Across the media, precious column inches are regularly devoted to ransomware attacks, romance scams and credit card fraud. But there’s one type of cybercrime that’s more common than all three of these combined: phishing. And, as its value rises, phishing utilizing bitcoin and crypto has unfortunately become even more commonplace.
The increasing sophistication of phishing
Opportunistic fraudsters are continually looking for ways to part businesses and consumers with their hard-earned funds. Phishing websites – where false pages that mimic those operated by legitimate companies – are one of them. While some are poorly made and attempt to deceive those with little technical knowhow, others are alarmingly advanced… and sometimes, it can be near impossible to tell them apart.
Data suggests the number of unique phishing websites has been steadily rising in recent years. While 146,994 were detected in the second quarter of last year, this surged to 571,764 just three months later. A whopping 637,302 sites were identified in the final quarter of 2020, with 611,877 found between January and March 2021.
The coronavirus pandemic has contributed to a substantial rise in scam websites, and even the world’s biggest companies aren’t safe. In September – when Apple was holding a launch event for its iPhone 13 range – fraudsters built a site to dupe those looking for a livestream of the announcement. The dodgy page featured old interviews of Tim Cook, the tech giant’s CEO. And inevitably, it also displayed a classic Bitcoin giveaway scam – promising users who sent crypto to a specific address that they would get twice as much back.
Coinbase, one of the biggest exchanges in the world by market volume, and considered one of the most secure, reported that in September 2021 around 6000 customers were victims of a scam. Bad actors gained access to accounts via an SMS account recovery process exploitation, and transferred funds to crypto wallets not associated with Coinbase.
Indeed, Crystal Blockchain also has experience of being mimicked. Our logo was illegally used on a website recently, and we took action to ensure people weren’t deceived.
It’s a scary world out there. But thankfully, there are ways to beat the scammers at their own game. It’s all about due diligence – and taking a little extra time to make sure you’re in the right place. Following these steps may seem arduous at first, but they could protect your personal information and your balance in the long run.
Crucial clues to spot a suspicious website
So: let’s imagine that you’ve inadvertently arrived at a website that claims to be the official portal for a large company. What are the signs to look out for that someone is trying to pull the wool over your eyes?
- Firstly, remember that the web browser is your friend. At the top of the page, check to see whether the URL matches what it should be. If google.com is being displayed as g00gle.com, alarm bells should ring. Do remember that scammers can make the tiniest of changes to lure you into a false sense of security. Can you tell the difference between Google.com and GoogIe.com? No? Well that’s because one has a lower case l, and the other has a capital I. Sneaky.
- Extra words, characters and numbers should also rouse suspicion. You can also scrutinize a URL before visiting it first. Before clicking on a link, try hovering over it with your mouse – in most browsers, you’ll see the end destination in the bottom-left corner of the window.
- Returning to the browser bar, double-check to see whether there is a padlock, which is designed to give you peace of mind that you’re on a secure link. The absence of one creates a risk that your personal or banking information could be stolen without your knowledge or consent.
- There are other indicators on a suspicious page that should give you cause for concern. First off, are addresses, phone numbers and email addresses displayed – and if so, do they match the one that belongs to the official company? If you’re in any doubt, it’s crucial to make a call to establish authenticity. Doing an online search may also help you identify if this particular site is a scam.
We’re all accustomed to logging in to accounts – sometimes without giving things a second thought. Usernames and passwords are the most common combination, and the consequences of handing this over to a scammer can be severe. However, scammers may also try to solicit other forms of information from you – including security details you’d never normally be asked for. Think twice before accepting this as a normal procedure.
There’s no such thing as a stupid question
Sometimes, it’s easy to feel stupid when you’re asking questions to verify a website’s authenticity. But this is far better than feeling stupid after you’ve been successfully targeted by a scammer.
Always consider getting advice from a professional when contemplating investment choices – especially if you’ve come across an opportunity on a website you’ve never heard of. Scammers will often promise high returns over a relatively short period of time, and more often than not, what they’re offering is fraudulent.
The old adage of “there’s no such thing as a free lunch” applies here. If something seems too good to be true, it probably is. There have been too many incidents where someone’s judgment has been clouded by the prospect of quick riches and untold wealth – and as a result, accounts have been siphoned of their life savings.
But here’s the gut-wrenching thing: many malicious actors won’t give targeting you a second thought. After all, some ransomware groups have even been known to deliberately cripple the infrastructure of hospitals during the pandemic.
All of this logic should also apply to the links that you may come across in emails and conversations on social media you have with your friends and family. A friendly message from a loved one, recommending that you visit a certain site, may actually lead to something more nefarious – and their account could be compromised.
What we’re doing about it
Unfortunately, there’s little doubt that this is a problem that’s getting worse. In September 2021, the UK’s Financial Ombudsman Service revealed that it has seen a “dramatic rise” in complaints about fraud and scams. Between April and June, the number of cases investigated was 66% higher than the same period a year earlier.
And here’s the problem: the number of scam websites and ransomware crimes that attempt to swindle cryptocurrency out of victims is also on the rise.
When businesses are affected by crypto-related scams, they now have a destination where they can turn to for help – even if retrieving lost funds may seem impossible in the world of digital assets. Given how we cover 98% of coins, our tools can identify the flow of transactions that may have been lost in one of these incidents.
Crystal is also making it more difficult to hide in the world of decentralized finance too, where accounts can be established without Know Your Customer checks. We’re now proud to offer 80% coverage across the market volume of DeFi protocols.
As the number of scam and scam websites continues to rise, ensuring you’re protected against the dangers they pose has never been more important.
If you have questions related to potential fraud, scamming or phishing attempts on you or your business – and what to do next – contact [email protected]
