Before we get further into this scam, here is a refresher course on cryptocurrency terminology:
- Cryptocurrency, also known as crypto, is a digital currency designed to work as a medium of exchange through a computer network that is not reliant on a central authority, such as a government or bank, to uphold or maintain it.
- Bitcoin is a type of cryptocurrency widely considered the most popular.
- Crypto is typically held by an individual in a “crypto wallet.”
- Cryptocurrency relies on a technology called blockchain. It is a sort of digital ledger that records transactions made across a decentralized network of computers that are linked together via the Internet.
- Cryptocurrency exchanges are services that allow you to purchase and sell crypto.
- Most exchanges require that you use a second factor of authentication to access your wallet and make trades on the exchange.
Losing access to your crypto account can happen in a few clicks if a bad actor gets access to critical information. Even though the blockchain is secure, a chain is only as secure as its weakest link.
Fraudsters use well-rehearsed methods to scam victims out of their money. One way is via an old hacking technique known as social engineering. Social engineering is the psychological manipulation of people into performing actions or divulging confidential information.
In a new spin on this old con, scammers will send an email pretending to be related to a cryptocurrency exchange. They will either draw you in with a lure or feign an issue with your account, for which they need information to provide a refund. In some cases, they might amp the stakes by saying if you don’t provide information right away, one of your recent trades will not go through.
These emails will often look official, including the header of the company that is being spoofed. They’ll include a fraudulent link that takes you to a site that asks for your crypto credentials, or requests other secure information. Often, the sites will simulate the real sites and can fool an untrained eye into thinking they are on their official exchange’s website. If you click on a bad link, the fraudster can potentially harvest your credentials or reset your password to prevent you from accessing your own account. Once they have taken over your account, they take over your money.
Don’t be the weak link when it comes to your financial security. Follow these tips to avoid becoming the next victim:
- Be wary of emails that claim to be from cryptocurrency exchanges.
- If you look closely, you can often see mistakes or issues on the emails, which betray their true nature.
- Never click on a link for which you cannot see the actual URL. Instead, manually enter the web destination directly into your browser.
- Be wary of unsolicited/unexpected emails.
- Be suspicious of deals, offers or promotions that seem too good to be true.
- Never provide your sensitive information via email.
If you think you have been contacted by a scammer, report the contact online via the Internet crimes complaint center (ic3.gov). If you fall victim to any of these types of scams, don’t be embarrassed. Report the scam to your law enforcement agency.