Celý článek

Whenever a new world-changing technology is released unto the masses, inspiring, industrious individuals inevitably start thinking of positive use cases. On the flip-side, other individuals nefariously plot how this technology can be used for their own under-handed gain. In the internet’s case, for every exciting new invention, we’re forced to contend with 10 Nigerian prince scams.

And while scammers are nothing new, thanks to cryptocurrencies, those committing fraud have another means of receiving illicit funds. After all, we can now send and receive large amounts of money pseudonymously over the internet without the involvement of banks or governmental bodies. We are essentially transporting money between alphanumeric strings, with no name, address, or identifying details attached.

The irony is, cryptocurrencies are technically very safe and efficient. Due to the “crypto” portion of cryptocurrencies and the blockchain itself, transactions themselves are incredibly secure. This means that the most vulnerable part of the crypto landscape is the human element, which is incidentally the target of most scammers.

Despite all of the technology and security measures cryptocurrencies adhere to, familiar and low-tech tricks such as spoofing and impersonation are now the most effective way to scam money from unsuspecting users. Now more than ever, it’s important to ensure that your crypto funds are being sent to the intended recipient rather than an attractive or deceitful proposition.

Who is John Smith, Really?

When someone envisions an online impersonation scheme, they might conjure up an image of a man in sunglasses and a dark hoodie, surrounded by monitors of neon green “Matrix” code.

In reality, online impersonation can be pretty low-tech. We’ll explore some frequently-seen schemes, from the easy-to-spot to tricky to catch:

Claim to Someone Else’s Fame

In this case, you would be contacted by someone whose name does not match up with the real person. Our users have reported being contacted by scammers on Telegram. Names or emails may be an obvious jumbled mess of letters and numbers. If this is the case, this is a likely and obvious scam.

Example: “Yes, my Telegram name is wrestlingfan316, but I am really Bill Gates and I need to verify your account number in order to send you money.”

Fake Name and Impersonation

This method is an additional step-up from a scammer who claims to be someone else, since the impersonator will go through the effort to make a realistic-sounding ID.

The regulation of names on chat programs or social media is more popular, but not ubiquitous. This means a scammer can potentially set their name to “Bill_Gates” or “Microsoft_Bill” without credentials to back it up. There’s no guarantee that a party is actually who their username claims to be, unless there is some sort of verification process that shows official accounts with the “Blue Check” on Twitter. Be careful when you receive a suspicious, unsolicited message without verifying the name first.

Example: “My Telegram name is Bill_Gates. Only the real Bill Gates would have this name, so I must be him!”

Impersonating Usernames with Look Alike Letters: The Perils of Sans-Serif

Ok, you’ve verified the actual username that Bill Gates uses, and it’s “Bill”. You’ve been talking with “BiII”, so you should be fine, right?

This is unfortunately, wrong. Take another look at the two names above. The official username is “Bill”, which is spelled with a pair of lowercase L’s. The imposter “BiII” was able to create an account with what seems like the same username, instead using a pair of upper-case i’s to create the username.

Unfortunately, this “look alike letter” spoofing is a low-tech, but highly effective impersonation trick that many buy into without conducting their own verification check. 

This method can be used in spoofed email domains as well, giving correspondence a seemingly “official” appearance. For example, using an upper case “i” for a lower case “L” can make a “@GoogIe.com” and “@Google.com” email domain virtually indistinguishable.

Another easier-to-spot method would be to swap, add, or jumble letters of a well-known domain. If you aren’t paying close attention, an illegitimate email from “Mircosoft” might appear to be coming from “Microsoft”.

Example: “Hello! This is biII@mircosoft.com! I have some money to transfer to you, all that’s required is some details!”

Email Spoofing

Of all the methods we’ve shared so far, this method requires the most technical know-how to pull off. Unfortunately, this also makes it the most difficult to spot.

In our previous example, spoofing is identified by carefully spotting details that are visible to the human eye. In email spoofing, a nefarious party has edited the metadata of an email to match the details of the party it seeks to impersonate. Since this data is hidden by default, a recipient will not be able to identify spoofing unless they closely examine invisible email headers. Even in these cases, a suspicious party needs to know what details to look for, in order to identify abnormalities.

Luckily, client-side detection has improved, and programs like Gmail are able to identify some spoofed data mismatches by flashing huge warning messages like these:

However, scammers are in a constant arms race with security researchers, and new exploits can fly under the radar until new methods of verification are devised.

What to Suspect When You’re Suspecting

While paying attention to senders is important, the messaging and content can easily tip you off of suspicious activity. We also suggest being on the lookout for the following:

• Spelling, formatting, and grammar mistakes
  • Correspondence from official sources should be spell-checked and well-written. While “pobody’s nerfect”, multiple blatant grammar and spelling mistakes should raise concerns.
• If it sounds too good to be true…
  • A sales team representative is offering you a 50% discount, for a limited time only! That’s great, but is the deal realistic? Lavish offers are often an attempt to hook people’s trust.
• Unsolicited contact 
  • It’s certainly not unusual to receive marketing emails, but if someone was looking to impersonate an email address, this is a prime opportunity to do so. Out of the blue promotions don’t need to be written off as a complete red flag, but due diligence should be performed before sensitive information or funds are exchanged.
• Use your instincts
  • This is the most intangible advice we can offer. Flags may involve the overall tone of a conversation, insistence or pressure to move forward, or inconsistencies with stories and claims. Regardless, if something feels “off” to you, you have the right to pull out of a deal or to simply stop communication.
• Play sketchy games, win sketchy prizes
  • This should be self-explanatory. If you are pursuing illicit activities, or seeking giant profits with little to no investment, your chances of being scammed will go up exponentially.

Stay Alert at All Times

Beyond any obvious scams (Let’s say you were able to spot “Mircosoft” and cut off communication with “BiII”),  there are a few steps that you can perform to verify an identity.

• Direct contact on a verified channel, like our Telegram chat if you suddenly receive a message from someonepretending to be from CoinMarketCap

This may seem like a momentum-ending reset button, but it’s the surest way to verify that your contact is who they say they are. There are some key things to remember:

• When verifying, do not click a link, or use a contact provided in the email chain. Any of these methods may be doctored by the nefarious party.
• Depending on the size of the organization, responses may take some time, but be patient.
• Ask for verification and make sure it meets your standards

At any point, you have every right to request a method of verification. This can include placing key details on a site’s official channel or having a phone call via an officially listed number/extension.

• Real sources should never protest an identity check and will likely have some method of verification.
• It’s up to you to determine if the evidence you’ve received is sufficient. Don’t be afraid to ask for additional verification if it does not meet your standards.

Double-Edged Swords

As a humanoid arachnid’s Uncle Ben once said, “With great power comes great responsibility.” The same is true with the internet and its seemingly unlimited potential. Thanks to the internet, we have thousands of ways to communicate, which unfortunately provides thousands of ways to be tricked. With crypto, we have an untraceable, anonymous method of sending money, and we also have a scammer’s dream.

Hopefully this article has provided you with some tools to help protect yourself from impersonation and scams in a crypto-based world. Be safe out there!

The post How to Avoid Crypto Scams appeared first on CoinMarketCap Blog.