Security is often touted as the primary advantage of cryptocurrencies. Cryptocurrencies are decentralized and transactions require significantly less sensitive information from investors than banks do. Data is stored on blockchains, in which information is recorded in hash functions and timestamped. Blockchain systems, combined with a lack of a centralized server, pose a set of near-insurmountable challenges to prospective hackers.
Nonetheless, trading in bitcoin does not automatically guarantee immunity from fraud. Cryptocurrency has grown more commonplace as a result of the COVID-19 pandemic, with more businesses accepting it as payment. Naturally, cybercriminals have adapted to this shift by altering traditional financial crimes and coming up with new ones to suit the budding cryptocurrency era.
COVID-19 cryptocurrency scams abound
The current global climate of uncertainty and fear allows optimal opportunities for malefactors to exploit. A devious twist on the tried-and-true blackmail campaign involves threatening to infect the recipient and their relatives with coronavirus. Unless the victim either sends money to a Bitcoin wallet or shares the password to their account, the hacker will send an infected individual to the victim’s home. In order to heighten chances of success, the scammer may also claim to have personally identifying or compromising information. That can range from a home address to intimate activity conducted online, e.g. visiting a pornographic website.
Ransomware has also undergone a COVID-themed transformation. The malware built for Android devices, known as COVIDLock, is distributed through websites offering free resources. The app is allegedly a free coronavirus tracking app. Once downloaded, the recipient’s phone is locked and a message appears demanding a sum of money payable in bitcoins to return access. If the target does not comply, their phone will be wiped of all data, private information will be shared online, or both. Note that phones that do not have a password lock are susceptible to this form of attack.
Understandably, panic, and a desire to comply to avoid the consequences is a natural response to malicious extortion. Despite this, the communications must be reported to the relevant authorities and ignored. Bear in mind that, for many people, there is a wealth of information available online for cybercriminals to create the illusion that they know everything. Monitoring social media accounts and other publicly-visible profiles enable hackers to mention personal details to make the threat sound more legitimate. Restricting your online presence is a worthwhile initiative to reduce your exposure to this sort of fraud. The less personal data hackers have access to, the easier it is to see through blackmail attempts.
Download apps pertaining to the coronavirus (monitoring news, tracking infections, etc.) from trustworthy sources only, such as Google Play or Apple’s App Store. Remember that authority website domain names can be spoofed or mimicked. A website claiming to belong to a governmental or medical agency isn’t automatically free from suspicion.
Other attempts at fraud are more insidious, such as requests for virtual donations to renowned organizations to fight COVID-19 and support relief efforts. Following the World Health Organization’s establishment of the COVID-19 Solidarity Relief Fund, individuals began reporting solicitations of cryptocurrency supposedly on behalf of the WHO. Messages directed recipients to donate via a Bitcoin address rather than through the non-profit’s official website. WHO confirmed that it does not accept cryptocurrency contributions. Solicitation of cryptocurrency donations from charities, online stores, or exchanges must be verified directly from the source rather than third-party emails or trending posts.
Fraudsters are also happy to seize upon the sheer desperation for new commodity items to protect against the virus. These products — masks, face shields, and similar equipment — can only be bought with cryptocurrency. Some miscreants go so far as to offer “cures” and “guaranteed” preventative solutions. There may also be a disclaimer that the item is in limited stock to encourage a quick purchase. These false advertisements are usually easy to disprove, but fear or hope can elicit hasty decisions. Of course, the promised items never arrive.
Knowledge is a vital defense strategy against such scams, especially considering the prolific spread of misinformation about the pandemic. Adopt a skeptical approach toward advertisements or messages offering coronavirus treatments or protective gadgets purchasable only via bitcoin. If products come with a certification of approval from authority organizations such as the Centers for Disease Control and Prevention (CDC), check the official website to confirm. Usually, a standard search will confirm a specific type of scam.
