Cryptocurrency scams helped criminals make over $10 million last year. Security experts at Kaspersky Lab discovered that criminals managed to earn more than 21,000 ETH by only using social engineering schemes. This isn't even the total amount of money being made by criminals as the research didn't take into account classic phishing or targeted attacks.
"The results of our research show that cyber-criminals are adept at keeping up to date and developing their resources to achieve the best possible results in cryptocurrency phishing," Nadezhda Demidova of Kaspersky Lab wrote.
These new fraud schemes are based on simple social engineering methods, but stand out from common phishing attacks because they help criminals make millions of dollars. The success criminals have enjoyed suggests that they know how to exploit the human factor, which has always been one of the weakest links in cybersecurity, to capitalize on user behaviors.
While the antivirus firms have usually focused on malware protection. The uptick in exploiting cryptocurrencies for not only mining but for several other attacks through malware, phishing and social engineering is pushing these firms to release reports around protection against criminal attacks on cryptocurrency holders.
The cybersecurity firm has offered the following tips to users to protect their cryptocurrencies:
- Remember that there is no such thing as a free lunch and treat offers that seem too tempting to be true with skepticism.
- Check official sources for information regarding the free distribution of cryptocurrencies. For example, if you see information about the distribution of coins on behalf of the recently hacked Binance blockchain ecosystem, go to the official source and clarify this information.
- Check if any third-parties are linked to the wallet transaction to which you plan to transfer your savings. One way of doing this is through blockchain browsers such as etherscan.io or blockchain.info, which allow users to view detailed information about any cryptocurrency transaction and identify if the particular wallet may be dangerous.
- Always check the hyperlink addresses and data in the browser address bar. It should be, for example, “blockchain.info’, not “blackchaen.info”.
- Save the address of your e-wallet in a tab and access it from there – in order to avoid making a mistake in the address bar and accidentally going to the phishing site instead.