4 Signs of Crypto Scams
When someone envisions an online impersonation scheme. They might conjure up an image of a man in sunglasses and a dark hoodie, surrounded by monitors of neon green “Matrix” code.
In reality, online impersonation can be pretty low-tech. We’ll explore some frequently-seen schemes, from the easy-to-spot to tricky to catch:
1. Claim to Someone Else’s Fame
In this case, you would be contacted by someone whose name does not match up with the real person. Our user reports contacts by scammers on Telegram. Names or emails may be an obvious jumbled mess of letters and numbers. If this is the case, this is a likely and obvious scam.
Example: “Yes, my Telegram name is wrestlingfan316, but I am Bill Gates and I need to verify your account number to send you money.”
2. Fake Name and Impersonation
This method is an additional step-up from a scammer who claims to be someone else. Since the impersonator will go through the effort to make a realistic-sounding ID.
The regulation of names on chat programs or social media is more popular. But not ubiquitous. This means a scammer can potentially set their name to “Bill_Gates” or “Microsoft_Bill” without credentials to back it up. There’s no guarantee that a party is actually who their username claims to be. Unless there is some sort of verification process that shows official accounts like the “Blue Check” on Twitter. Be careful when you receive a suspicious, unsolicited message without verifying the name first.
Example: “My Telegram name is Bill_Gates. Only the real Bill Gates would have this name, so I must be him!”
3. Impersonating Usernames with Look-Alike Letters: The Perils of Sans-Serif
Ok, you’ve verified the actual username that Bill Gates uses, and it’s “Bill.” You’ve been talking with “BiII,” so you should be fine, right?
This is, unfortunately, wrong. Take another look at the two names above. The official username is “Bill,” which is spelled with a pair of lowercase L’s. The imposter “BiII” was able to create an account with what seems like the same username, instead of using a pair of upper-case i’s to create the username.
Unfortunately, this “look-alike letter” spoofing is low-tech. But highly effective impersonation trick that many buy into without conducting their verification check.
This method can be used in spoofed email domains as well, giving correspondence a seemingly “official” appearance. For example, using an upper case “i” for a lower case “L” can make a “@GoogIe.com” and “@Google.com” email domain virtually indistinguishable.
Another easier-to-spot method would be to swap, add or jumble letters of a well-known domain. If you aren’t paying close attention, an illegitimate email from “Mircosoft” might appear to be coming from “Microsoft.”
Example: “Hello! This is biII@mircosoft.com! I have some money to transfer to you, all that’s required is some details!”
4. Email Spoofing
Of all the methods we’ve shared so far, this malware method requires the most technical know-how to pull off. Unfortunately, this also makes it the most difficult to spot.
In our previous example, spoofing is identified by carefully spotting details that are visible to the human eye. In email spoofing, a nefarious party has edited the metadata of an email to match the details of the party it seeks to impersonate. Since this data is hidden by default, a recipient will not be able to identify spoofing unless they closely examine invisible email headers. Even in these cases, a suspicious party needs to know what details to look for, to identify abnormalities.
Luckily, client-side detection has improved, and programs like Gmail can identify some spoofed data mismatches by flashing huge warning messages like these:
However, scammers are a constant arms race with security researchers, and new exploits can fly under the radar until new methods of verification are devised.
Cryptocurrency Fraud and How to Avoid It
Whenever a new world-changing technology is a release unto the masses, inspiring, industrious individuals inevitably start thinking of positive use cases. On the flip-side, other individuals nefariously plot how this technology can be used for their under-handed gain. In the internet’s case, for every exciting new invention, we’re forced to contend with 10 Nigerian prince scams.
And while scammers are nothing new, thanks to cryptocurrencies, those committing frauds have another means of receiving illicit funds. After all, we can now send and receive large amounts of money pseudonymously over the internet without the involvement of banks or governmental bodies. We are essentially transporting money between alphanumeric strings, with no name, address, or identifying details attached.
The most recent example of a large-scale attempt at fraud through a Bitcoin scam occurred just this week when an unknown hacker(s) was able to gain access through social engineering to high-profile Twitter accounts (like Barack Obama’s) and asked the public for Bitcoin. Twitter users were bombarded for several hours on July 15 with giveaway tweets from the likes of Elon Musk, Kim Kardashian, and Apple — but also cryptocurrency exchanges Binance and Coinbase, Coindesk, and Justin Sun — asking them to send BTC to a Bitcoin wallet and receive double back.
Needless to say, the around 14 BTC that send to the fraudster’s wallet were not returned to anyone, anytime soon.
The irony is, cryptocurrencies are technically very safe and efficient. Due to the “crypto” portion of cryptocurrencies and the blockchain itself, transactions themselves are incredibly secure. This means that the most vulnerable part of the crypto landscape is the human element, which is incidentally the target of most scammers.
Despite all of the technology and security measures cryptocurrencies adhere to, familiar and low-tech tricks such as spoofing and impersonation are now the most effective way to scam money from unsuspecting users. Now more than ever, it’s important to ensure that your crypto funds send to the intended recipient rather than an attractive or deceitful proposition.
What to Suspect When You’re Suspecting Crypto Scams
While paying attention to senders is important, the messaging and content can easily tip you off of suspicious activity. We also suggest being on the lookout for the following:
- Spelling, formatting, and grammar mistakes
- Correspondence from official sources should check and well-write. While “nobody’s perfect,” multiple blatant grammar and spelling mistakes should raise concerns.
- If it sounds too good to be true…
- A sales team representative is offering you a 50% discount, for a limited time only! That’s great, but is the deal realistic? Lavish offers are often an attempt to hook people’s trust.
- Unsolicited contact
- It’s certainly not unusual to receive marketing emails, but if someone was looking to impersonate an email address, this is a prime opportunity to do so. Out of the blue promotions don’t need to write off as a complete red flag, but due diligence should perform before sensitive information or funds have exchanged.
- Use your instincts
- This is the most intangible advice we can offer. Flags may involve the overall tone of a conversation, insistence or pressure to move forward, or inconsistencies with stories and claims. Regardless, if something feels “off” to you, you have the right to pull out of a deal or to simply stop communication.
