Email Security Intelligence - Cryptocurrencies & Email Fraud - Everything You Need to Know

In the digital age, cryptocurrency is extremely valuable, so much so that cybercriminals are using a range of techniques to trick victims into sending it to them. Millions of phishing emails are sent out every day, using methods to extort and steal cryptocurrencies like Bitcoin from victims.

Malicious actors have a variety of techniques at their disposal designed to trick users into transferring sums of money, including fraudulent requests for charity donations and business email compromise (BEC) scams. This article will discuss the vulnerabilities of cryptocurrency and provide some examples of scams to look out for.

What To Know About Cryptocurrency

A cryptocurrency is an electronic form of digital currency based on blockchain technology that has had a massive increase in popularity in recent years and can be risky if you don’t follow the best cybersecurity practices. Cryptocurrency is typically purchased via cellphone, computer, or through a cryptocurrency ATM. Bitcoin and Ether are the most common forms, though there are many other options, and new ones keep being created.

Because cryptocurrency exists only online, there are key differences between cryptocurrency and traditional currency to consider. For example, cryptocurrency accounts are not supported by the government. Cryptocurrency is not insurable like traditional money in an insured bank account, so should something happen to your account or cryptocurrency funds there is no obligation for the government to help get your money back. Cryptocurrency values also change constantly and the change in value can be significant. It also tends to be more volatile than government-backed money, typically because of supply and demand, among other factors. Once the value goes down, there’s no guarantee it will increase again.

The Dangers of Cryptocurrency Scams

Cryptocurrencies like Bitcoin make it easy for cyber thieves to demand large payouts from companies after encrypting your information because it is essentially untraceable. A report from 2020 found that malicious actors received nearly $700 million in cryptocurrency, up nearly 300% from $192 million in 2019. To prevent the consequences that may be associated with purchasing cryptocurrency, you must first understand the potential methods that scammers may use. Some of the most common cyberattacks methods used to extort cryptocurrency include:

Phishing Attacks

A technique hackers use to email subscribers and manipulate a person into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. Hackers use phishing scams to get crypto users to hand over their digital assets.

Crypto-Malware

A type of malware that allows unauthorized users to mine cryptocurrencies on another person’s computer or server. Hackers will trick a user into installing malicious code on their devices or inject malicious code into websites so that when victims engage with them, the code is activated, and hackers gain access.

Security of Cryptocurrency Accounts

Users access their digital assets via a “private key,” or a complicated password. Because many people keep their private keys on their computers, hackers can log in to your digital account using that private key if they gain access to your device. What's worse, cryptocurrency is not strictly controlled, so there is no way to recover it if a private key is stolen.

Social Engineering Scams 

Scammers use psychological manipulation, known as social engineering, to deceive in order to steal the private information of a user’s accounts. These scams convince people that they are dealing with someone trusted such as a government agency, coworker, or friend. When someone you "trust" demands cryptocurrency, it is a sign of a scam.

Investment Scams

Investment scams involve a malicious actor attempting to entice people into sending their cryptocurrency with promises of a large profit. The scammer may pose as a number of roles, such as an “investment manager,” and promise to increase your investment if you transfer your cryptocurrency to them. They may also encourage you to buy obscure crypto at a “low price,” with promises that the value will skyrocket.

Phishing Scams

Phishing scams target information pertaining to digital wallets. Specifically, scammers are interested in crypto wallet private keys, the keys required to access cryptocurrency. Their method is like many standard scams—they send an email with links that lead holders to a specially created website and ask them to enter private keys. When hackers have this information, they can steal the cryptocurrency.

Ransomware Attacks

Ransomware is a type of malware that works by blocking access to a computer system until a sum of money is paid, typically through Bitcoin. The victim’s files are encrypted until the payment has been made and can be delivered in a number of ways, most commonly through a phishing scam.

The Mechanics of Paying With Crypto

If you’re the victim of a ransomware attack, the process of paying to retrieve your data can only contribute to the stress of the situation. You first enter the receiver’s digital wallet address, typically a character string or QR code defined in the ransom, from your digital wallet under the option to send a payment. You may have to buy cryptocurrency through an exchange, such as Coinbase, first. This can be done using normal methods, such as purchasing with a credit card or bank transfer.

How To Avoid Cryptocurrency Scams

Attackers are always finding new ways to steal your money using cryptocurrency, luckily there are several methods for avoiding being scammed. If you notice any of the signs, you shouldn't click on any links, dial a phone number, contact them in any way, or send them money. To avoid a crypto con, here are some things to look out for:  

• Only scammers demand payment in cryptocurrency.
• Only scammers will guarantee profits or big returns.
• Ignore requests to give out your private cryptocurrency keys.
• Ignore promises that you'll make lots of money.
• Ignore investment managers who contact you and say they can grow your money quickly.
• Ignore text messages and emails from well-known or new companies, saying your account is frozen or they are worried about it.
• If you receive a message from a government or law enforcement agency that your accounts are frozen, and you'll need to send crypto or money, contact the agency and ignore the message.
• Don't accept "free" money or crypto.

If You’ve Fallen For A Scam

Falling for a cryptocurrency scam can be devastating, so it's essential that you act quickly if you have made a payment or compromised your personal information. You should first contact your bank if you have made a payment using a debit or credit card, payment via bank transfer, or shared personal details about yourself.

Much like the consequences of a data breach, crypto fraudsters often sell stolen information to other criminals. In this instance, you should change your usernames and passwords to prevent further damage. Suppose you are the victim of a social media crypto scam. In that case, you can report it to the relevant social media platform or report frauds to the relevant body in your jurisdiction such as the Federal Trade Commission for United States citizens.

Users should also consider an email security strategy with multiple layers that work harmoniously to detect and block threats in real time, building on each other to provide stronger, more resilient protection. The proper solution should work to protect your email, with a transparent, collaborative approach to software development that engineers secure solutions, blocks the most sophisticated threats to privacy and data integrity, and comes equipped with expert full-time support services that provide you with a remote extension of your IT team.

The Bottom Line

Cryptocurrency scams utilize several different attack methods, and similarly to the money in your bank account, attackers will do anything they can to obtain it. Protecting your crypto assets requires the knowledge of when and how you're being targeted and what you can do if you suspect you are the target of a scam. Having an understanding of common practices scammers use to steal your information will help you be able to spot and prevent a scam early before you become a victim.