How to stay safe in the crypto world
Digital currencies are no longer the niche asset they used to be. More and more regular people of all age groups and backgrounds are taking the crypto plunge every day. Some are simply looking for safe value storage, while others are enticed by the huge potential returns that only highly volatile instruments can offer. Whatever their reasons, the upshot of all this is that cryptocurrencies are well on their way to becoming mainstream investment vehicles. But with this rise in popularity there comes an increased risk of fraud as cybercriminals set their sights on these new, less tech-savvy crypto holders.
Today’s coin bandits are extremely good at what they do and can call on an extensive repertoire of tricky tactics to part you from your hard-earned digital cash. With this in mind, we decided to put together a quick summary of some of their favourite scams alongside tips to prevent you becoming their next victim.
Crypto hackers will try a variety of methods to phish for your personal details with the end goal of gaining access to your wallet and stealing all your coins. But by far and away the most common method they use is run-of-the-mill email or social media phishing.
So, if you ever receive an email or message from someone claiming to be your cryptocurrency provider, never follow their instructions or click on any embedded links until you’ve done your due diligence.
- Check the domain name. Cybercriminals tend to buy domain names that look very similar to valid ones, except that they often have odd endings like ‘.biz’, ‘.to’, or ‘.help’. For this reason, it’s crucial you cross-reference the domain in any email with that of the official site.
- Never do what they ask. Phishers will often try and hook you into making rash decisions by instilling fear. Their communication will often include phrases like: “We have detected suspicious behaviour on your account, click here to cancel your transaction”. Resist the urge to take their bait and instead log into your personal account on your provider’s website to check your transaction history for yourself. Alternatively, you can call the company’s customer support line or contact them via their social media channels.
- Check for HTTPS. Don’t trust URLs that don’t begin with HTTPS. After all, that ‘S’ stands for secure. And if it’s not there, that means anybody can intercept your private information. Unfortunately the crooks are getting increasingly sophisticated and many now purchase SSL certificates to provide HTTPS for their fake web addresses. Therefore, if you have even the slightest inkling of doubt, the best course of action is to leave the site immediately.
SIM swap attacks
Most ordinary folk have probably never heard of this type of hack, but some of the biggest crypto hauls have been stolen using this simple trick. Perhaps the highest profile case of them all is the story of an investor who lost $23.8 million worth of tokens and is now suing AT&T for ten times this amount. Basically, a SIM swap is when someone convinces your mobile operator to transfer your phone number over to a SIM card they own. Once they have access to your messages, those otherwise highly secure two-factor authentication procedures are an absolute doddle.
But how can you protect yourself from such attacks? Luckily there are several solutions available:
- Hardware authentication tools
It doesn’t matter whether you’re looking to protect the one BTC you got for Christmas or a stash of crypto worth tens of thousands, upgrading to hardware based security is always a wise move. While it is great to use something like a YubiKey, certain software-based alternatives offer a good compromise. For instance, tools like Google Authenticator and Authy can turn your mobile device into a force to be reckoned with.
- Google Voice
Unfortunately, some services won’t support hardware-based 2FA, instead preferring to remain stuck in the past with inferior SMS-based protocols. In such cases, you could consider creating a Google Voice phone number (which cannot be SIM ported) to serve as your second factor authentication. This will help you stay secure without limiting your potential pool of services.
- Second email
When fraudsters eventually manage to transfer your SIM, this is just the first hurdle. They then usually have to use that to gain access to your email account. That’s why it’s a good idea to have another email address that you only use for high value data like your crypto exchange details. Do not use this email address for anything else and keep it private. You should also back that address up with some form of hardware-based 2FA, preferably not SMS-based!
Cybersecurity firm Kaspersky estimates that, between 2015 and 2016, the number of internet users who encountered one form or another of crypto ransomware rose from over 1.9 million to 2.3 million. The most affected countries included the United States, Germany, and Italy. As you can see, crypto ransomware is becoming a serious problem and people must take measures to protect themselves from it.
Much like phishing, users are targeted with files or links sent via, instant messages or other communication networks. Common files formats used to deliver crypto-ransomware include: Microsoft Word documents, Microsoft XSL documents, XML documents and ‘.zip’ folders. Obviously, then, the number one precaution you can take is to follow our anti-phishing tips above. Beyond that, though, you should also use a trusted antivirus solution to warn you of any suspicious files attempting to infect your computer. Another smart idea is to back up all of your important files on an external drive, so you won’t feel quite as helpless if you do fall prey to these cyber kidnappers.
The sad reality is that however secure you make something, there will always be some reprobate who will try and exploit its weaknesses to enrich themselves at your expense. All you can do is take as many precautions as you possibly can and hope the crooks focus their efforts on the less perspicuous in the herd. While hardware ledgers and paper wallets are the least vulnerable to hacker attacks, they come with their own set of risks and inconveniences.
The perfect balance between safety and accessibility is a high-end, well-protected exchange like StormGain. With their ultra-secure cold storage technology, you can rest assured the hackers won’t be able to get their grubby hands on your money unless you give them the keys to the front door. That’s why it’s so crucial you heed the advice given above: don’t publish any personal information anywhere, opt for a superior two-factor authentication method and preferably use a dedicated email address for your crypto account.