According to the Federal Trade Commission, crypto phishing scams have increased more than 1,000% since last October. That’s right. You read that correctly. That was a recent headline for CBS News. In 2020 there was an estimated 400,000 scams involving cryptocurrencies. Crypto as it turns out isn’t just popular amongst speculative investors. Scammer and cybercriminals are heavily vested in the new monetary currency as well. Americans have lost over $80 million during that time. The losses include investment scams, digital wallet thefts and phishing attacks. According to the FBI, crypto-related BEC scams have risen significantly in the past two years, with businesses losing an estimated $10 million in 2020. In an example of one attack, scammers were able to get away with stealing $15 million from one company. Often times the victims don’t even know that their funds are being converted into digital currency.
There are a number of reasons why cryptocurrencies are playing such a dominant role in scams in general. Because the technology of digital currencies is so new, most people are unfamiliar with how it all works. The blockchain is a neoteric frontier and is new territory for the average person. Cybercriminals are then able to take advantage of the vague level of understanding that people have with it. Another contributing factor is the sheer number of digital currencies. There are currently over 5,000 cryptocurrencies in circulation throughout the world today with new ones being created at an unrelenting pace. This makes it easy for attackers to continuously switch currencies. They also create multiple crypto wallets for one time use. Once a victim pays, the wallet is abandoned. Hackers are also taking advantage of the third party identification documents that they collect in data exfiltration attacks. They then open cryptocurrency wallets using this seized personal information. What’s more, cryptocurrencies an inherited anonymity quality about them. While their supportive blockchains provide a record of the actual financial transaction, most of them don’t disclose personal information concerning those transactions. All of this makes it difficult for authorities to establish any type of financial pattern concerning that can aid their investigations. Crypto as it turns out, is a payment paradise for criminals.
Crypto BEC Attacks
Many BEC attacks today are well thought out and coordinated. The attackers have often educated themselves about their targeted organization and who the dominant executives are. Often they have compromised a company’s email system weeks or even months prior to the initial attack in order to become accustomed to the protocols and culture of the organization. The attack itself usually involves the impersonation of a key executive such as the CEO or CFO. A lower level employee that has privileges to the company’s payment system is asked to transfer funds for a stated reason such as a large business deal or company purchase. The employee is given instructions that includes a bank account for the transaction where the hacker’s cryptocurrency exchange maintains a custodian account. Once the funds hit the account, the bank automatically converts the money into cryptocurrency.
Everyday Crypto Phishing Attacks
Of course, the bulk of crypto phishing attacks are initiated to skim a quick hit from unsuspecting users. There are the usual scams promoting fake prizes, giveaways and sweepstakes that somehow involve crypto. The most prominent examples of crypto related scams involve investment schemes. These often involve phony endorsements by celebrities or well-known cryptocurrency advocates such as Elon Musk. Typosquatting attacks are also popular as cybercriminals purchase domain names that greatly resemble that of well-known crypto exchange sites.
FBI Recommendations
In addition to their published alert released earlier this year, the FBI has provided a list of specific measures that businesses and individuals should adapt in order to prevent them from being a target of a BEC cryptocurrency scam. These include the following:
- Augment your authentication processes with multi-factor authentication (MFA) solution. The most popular method involves the delivery of a PIN sent through text or email. Smartphone authentication apps are growing popular as well.
- IT departments should make sure that their employee’s email applications are configured to allow users to view the full email extensions of received emails.
- Individuals are encouraged to regularly monitor their bank accounts for indiscretions and unrecognized transactions.
- They highly emphasize that the best anti-phishing protection is a modern day anti-phishing solution. A great option is SpamTitan that incorporates double antivirus, data leak prevention, real-time blacklists (RBLs), email content filtering as well an inbuilt Bayesian auto-learning heuristics.
Many traditional investors have chosen to remain on the sidelines and simply observe the frenzied investment returns of crypto. When it comes to protecting yourself from crypto related scams, none of us can afford to sit idly on the sidelines.
Prevent crypto phishing attacks with SpamTitan anti-spam solution. SpamTitan is a secure email solution with the ability to anticipate new attacks using predictive AI technology. View SpamTitan Demo Today