scams that involve cryptocurrencies and give good tips on how to avoid falling victim to them.
Last updated: 09.02.2023 10:42Five good rules
Rule 1. Never send cryptocurrency to an address you are not completely sure of!
Transactions with cryptocurrencies are final, meaning they cannot be reversed or undone. This is the first thing to understand about cryptocurrency transactions. If you are going to send your cryptocurrencies to somewhere else than to your own crypto wallet, be very careful. If you have any doubts about the receiving address, do not make the transaction.
Rule 2. Never give access to remote control software!
Remote control software programs, which give scammers the ability to control the victim’s device remotely, are used in many scams. Often in these scams the victim gives the permission for these programs due to scammers lies. Common excuse that scammers give is to "help" the victim with some technologically difficult tasks. Example of this kind of scam is the so-called "Microsoft help scam-calls". In these the scammer pretends to be from Microsoft support and claims to help the victim for example to protect themselves from hackers trying to get access to their information. Other examples on how the victim is scammed into installing these remote control softwares is for the scammers to pretend to help them register more easily into investment service or some other task that might seem technically difficult. Because cryptocurrencies are often perceived as technically complex, scammer may use this as an excuse, so remember, NEVER GIVE ACCESS TO REMOTE CONTROL SOFTWARE!
Rule 3. Never click a suspicious link!
Most people are familiar with spam emails and know how to spot them quite easily. No, a prince from a foreign country doesn’t want to donate his money to you and you haven’t won one bitcoin in a raffle you didn’t even participate in. Sometimes scammers also use hacked social media accounts to send out these links. So, if you get a strange message from a friend or get tagged into some odd post, do not click the links in them. If you are suspicious, you can always contact your friends with some other channel and make sure it’s really them.
Rule 4. Double check the website address!
Common scam on the internet for several years has been to make a copy of a popular website so that when a victim goes to log in or register, they unknowingly give the scammers their password and other information. The scammers website can otherwise look exactly like the real one, but when you look closely at the website address you can notice how for example a small l-letter has been changed to a large I-letter. These kinds of websites are also used to phish private keys to crypto wallets. For example, a Finnish newspaper Iltalehti reported on a case, where the victim thought he was using a website named spookyswap, but the scammer's website name was spookysvvap. What makes these kinds of scams very unfortunate is that scammers often manage to get their phishing websites high up in search engines search results, by using for example ad slots. So, remember to be extra careful if you are searching for a new website with search engines. You can also bookmark trusted websites you use often.
Rule 5. Never give the private keys to your crypto wallet to anyone!
If you decide to move your cryptocurrency out from Northcrypto into your own crypto wallet, make sure that the private keys for that wallet are stored safely. Private keys mean the list of different words you have to write down when you create a new crypto wallet. For example, in the example given in the last rule, the fake website asked for the victim’s private keys when he connected his wallet to the website. Scammers also target their phishing attempts on people asking for help with their crypto wallets on social media. You don’t need to your use your private keys unless you are moving your wallet from a device to another, so NEVER GIVE THE PRIVATE KEYS TO YOUR CRYPTO WALLET TO ANYONE!
Common scams
Phishing
With cryptocurrencies, phishing attempts are often used to gain access to the victim’s accounts or crypto wallets. This is why it’s good to use two-factor authentication and to remember rule number 5. Like mentioned in rule 3, many phishing emails are quite easy to recognise to be scams. There are however some phishing e-mails that are made to look very authentic and hard to spot as scams. Example of this kinds of emails are messages pretending to be from MetaMask crypto wallet "support". If you get an unexpected email, it is always good to be extra careful, and a good rule is to not log in to anything from links in these kinds of emails. If you have doubts, try contacting the perceived sender through some other channel.
In addition to emails and search engines, scammers also try to get their phishing programs into app- stores. So, if you are going to download a new app be very careful and double check that it is the right one. The app-stores try to stop the phishing apps from being listed and remove them, which means that if you see that the app is very recently listed, you should be very cautious.
