To print this article, all you need is to be registered or login on Mondaq.com.
Payment scams exploiting the lure of cryptocurrency are a
growing concern for individuals and businesses—losses from crypto scams increased from $907 million in
2021 to $2.57 billion in 2022. These scams typically involve
criminals posing as an expert or a legitimate company to try to
trick people into transferring funds or providing sensitive
information. By being aware of how criminals carry out these scams,
both organizations and individuals can help protect their finances
and data.
Who Is Targeted?
Just like all financial scams, cryptocurrency scams target a
range of individuals and enterprises. Criminals find their targets
from many sources: they may find a victim’s name and email
address from LinkedIn or social media, or they may target
individuals based on recon that they are interested or trade in
cryptocurrency. For example, if an individual is a member of an
online crypto community or discusses cryptocurrency on public
forums, that person may be targeted by criminals.
With cryptocurrency companies front and center in the news, many
people and businesses are eager to jump on the bandwagon, even
though they do not know much about it. Perhaps they’ve heard a
celebrity endorsing cryptocurrency or they hear that they can make
a lot of money. Whatever the reason, this lack of knowledge means
that victims are more likely to miss red flags and fall for a
scam.
Users of cryptocurrency need to understand that the central
promise of cryptocurrency transactions is that there’s no need
for a central intermediary, such as a bank or payment processor, to
execute these transactions. The upside of this is that users have
more control to execute fast payments, but the downside is that
there is often no recourse in the event of fraud, theft, and even
user error.
Cryptocurrency transactions are irreversible and, unlike bank
deposits, are not covered by government-backed insurance. This
means that once cryptocurrency is sent to a criminal, it may never
be recovered.
Some Common Crypto Scams
Investment scams
“Get-rich-quick” schemes are common tactics used in
crypto scams, often executed through social media.
In one variation, the victim is contacted directly through a
social media community. For example, the victim belongs to a crypto
investment group on Facebook, and they receive a direct message
from another member—the scammer—about a great
opportunity. The scammer knows that someone already belonging to a
crypto investment group is more likely to respond to an unsolicited
offer promising a large return on their investment. The scammer
keeps the con going by initially asking for and returning small
amounts, building up to a larger investment request—which
disappears once the victim sends the funds.
A second variation is when the victim is contacted by a friend
or business acquaintance about a crypto investment opportunity. In
reality, the person is being contacted by a criminal who is
masquerading as the friend or acquaintance. The scammer hopes that
a solicitation from a known contact will convince the victim to
comply with the request.
Romance scams
Many have heard of the “Tinder Swindler” and have read
about romance scams. These scammers build trust in a seemingly real
relationship, then con the victim into sending funds. Such crypto
dating scams are often called “pig butchering”—just
like a farmer running a livestock production, once the end goal is
reached, the relationship is over.
In a sextortion (sex + extortion) scheme, criminals send emails
to the victim claiming to have sexually explicit photos or videos
and demand a cryptocurrency payment to keep the photos secret. Even
if the victim pays the original extorted amount, the criminals
sometimes demand more blackmail at a later time, which the victim
often pays—losing even more money.
ATM scams
Crypto ATMs may be used by criminals to scam their victims using
a familiar technology. The victim may have been targeted through a
romance scam or conned by a call from a “government
agency” or “bank” and instructed to deposit funds
using a cryptocurrency ATM. After the money is converted to
cryptocurrency and sent to the criminal’s account, the funds
are moved off-platform and the ATM network cannot help the victim
recover their funds.
Phishing scams
Criminals use a twist on the classic phishing email or text to
convince the recipient that the email was sent from a legitimate
cryptocurrency platform. The message may include details on an
“investment opportunity” or deposit instructions, or may
be styled as a spoof “customer support” message. If the
victim clicks the link, they are asked to enter their
cryptocurrency account credentials into a webpage that closely
mimics a real cryptocurrency platform, giving criminals the
information needed to sign into the victim’s account and steal
their money.
Fake app scams
Criminals can be as skilled in creating fake apps as they are in
creating fake websites. Victims may be tricked by realistic-looking
names and logos when searching for a cryptocurrency app, and
install the fraudulent app instead of the legitimate app.
As part of an investment or romance scam, criminals may ask
their victims to install a specific app that appears to be a
legitimate cryptocurrency app. After installing the copycat app,
the victim deposits money into it, which is then stolen by the criminals.
Alternatively, bogus cryptocurrency apps may contain malware.
Criminals can develop apps that may execute malicious activities on
mobile devices, such as stealing banking credentials, monitoring
text messages, preventing the app from being uninstalled, and even
evading detection by security software. Confirming that
cryptocurrency apps are legitimate—reading reviews and only
installing an app from the official store—is imperative prior
to installing apps or depositing money.
Elder abuse scams
Financial fraud involving seniors has increased, and saw a sharp
increase during the COVID pandemic. Seniors often prove
to be more vulnerable to crypto scams because they may be less
informed about new technologies such as cryptocurrency. Scammers
view a trusting, less tech-savvy senior as easy bait with a
potentially large retirement account. Investment schemes,
tech-support scams, romance cons, real estate swindles, and
IRS-type frauds are common techniques used to target seniors.