The fourth common COVID-19 scam is inspired by the quarantine-instigated boom in remote employment: work-from-home schemes. Considering the worldwide spike in unemployment rates as a result of coronavirus, the demographic exists. Cybercriminals pose as employers, offering jobseekers the chance at full time work — with the bonus of an initial “donation” to get started. This donation typically consists of stolen money that the predators are attempting to launder. Scammers then request that these funds then be transferred to a cryptocurrency kiosk. The unsuspecting victim could then be held liable for illegal transmission of stolen currency.
Alternatively, the message might be a variation of the get-rich-quick scheme. Targets are tempted with the promise of swift rewards or sizable profits with little work required. The caveat is that the future employee has to transfer a set sum in cryptocurrency over to the “business” to begin.
It’s important not to take employment prospects at face value, especially if you never applied for a job in the first place. Convenient jobs with exorbitant salaries are enticing lures used by digital delinquents capitalizing on struggling economies. Verified businesses are unlikely to request financial deposits or transactions as a hiring stipulation, particularly not in cryptocurrency. Always research a company before you respond to communications.
The perils of improper cryptocurrency storage
Improper storage is another significant vulnerability all digital investors must address. Cryptocurrency should not be stored on exchanges long-term: in the event of a breach or an unexpected technical error, the investment is lost. In 2019 alone, 12 virtual currency exchanges were hacked, costing users millions in damages. The lack of jurisdiction and anonymity that many digital investors consider benefits turn to drawbacks in the event of an attack. Tracking down bitcoin thieves tends to be a more complex endeavor for law enforcement agencies.
Rather, crypto holders should transfer their funds to a bitcoin wallet. These wallets can either be physical devices that allow for offline storage, or online wallets that are separate from the exchange.
The best wallet for securing your bitcoins will depend on your transaction volume and transaction value. The value is the number of transactions you conduct on average, and the volume refers to the size of each transaction. In general, hard wallets are more appropriate for higher value transactions, whereas online wallets are suitable for lower value transactions. However, you can use multiple types of wallets to balance accessibility with security.
Staying proactive against cybercriminals
In light of these situations, vigilance at all stages of the process is critical to avoid falling victim to fraud. Awareness of the tactics criminals employ to play upon emotions provoked by the pandemic is essential to be prepared. Safeguarding your investments in a bitcoin wallet versus letting bitcoins sit on the exchange is non-negotiable regardless of your average transaction volume and value.
It can be tricky to separate legitimate opportunities to pay using cryptocurrency from deceitful ploys. The fact that many malefactors hijack the clout of genuine organizations makes things murkier. A trademark red flag to watch for is an insistence on virtual currency as the sole method of payment and pressure to fork up payment quickly.
In terms of conducting cryptocurrency transactions online, there are several provisions to take to boost security. Firstly, select a reputable cryptocurrency exchange. Since these companies are not government-backed, thoroughly research your options — particularly where it concerns the exchange’s security policies. Investigate better-known cryptocurrency exchange platforms within your country.
Next, set up a secure, decentralized email and add multi-factor authentication. Combined with two-step verification, the innate encryption that these email providers include makes it more challenging for hackers to compromise. Similarly, multi-signature (or MultiSig) addresses are safer than using a single key to authorize a transaction.
Basic precautions like antivirus software and firewalls are a necessity for all personal devices. Since public networks provide rife opportunities for digital miscreants to attack connected devices, install a VPN to shield sensitive online activities from prying eyes.
As with traditional currency, physical assaults or attacks from dangerous thieves are not unheard of. Bitcoins are typically more appealing to steal than traditional money due to the anonymous, decentralized nature of the currency. For this reason, details about holdings and investments must not be shared with other individuals, whether online on forums or offline.
Because transactions are conducted digitally, trading and storing cryptocurrency will always have inherent security risks in the form of fraud. Since traditional hacking techniques are challenging to implement with this form of tender, attempts to manipulate and swindle holders directly should be anticipated. Awareness of current threats combined with best-practice protocols to shield your investments is imperative for a long-term defense strategy.