Messaging services (Telegram & Discord)
Messaging services like Telegram and Discord are very popular platforms for different crypto projects or content creators to host their communities. Unfortunately, scammers have also used these platforms to target victims. Common scam used on these services is a private message that appears to have come from a member of the crypto project or content creator being followed. Often these imposter accounts used by scammers are very well made and resemble the wanted trusted entity. This makes them harder to spot as scammers. Fortunately, in these groups it is a common practice that administrators do not ever send private messages to group members first. Questions will be answered only inside the group. This means that if you ask a question or ask for help in one of these groups and someone sends you a private message, it is practically always a scammer trying to imitate the group administrator to phish your information.
Giveaway-scams
Probably one of the most common scams using cryptocurrencies is so-called giveaway-scams. In addition to previously mentioned messaging services, one can spot them on social media platforms such as Facebook, Twitter, and YouTube. Aim of these scams is to get the victim to send their cryptocurrency into scammers wallets by for example promising to return the sent amount by tenfold. So, remember rule 1 and DO NOT SEND YOUR CRYPTOCURRENCIES TO THESE ADDRESSES! Scammers very often also use the brand of well-known rich persons to lure victims in. For example, there are many fake accounts impersonating Elon Musk on Twitter and videos or livestreams about Michael Saylor on YouTube that are used for these scams. In some cases, hackers have even managed to take over celebrities' real social media accounts and used them for these scams.
Pyramid schemes and other business scams
Business worlds pyramid schemes, or so-called Ponzi-schemes, are based on the constant flow of new capital from new customers to pay for the profits of older customers. Examples of "cryptocurrencies" using this Ponzi tactic were Onecoin and Bitconnect. A very big warning sign of a pyramid scheme is the requirement or incentive for the customer to recruit new customers. In case of Onecoin and Bitconnect for example, the profits were partially tied to the new customers recruited.
Because pyramid schemes are quite common knowledge today, scammers also use other kinds of "great" business opportunities to lure victims. A Common such scam in previous years has been a website made to look like a news site, where a local celebrity tells how they were able to make a lot of money by using cryptocurrencies. These kinds of fake news stories have been sent via emails, but scammers have also used them as adverts on some websites or in Facebook groups for example.
Romance scams
With dating apps popularity growth so-called romance scams have also become more common. In these, the scammer uses social manipulation and exploits the victims’ feelings. These scams often last for long periods of time and cause feelings of shame on the victims, which causes the scams to be left unreported. Scammers try to win the victims trust with open conversations and even phone calls with the victim. After winning the trust the scammers typically ask money from the victim to help with a sudden trouble or for example to travel to see the victim. Often the reason to ask for the money can be to pay for bureaucracy for an inheritance or handling fees for some funds stuck in customs, thus giving the victim the impression that they will soon get their money back. Cryptocurrencies have become more common also in romance scams because, as mentioned in rule number 1, the transactions are final, but also because cryptocurrencies are well suited for global transfers. Scammers can ask for money in cryptocurrencies citing for example their bank accounts suddenly being frozen or being a victim of robbery themselves. Scammers can also try to create a sense of urgency for the victim by sending pictures as "evidence" of the events. So, if a person you meet online asks you for money, notify the authorities and follow rule 1 and do not send your cryptocurrencies to an address you are not completely sure about.
Conclusion
Unfortunately, we will never get rid of scams completely because new ones will always be invented. So, if you suspect that you have been a target of a scam, even though it doesn’t match any of those presented in this text, don’t leave yourself alone with the matter. Recognising common scams presented above and following the five good rules you can however reduce your likelihood to fall a victim to scammers. So be careful with new websites, and never send your information or funds to wrong people. If you however find yourself a victim of a scam someday, don’t be afraid to contact the right authorities.
Manu Isto Cryptocurrency specialist