Wherever cryptocurrency is growing in popularity, crypto-based scams are not far behind
Since the beginning of 2021, there’s been a rise in the prevalence of crypto-related phishing sites in certain parts of the world. The rise of these fraudulent sites is higher in countries where cryptocurrency adoption is most prevalent. The United States, Brazil and Nigeria are the biggest targets for these crypto scams, with notable levels of scams also in the UK, France, Russia and India.
In our latest research, Avast Threat Labs have monitored a selection of 37 samples. The majority of these sites pose as legitimate custodial wallets (more on those below). The global heatmap below shows where around the world users visited crypto-related phishing sites in the first six months of this year.
Users visiting crypto-related phishing sites around the world. Avast detections during January to June 2021 using a selection of 37 samples.
Peter Kovac, senior researcher at Avast, said, “The crypto market is surging right now. Bitcoin has been given a boost following recent news from El Salvador that it will be recognized as legal tender in the country - with other countries in the region tipped to follow suit.”
“This surge in Bitcoin is having a knock-on effect across the wider crypto space and some analysts are even predicting that 2021 will be a record-breaking year for cryptocurrencies. However, as it has grown in popularity, it has also grown as a more lucrative target for hackers — and our researchers have found the levels of crypto-related scams are most prevalent in regions where cryptocurrencies are gaining popularity.”
Given its growing popularity, we’re here to provide advice on how to store cryptocurrencies, keep your funds safe, and spot scams.
How to (safely) store your cryptocurrency
There are several storage methods and crypto wallets that you can deploy to securely store your cryptocurrency. Each has its own advantages and potential security pitfalls.
With a custodial wallet, cryptocurrencies are managed by some other entity, like a cryptocurrency exchange (think Binance) or another similar service. A custodial wallet works like a traditional bank account, where you can log in and manage your funds.
Software wallets are applications that manage your private keys and allow you to make transactions directly.
Paper & brain wallets
Paper or “brain” wallets are the most simple solution for storing your credentials, but they’re also the most error prone.
Hardware wallets are a separate physical device, such as a USB drive, that acts as the wallet. These wallets also come with a “recovery sheet” with the private key written on a piece of paper (or carved into steel to withstand fire and other forms of physical damage).
How to keep cryptocurrency safe
Crypto scams can come in many forms online, from “crypto giveaways by Elon Musk” to “we will invest your money for you with XYZ% gains every month”. The bottom line? If it sounds too good to be true, then it probably is. Use your best judgement. In addition to that:
Watch out for unsolicited private messages: Whether they’re on WhatsApp, Telegram, or any other social media forum, you should immediately block any unsolicited message that may be fraud. For example, if a message comes from an unknown number or one of your contacts yet looks unusual or suspiciously urgent, keep in mind that your contact’s phone might have been hacked. In these cases, it’s best for you to reach out to the person in question by calling them and make sure they really did send you the message before taking any further action. Even if the message is unrelated to crypto, the intention can still be to spy on your data.
Be aware of mobile phishing: Hackers are increasingly targeting victims on their mobile devices in order to steal crypto credentials. These social engineering attacks can come from anywhere on a mobile device, including texts, social media, third-party messaging platforms or email. Beyond phishing, malicious mobile apps are also on the rise that have the hidden ability to log keystrokes and spy the activity on people’s screens. To prevent phishing attacks, you can use Avast Secure Browser, which offers an anti-phishing feature that blocks dangerous websites on desktop and Android devices.
Rely on services that use strong security measures: When choosing a custodial or software wallet, be sure to choose a provider that offers strong security measures including multi-authentication methods. For more security, there are also platforms that encourage you to set up separate passwords to log in to the platform, and to do a transfer. If you want to stay entirely private, you may decide to go with a platform that doesn’t require you to submit an ID, but oftentimes these platforms provide poor security measures. There are platforms that can offer this as they allow crypto trading only instead of trading with fiat money (traditional currencies like Euro or US dollar), which is why they’re not obliged to stick to anti-money laundering and know your customer (KYC) rules.
Install an antivirus: Ensure that you have strong antivirus protection across all of your devices. For example, many people will have an antivirus on their PC but not on their mobile devices or tablets — which is why malicious mobile phishing and malware campaigns have been so effective for hackers. Crypto accounts can be worth a very significant amount of money, so it’s essential to ensure robust internet security on any device on which crypto information is stored or from which accounts are accessed.
This week, Instagram rolled out Sensitive Content Control, a filter that can limit the amount of potentially upsetting content the platform suggests to users in the Explore tab.
Explaining the inner workings, targets, and risks associated with the NSO Group’s Pegasus, a spyware tool that can be deployed on Android and Apple smartphones with a great deal of stealth.