“Bitcoin,” “Litecoin,” “Ethereum,” and “cryptocurrency” have rapidly become household names, though many households don’t have a firm understanding of the technology behind cryptocurrencies and the blockchain. To be fair, this lack of understanding extends to many professionals in the information technology and information security space, as well as professionals in the financial sector. Bitcoin carries the glamour and hope of the California Gold Rush, or the possibility of winning it big in Vegas, and, to some extent, those possibilities exist. Between teenage bitcoin millionaires driving the hype that now is the time to invest, a man who has outperformed his IRA by trading “crypto kitties,” essentially online beanie babies fueled by the cryptocurrency Ethereum, and other mysterious cryptocurrency millionaires founding philanthropic foundations under aliases such as “Pine,” it is no wonder many people are optimistic about striking it rich as cryptocurrency prices soar. However, combine the hype of these new prospects with peoples’ hopes about riding this wave, along with a general lack of understanding, and malicious actors utilizing social engineering techniques may be the most likely to consistently strike it rich during this cryptocurrency boom.
An understanding of the blockchain and cryptocurrencies is helpful for wise investors, but all a malicious actor needs to be successful is the curiosity and hope of others; scams are popping up at every level of cryptocurrency transactions, and many ill-intended individuals will begin these scams with an unsolicited phishy email, an enticing SMiSh (aka a SMS phish), or a cold-call vish.
Moving through the flow of cryptocurrency transactions, let’s first look at the mining level, where investors will provide capital to people who want to buy equipment to “mine” bitcoin. Mining cryptocurrency requires hardware and energy, and its purpose is to confirm cryptocurrency transactions are valid. In exchange, the miners doing the work take a portion of the transaction, and this can be very profitable. Many investors will look to give money to mining rigs in exchange for a cut of the proceeds. However, there are many scammers out there soliciting investments for non-existent mining equipment. Additionally, there have been documented SMiShing attacks in Australia looking to convince individuals to use their CPU power to help mine Bitcoin, but ultimately will not share their profits with individuals, and will use their personal information in future fraudulent scams. There are also organizations selling completely fraudulent hardware at absurdly good prices, trying to draw in the would-be cryptocurrency miner.
Next, scammers are creating completely fraudulent cryptocurrencies themselves. One organization in London was found to be vishing, or cold-calling individuals fraudulently, and attempting to sell them a completely fictional cryptocurrency. Scammers are also targeting the wallets, or places one can store cryptocurrencies one they obtain them. In November, 2017, over $3.3million was stolen from individuals attempting to generate bitcoin wallets through mybtgwallet.com, and, in response to such scams, this “helpful” Reddit user offered instructions on how to set up Litecoin wallets in Coinbase, including sending a portion of an user’s Litecoin to a mysterious address that would verify the wallet was active. It may be no surprise to the reader, but that mysterious address was not, in fact, an authenticating body, but the “helpful” redditor’s own Litecoin wallet.
Even banks and enterprise environments are not safe from the exploitation surrounding the current cryptocurrency hype. In October of 2017, a software engineer in Florida was arrested for architecting a bitcoin exchange that tricked banks into processing Bitcoin transactions masked as small restaurant and retail charges.
Cryptocurrencies are providing malicious actors a new way in, through individual’s curiosity and desire to join the trend, and share in the profits of this new sector. If you have valuable cryptocurrency, people want it, if you can help with transactions, people want your help, if you want in, people are looking for ways to let you in…. to helping them make more money. So, how can you join the trend and invest wisely?
Always validate. For mining, if you’re looking at purchasing a mining rig, ensure you are buying from a reputable source, with a known transaction history. Do not believe offers that seem too good to be true. If you are looking to invest In someone else’s mining endeavors, be sure you can see and verify their public mining address. Have them send proof they possess the proper equipment, and research said equipment.
Verify wallets, exchanges, and cryptocurrencies are known entities. The amount of energy and price needed to mine, run, and make transactions with cryptocurrencies is not small. While some of the major exchanges may have pricey transaction fees, and, yes, they are making a profit, it does require resources to exchange Bitcoin. Even if the major exchanges or wallets are pricier than an alternative, in this hot, new space it is wise to stick with known entities. For exchanges, Coinbase is the trusted leader at the moment. For wallets, ensure you control the private key, and an offline, or hardware based wallet will be the most secure when backed up properly
Navigate to known, good links, and avoid clicking on links that are sent to you.
Question any offer that sounds too good to be true, and any individual who contacts you unsolicited. Even if the individual has information about you, know what is publicly available about you, and if a situation feels odd, trust your instincts.
This is a Security Bloggers Network syndicated blog post authored by Amanda. Read the original post at: Social-Engineer.Com – Professional Social Engineering Training and Services