On July 15, a small group of hackers gained access to 130 high-profile Twitter accounts, and they perpetuated a cryptocurrency scam via the social media platform. The group made off with 12.9 Bitcoin, which, as of the exchange rate at that time, equates to around $120,000.
How did they gain access to such a major tech outlet? Twitter explained in a blog article on Saturday:
At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information.
The social engineering scheme likely resulted in at least one employee clicking on a phishing email that then gave the hacker group access to an admin-level tool that could control various aspects of the platform, including login alerts for the affected accounts.
From there, these individuals posted on accounts of celebrities and high-profile users like Barack Obama, Bill Gates and Elon Musk, just to name a few. The updates encouraged followers to donate cryptocurrency, usually to the tune of $1,000, and in return the celebrities would supposedly send back double the amount to the user, but only if they did so in the allotted time frame.
Actual tweet from Elon Musk's account during the July 15 Twitter hack
Sound too good to be true? That’s because it’s a cryptocurrency scam, and although it’s suspicious that celebrities would even conduct limited time Bitcoin giveaways on their social accounts, nearly 400 different Twitter users still sent funds to the included Bitcoin addresses.
This incident raises important questions about Twitter’s security posture, and I’m sure you’re no doubt concerned about protecting your investments from any potential scams.
So, how can you avoid falling victim to a cryptocurrency scam? This post decrypts the confusing subject of virtual currency and goes into detail about three ways criminals try to access your information online.
Plus, we’ll also provide some insight on the importance of adequate cyber security, especially as scams become more sophisticated.
What is cryptocurrency?
Cryptocurrency is a form of digital cash or currency. According to Binance, it allows individuals to “transmit value in a virtual setting.” Since this form of transaction began in 2009, curious individuals have looked to the digital currency as a new means of investment—and not all cryptocurrency is bad. However, as with anything online, it pays to be cautious.
How is cryptocurrency different from regular currency?
It’s different from the pocket change you might be carrying in two particular ways. For one, cryptocurrency is entirely digital. There are no notes or coins to carry around. And two, a cryptocurrency exchange is decentralized, which means that it isn’t regulated by one government entity or financial institution. While this is convenient and allows anyone in the world to transfer funds to one another, it can also incite chaos in the form of rampant scams and attacks.
This form of currency is extremely liquid and portable, and without regulation of censorship, it is the perfect plaything for cyber criminals and hackers who want to make some quick money by duping unsuspecting Bitcoin investors. Plus, cryptocurrency exchanges are practically irreversible—making it all the simpler for criminals to take your money and run.
You can learn more about what cryptocurrency is—and isn’t—on Binance Academy.
3 Types of Cryptocurrency Scams—and How to Protect Yourself (or Your Business)
Social Media Offers/Giveaways
If you see someone, like a celebrity or a company, offering to give away Bitcoin or cryptocurrency as the prize for a social media giveaway, it’s a scam—just like the one that affected numerous Twitter users.
In fact, you can never be sure that you’re following the actual person or entity’s account and could be following an impostor. But how do these scams work?
Giveaway scams usually fall under the guise of impersonation or an “address verification” ploy. That is, you will see a tweet or post claiming to register you to win a certain amount of Bitcoin. You click the link and, in order to enter, you will have to send Bitcoin to complete the verification process. Even if it is a small amount, these scams can still rack up significant numbers—and since cryptocurrency exchanges are irreversible, you’re not likely to get it back.
Tips to Avoid:
- Never send cryptocurrency to giveaways under the guise of address verification.
- Always be skeptical of social media offers and giveaways, especially those offering Bitcoin
- Research any entities making offers on social media
- Always remember: if it sounds too good to be true—it probably is.
Phishing Emails & Websites
All companies, including cryptocurrency ones, are familiar with phishing emails. We’ve covered them in significant detail on our blog.
When it comes to things like Bitcoin exchanges, you can receive similar messages with ulterior motives to get at your data, even your cryptocurrency wallet.
Sometimes, criminals will send out malicious emails stating that something is wrong with your exchange account. Those emails then redirect to spoofed websites that ask for your credentials, and from there, an attacker can steal your credentials and possibly even gain access to your funds.
Tips to Avoid:
- Check the email addresses and URLs in all email correspondence that looks like it came from your cryptocurrency company. Without clicking on the URLs, hover over them to see where they redirect to—are those sites legitimate? If you’re not 100 percent certain, do not click them.
- Look for spelling or grammar errors in the message itself. If correspondence is riddled with errors, it’s probably a phishing email.
- Review our post on identifying phishing emails.
Although ransomware isn’t specifically related to owning a cryptocurrency account, this specific type of malware can still affect anyone, including small-midsized businesses.
When a computer is infected with ransomware, all or partial access is blocked. Files are encrypted and can only be restored when a Bitcoin ransom is paid; once that is done and criminals have received the ransom, they then send a decryption key.
Tips to Avoid:
- Know what programs you are installing on your devices.
- Be wary of applications that request admin-level access.
- Ransomware attacks can be related to phishing emails, so it becomes doubly important to check links and attachments for legitimacy.
Cyber attacks and scams are only going to increase—arm yourself with the knowledge you need to avoid becoming a victim.
CoreTech’s cyber security experts stay updated on the latest security news and trends, so we know what to look for when it comes to the newest cyber attacks. We also know that the number one defense you have against attacks, like the dangers that can accompany cryptocurrency investments, is cyber security awareness training.
If you’re aware of what’s out there, you’ll know what to look for and can take the necessary steps to avoid becoming a victim. After all, over 90 percent of cyber attacks are caused by human error, and it only takes one wrong click.
Contact us today to get your organization started with cyber security awareness training, and subscribe to our blog to get more tips on cyber security delivered right to your inbox!