A large number of fraud and hacking schemes are built on social engineering and user carelessness. There are many different ways - this is phishing, swapping letters in the browser, unfair advertising and much more. However, often scammers work according to more opaque schemes.
In this article, we will consider all the most dangerous tricks that hackers make users fall for in an attempt to steal bitcoins.
Call from "tech support"? Your cryptocurrency is in danger
This method of phishing attacks is carried out by scammers using the account information received from you, for example:
- The full name of the victim;
- Phone number;
- E-mail address;
- 2FA code;
- IP (including geographic location with IP);
- The browser that the victim uses.
Technical support operators will never call or email you first without your request. Moreover, they will never ask you for any account information, since such information is private.
Having obtained all of the above data in a telephone conversation, fraudsters themselves can contact the support of the exchange, reporting, for example, about the loss of the device and the inability to log in using two-factor authentication.
Fake cryptocurrency exchange site
Another phishing attack method.
Attackers can simply replace the site address, while the website itself will look identical to the original. By going to a third-party site, you will enter data from your account, thereby transferring it to the hands of scammers. The question arises, how to protect yourself? In fact, everything is very simple. The original exchange website has an SSL certificate confirming official sites. It is also worth paying attention to the presence of "s" in the address, "https" protocols are more reliable. When visiting the address website of the exchange, see if the green lock is lit opposite the address bar.
Virus emails: another way to clear your cryptocurrency wallet
Typically, messages are sent on social networks with one simple goal: to force the cryptocurrency holder to open the attachment / click on the link attached to the letter. For example, it can be important work archives or even visual materials hiding dangerous viruses.
Such viruses collect data on the use of the computer, information entered from it (including passwords), the search for stored keys, or the launch of sites that require a password from the wallet. Ultimately, cryptocurrency hackers have a storage address, a password, and in rare cases even access to manage a cold wallet when it is connected to a PC. The rest is a matter of technology.
Fake applications: not at all the bitcoin wallet that you need
Entering a long cryptocurrency wallet address is painful and long, so the usual copy method is often used. Hackers have developed fake applications that replace the address of the copied wallet with their own, after which the money is transferred to them, and not to the original wallet. To counter, you just need to double-check the entered address before sending.
Browser extensions: not a cryptocurrency exchange, but a hacker trick
There are many browser extensions and plugins written in Java Script and designed to make interaction with cryptocurrency wallets easier and more comfortable. JS makes these plugins vulnerable to hacker attacks. Attackers simply intercept data and can even install hidden mining programs.
You can counteract the threat by the following methods: install a separate browser or even a separate computer for trading, use incognito mode, regularly update anti-virus databases and do not download any dubious extensions or plugins.
Public Wi-Fi: theft of bitcoins immediately after purchase
The most popular option is data theft using public Wi-Fi networks. As a rule, routers use the WPA (Wi-Fi Protected Access) protocol, which encrypts information on a wireless network and allows authorized users to access it.
Theft is done in a fairly simple way with the KRACK command.
So they make the victim’s device reconnect to their own Wi-Fi network, after which they get the opportunity to monitor and control all the information passing through it, including the keys to cryptocurrency wallets.
Messenger bots: sell bitcoins to hackers for free
These are special Slack bots that send a notification to the user about problems with his currency wallet. Their goal is to make the user follow the link in the notification and enter the private key.
Recommendations: ignoring messages from bots, sending complaints about them, installing protection from Slack channels.
Payments and transactions with a QR code: when you want to buy cheaper
It happens that QR codes hide wallets and change crypto-exchange web pages to phishing ones. With their help, often fake results related to crypto. Their goal is simple - to force the user to transfer their data from the account. Protection - interaction only with a trusted QR code.
In the end, I want to say that not to fall for the tricks of scammers is actually quite easy. All you need is to be careful when visiting the exchange website, do not open notifications from dubious bots and do not transfer information from the account to third parties under any circumstances.