Unfortunately, after they are convinced that a scam is real and
send their savings to criminals, seniors may have to re-build their
nest eggs.
No matter the type of scam they are trying to perpetrate, many
criminals will use the same techniques. Be alert to these
indicators of a cryptocurrency scam:
- Investors are promised a large profit in a short amount of
time. - A stranger or a “celebrity” approaches an individual
on social media or a dating site about an investment
opportunity. - A cryptocurrency payment is demanded in order for an applicant
to start a job or receive a service. - An individual receives a check or overpayment and then is asked
to wire the difference to a crypto exchange. - An email, text, or message from a legitimate-sounding company
or government agency demands that an individual makes a
cryptocurrency payment, shares financial or banking account
information, or clicks a link to see more information. - An individual receives an unexpected message from
“customer support” about their cryptocurrency transaction
and is encouraged to click on a link or share private
information. - There is pressure to act immediately on an urgent request.
Due Diligence Serves as Protection Against Cryptocurrency
Scams
Understand that once cryptocurrency is transferred from a
cryptocurrency platform, the transaction cannot be stopped or even
recovered. Do due diligence before agreeing to any
transaction—whether business or personal—that involves
cryptocurrency.
- Pause before responding to requests. Anyone
being asked to send cryptocurrency as a payment should understand
the impact it could have on their finances, especially if the
person asks for additional payments. Don’t respond to
unexpected contacts or investment opportunities, and be wary if a
known individual or business suddenly demands payment with
cryptocurrency without explanation. - Verify the person or company before money is
sent. Random or new contacts should be thoroughly vetted.
Do not accept funds from or transfer funds to anonymous or unknown
people or organizations. - Don’t take any information at face value.
Investigate the claims around any investment, especially if they
seem too good to be true or promise overnight windfalls. Be wary of
advice from celebrities, people on social media or internet forums,
or anyone else who doesn’t have financial credentials. If it
seems too good to be true, it’s probably a scam. Real financial
professionals will provide a long series of consumer disclosures
and will not provide unsolicited investment advice. - Avoid clicking on links that appear in a suspicious or
unexpected email, text message, or social media direct message
(DM). It may be an attempt to install malware or steal
account credentials. This includes an unexpected call or message
from a purported cryptocurrency platform “customer support
representative” who claims that there is an issue with an
account. - Do not send sensitive information. Never email
or text contact details, private crypto account information (e.g.,
username, password, private cryptographic keys, seed phrases), or
other sensitive information. Don’t respond to pressure to give
out this type of information; rather, consider cutting ties and
reporting the individual/entity. - Secure financial accounts. Use strong
credentials and enable multi-factor authentication for all
accounts. Do not share passwords, private crypto keys, or seed
phrases with anyone. Confirm that websites, URLs, and internet
addresses are legitimate before entering any sensitive information.
Remember, once a cryptocurrency transaction is initiated, it
can’t be stopped (this includes erroneous sends to a wrong
address or “fat finger” errors). - Keep a detailed log of transactions. Save a
record of all transactions, including screenshots of all completed
transactions along with any confirmation texts and emails. Monitor
financial accounts frequently to spot irregularities. - Be aware of how public information about individuals
can be used. The more public information that is available
about a person, the easier it is for a criminal to target them.
Individuals should check the security and privacy settings of all
social media and financial accounts to confirm that only trusted
contacts and friends can view their profiles.
Taking Action After a Scam
Cryptocurrency is not insured by a government entity so it can
be very difficult to recover stolen money. Enterprises or
individuals who fall victim to these scams are still encouraged to
report the crime, as law enforcement may be able to follow the
money trail to identify the criminal or fraud ring and help recover
at least part of the money or perhaps bring the scammers to
justice. Reporting the crime may also help prevent future
scams.
- Report the crime to the following entities:
-
- The cryptocurrency exchange that was used to send the
money - Local and national police enforcement
- If appropriate, the online dating app or social media website
where contact began. This may prevent the scammer from accessing
more victims.
- The cryptocurrency exchange that was used to send the
- Stop communicating with the criminals. However, keep all
evidence of the crime, such as the name of the exchange used to
convert cryptocurrency, transaction IDs, and wallet (account)
addresses. Make sure to save names, profiles, emails, texts, and
any other communications with the scammer(s). - Implement online security protocols:
-
- Block the criminal’s profile. Also block them on messaging
apps, texts, and calls. - Confirm that all personal social media accounts are
private.
- Block the criminal’s profile. Also block them on messaging
- Change credentials immediately if there is evidence the
criminal has accessed any accounts, such as an online banking or
cryptocurrency account. Inform the bank and credit card companies
that fraud may have occurred. - While it may be tempting to hire an asset recovery firm, be
wary of exaggerated claims of recovery capabilities and upfront
charges. Do research and read reviews before committing to an
agreement. Understand that in most cases, even if the firm can
trace the flow of funds, they may not be able to recover the
money.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Technology from United States