Blockchain and cryptocurrency companies are still driving the hype cycle as far as financial technology from a consumer perspective is concerned, but with that hype comes an interesting aftermath, one which brings new security challenges and with the arrival of new technologies to the crypto landscape scams are catching a second wind. We have only just recently seen a number of high profile and noisy cryptocurrency exit-scams, fraudulent activity that has left a shadow on the whole space and against this backdrop long-term scams in the cryptocurrency space are expected to proliferate and become more tenacious than they already are.
The scam threat landscape is a problem for not just individual users, but also businesses which are increasingly likely to look for cooperations, partners or services in the crypto space. Third party cybersecurity risk is already an issue even before you add the words crypto to the mix, as always this is a potential threat to an evolving and unfamiliar market. Businesses are not aware and not ready to defend themselves (or their customers) due to the lack of knowledge, dedicated resources or in-house security teams and they lack understanding of the taxonomy of scams.
The importance of awareness and ability to notice the patterns used by scammers, knowledge of how to protect oneself and business has never been greater. Those brave investors who place their assets into any cryptocurrency are usually not protected by a regulatory framework as cryptocurrencies are typically not regulated by financial watchdogs in any way. From a businesses perspective this new economy brings more red flags and risks to watch out for than opportunities right now.
What Do Crypto Scams Look Like?
The blockchain and cryptocurrency scams which are currently targeting businesses can be differentiated by a few unique characteristics:
1) They are targeted scams. - Scammers usually know whom to contact from the targets team and base their appeal on a context recognizable to the business.
2) They are mainly authority scams. - Scammers pretend to be someone, the editor of a well-known or new media platform, production studio with an audience in the millions, an intermediary to connect blockchain projects for cooperation, etc.
3) They promote payments in cryptocurrencies. - Cryptocurrencies as a class of product enable the ability to move funds between countries with a certain level of anonymity, but more important to the scammers is the impossibility of reversing or freezing payments if any suspicions are raised. Businesses need to be warned about the indirect facilitation of financial crimes when non-criminal motives merge with potential malicious acts by third parties.
4) They involve long-term communication. - Business scams require more thorough preparation, a longer period of action and involvement, as well as the possession of certain skills and information — business fraud is a long term game. Such behavior may confuse businesses and lead to false conclusions: if a third party replies and provides documents (investing long term in communication with the target and providing seemingly valid verification documents on demand) then a business will usually assume that they are a valid business entity.
Common business scams types include advertising proposals from a third party, scammers posing as your own team members and bots being used to inflate the audience and popularity of social media profiles. The common theme is a proposal which brings risk to your financial accounts and your customers data security.
- Advertising proposals via e-mails
Typical email scams targeted at consumers can be easily detected by most people through their poor grammar, terrible spelling and familiar scammy storylines, but when it comes to business scams it can be much hard to identify them.
Clever segmentation, precise targeting and preliminary preparation of the scam proposal ensures scammer credibility (and higher returns to the scammers), the majority of business scam e-mails in the blockchain and cryptocurrencies markets are about partnership proposals, PR and content services that are aimed to bring a huge awareness to such a well proven project and hand-picked by board of experts.
Which project wouldn’t like to be mentioned by a celebrity in TV show for international audience of millions? Signs of credibility may include custom e-mail signatures, working websites, celebrities or well-known persons on the market, mentioning other companies that already agreed to participate.
Typically their early communications do not contain hidden malware in files and instead, they usually engage a team member in an attempt to obtain any sensitive information to be used later on down the line. It's worth mentioning that come scammers do actually provide the services they are selling, but not to the expected level of execution and distribution or with several delays to drag out the process until the contact person disappears with your money and it's too late.
- Posing as team members and using bots to inflate social profiles
Compared to typical authority scams where scammers pretend to be banks, governments or other entities, blockchain and cryptocurrency scams steal open source data about actual teams or individuals for malicious purposes. For example, LinkedIn is a good source of professionals identities which can be stolen and placed on a website to build a team page. Scammers prefer to keep communication in social networks moderate focused in one channel, usually an encrypted chat. Each cryptocurrency project tries to grow own chats as potential partners pay attention to communities sizes and take them into account as an indicators of high demand for trading volumes forecasts. The size of groups can reach up to 100K participants, but almost all of them are inactive accounts or bots used as extras.
- Service proposals
As much as cryptocurrencies will seek for mass adoption and inclusion in existent financial systems, third parties will seek for solutions and ways to provide access to those currencies. There are several risks to name and the hardest part is when scams involve other people — company's clients. Simple business e-mail compromise can lead to a bigger problem such as gaining an access to company’s data and more information about potential victims. Service proposals imply more complex schemes, including the registration of companies, preparation and signing documents for increasing legitimacy and trust building. The best thing that can happen is a company pays money for services and the scammers forget about them.
Money is not a huge loss when compared to identity theft.
Collecting data on individuals through the KYC process is a routine for many companies. KYC found its place almost in all online businesses and recently is used as a security protocol by cryptocurrency companies to make transactions more secure and being compliant with regulators’ requirements. Everyone concerned needs to be very careful with the data they provide when interacting with third parties, it is a good practice to prevent accidental data breach which can lead to malicious intent. Any raw data sent to suspicious third parties may be sold on the dark web and your company may be implicated in a serious data breach. Each data breach in crypto happens for one reason — to gather more victims' data.
In conclusion, if your company wants to interact with the cryptocurrency world, make sure that you have a dedicated team of security professionals who can ensure the safety of clients’ data, validate the company's online behavior and communications, and develop internal policies and training which will increase awareness about potential in-house threats from scammers posing as partners.