How can you recognise a crypto scam? Here’s what you need to know to unmask scams and keep your crypto safe.
According to a report by the data collection company Chainalysis published on the 6th of January 2022, $14 billion in cryptocurrencies were stolen through scams in 2021, mainly due to rug pulls. The figure increased almost doubled compared to the previous year. This growth in scams coincided with the development of the industry and the boom of interest in cryptocurrencies. Fraudsters and scammers take advantage of bull market periods to act on people’s optimism about the markets. When economic interests are at stake, scams spring up like mushrooms and this is also the case with cryptocurrencies. Crypto scams are unfortunately widespread. However, with a few small tricks, it is possible to learn how to recognise a crypto scam from social engineering to phishing.
Red flags: the identikit of the scam
Before reviewing the main scams that operate in the world of crypto, it is important to keep in mind some ‘red flags’ or suspicious features that could indicate you are facing a scam:
● Someone asks you to share your private keys or passwords;
● Someone sends you a private message offering airdrops or giveaways;
● Someone contacts you posing as a trader or an employee of a crypto project such as an exchange;
● The messages you receive, or the websites you surf on, contain typographical or spelling errors;
● Someone promises you to multiply your money or receive free earnings;
No one, not even employees of crypto projects, are authorised to ask you to disclose your personal data. Very often, when something is too good to be true, in most cases it is not.
Phishing
Phishing is a common scam all over the Internet, not just for cryptocurrencies. Phishing consists of malicious people sending you messages or emails posing as services or sites that you have used before (banks, e-commerce, social networks…). They invite you to open a link or communicate personal data. When it comes to crypto, fraudsters could steal the passwords or seed phrases of your wallets through phishing, consequently stealing your crypto. Phishing messages can usually be recognised because the profiles that send them show inconsistencies with the services they are trying to imitate. Although scammers are capable of creating communications and sites that are very similar to the original ones and therefore convincing, certain details such as syntax or grammatical errors are signs of a possible scam. It is always good practice to check that the URLs of sites or e-mail addresses correspond to those of official sites, even just one character more or less can make a difference.
Fake Customer Service Representatives or Traders
In this type of scam, someone pretends to be a representative of a crypto organisation or company. They then ask for sensitive information such as your wallet seed phrase, under the pretext of solving fake technical problems. Once the private key is obtained, the scammers drain your wallet. In this case, the scammers may also ask you to send them money in exchange for a higher value. Usually these requests are made with a sense of urgency, alerting people worried about the safety of their assets. Remember that all official communications are only ever made through official channels, do not rely too much on rumours or speculation. If you have any doubts, contact Customer Service from the official website.
Malicious people could also try to pass themselves off as telephone operator employees, offering new contracts or to change SIM cards. In possession of your phone number, they can bypass all two-factor authentications that rely on it. Some scammers also present themselves as experienced traders ready to help you. In this case, they will try to contact you, especially on social networks or online communities such as YouTube or Telegram. How to recognise this crypto scam? Due to their unrealistic promises, fake traders are easily unmasked. Beware of those who claim they can make you incredibly rich in a short time, in the world of crypto there are no shortcuts or ‘foolproof methods’.
Fake exchange apps
Among the most common scams are a number of fake apps that pretend to be the mobile version of cryptocurrency-related web services, such as exchanges or marketplaces. If you come across one of these apps in an app store, remember that the official ones are always downloadable from the relevant website. You can easily check if the two versions coincide. Again, a clue leading to a fraud can be spelling mistakes, the name of the exchange might be misspelt, or the icons might not exactly match the original ones. You can also check the number of downloads of the app. If it claims to be that of a reputable service, the downloads cannot be few. In addition, counterfeit apps usually require more permissions than necessary, as this ensures that they collect as much data as possible from the devices of scam victims.
Another type of scam app are those that promise to perform mining on your behalf and promise you rewards that never come. To avoid this type of crypto scam, it is good to know that for most cryptocurrencies, mining requires highly specialised hardware that is not compatible with mobile devices.
Rug pull
A rug pull is when scammers offer a new project, obtain funding and then disappear with the collected funds. A recent example of a rug pull was the Squid Coin scam, the token named after the Netflix series. Those who bought the token were engulfed in the hype of its quick price pump from 1 cent to $90. They then lost everything when the project’s founders stopped the activity and took the money, about $3 million, then disappeared altogether. To defend yourself against rug pull, you have to consider the project you intend to support from several points of view such as its soundness, the content of the white paper, the presence (and feasibility) of a roadmap and business model, and finally the identity and CVs of the founders. If any of these aspects are confusing or suspect, you are probably dealing with a scam.
Scams on social networks
Social networks are a frequently used channel for crypto scams. As already mentioned, YouTube is teeming with comments from fake traders promising easy money or “fake” livestreams asking people to send money in order to receive a larger sum. During these kinds of live feeds, the scammers are likely to pretend to be prominent industry figures willing to share their wealth with users. In this case, make sure that the channel from which the live is broadcast is official. On Instagram and Telegram, private messages dispensing supposed financial advice and proposing one-off deals are widespread. On Twitter and Instagram, you can also find posts promising fake or non-existent giveaways, or even fake profiles of projects or personalities from the crypto world trying to fool people. The most famous and popular ones in recent times are those that promise you NFT airdrops, but you only end up with your personal data getting stolen.
Social engineering: the basis of crypto scams
To recognise a crypto scam, it can be useful to study the basis of all such scams, namely the mechanisms of social engineering. This term refers to the persuasion schemes that fraudsters use to lure and scam people by exploiting their weaknesses and their good faith. Social engineering mechanics are behind strategies to lure victims, to befriend them via social networks or dating apps, and to induce them to download scam apps or to steal their crypto by accessing their sensitive information. Scammers investigate people’s weaknesses by exploiting people’s desires, emotions and cognitive biases to manipulate them.The techniques and types of scams that endanger our digital assets and information are diverse; learning how to recognise crypto scams is the first step to defending yourself.