Here’s the Top Five Phishing Scam Methods Affecting Crypto Users in 2019

Phishing is a type of cyber attack that often appears in an email, unbeknownst to the recipient. Many phishing scams have gotten quite good at making the recipient believe that the email is from a reliable source and that it contains information that is useful to them. Once the user opens the email, clicks on any links or downloads any attachments, their computer becomes infected.

The cryptocurrency industry is the target of phishing scams as well. Just recently, $225 million has been lost due to cryptocurrency investors becoming affected by such scams, according to a report issued by Chianalysis, an anti-money laundering software for bitcoin. Given the risk of phishing scams and the losses involved, it can be useful to have an understanding of such scams so that one can be on alert and ensure that they are doing their best to avoid such scams.

5 Most Significant Scams

Myetherwallet

One of the latest circulating scams affected MEW. Users received an email claiming to be  Myetherwallet, alerting them of an unrelated security incident on the servers and as a result, the wallet requested users’ login information. The platform discussed the scam on its Twitter page and asked users to DM the platform the details to ensure that the scam was blacklisted. Further, the platform also alerted users of the fraudulent email and to not believe the hype.

For sure phishing scam. Where does the link actually go? DM us? Would like to ensure it's blacklisted on @EthAddrLookup and @metamask_io and @MetaCert

— MyEtherWallet | MEW (@myetherwallet) January 6, 2018

Generally, platforms do not request private information by email. The good outcome in this situation is that the platform was quickly alerted to the scam, it took action, and worked to mitigate any issues that could have arisen from the scam.

Attention #MEWfam,

There's another phishy email going around asking users to give up personal information. Don't believe the hype!

#1. We will never email you first (only reply to support).
#2. We will never ask for your private key (or other sensitive info).
#3. Be skeptical! pic.twitter.com/654TLIt5ar

— MyEtherWallet | MEW (@myetherwallet) February 4, 2019

Prize Scams

Prize scams are scams where the scammers send a phishing email to the winner to alert them that they have won a prize and that they need to pay on the proceeds. This type of scam has been recognized as an issue by the Federal Trade Commission, which states that “if you have to pay, it’s not a prize.”

According to an article by Proofpoint, researchers noticed that there has been a rise in “cryptocurrency giveaway scams.” The scams target bitcoin and ethereum winners and request part of the proceeds from a large payout. Once users click on the information in the phishing email or tweet, they are directed to a page that appears quite legitimate, where users prompted to provide personal information.

Electrum Wallet Attack

In December 2018, there were reports of an attack on Ethereum Wallet and that 200 BTC (approximately $800,000 USD) had been stolen. According to reddit users who commented on the attack, the hacker set up several malicious servers and “if someone's Electrum Wallet connected to one of those servers, and tried to send a BTC transaction, they would see an official-looking message telling them to update their Electrum Wallet, along with a scam URL.” Users were then promoted to log into their wallets by providing their two-factor authentication code – which is out of the ordinary for Electrum.

The issue became a prominent one on social media, where users alerted each other to not fall for the scam.

A sybil + malware attack is ongoing against @ElectrumWallet users – if you see a message asking you to upgrade, don't click on it! Users who only connect to their own personal Electrum server are unaffected. https://t.co/DDrLY1vInN pic.twitter.com/3M5MyYrQlE

— Jameson Lopp (@lopp) December 27, 2018

Fake ICO Schemes

Fake initial coin offerings are an issue and the United States Securities and Exchange Commission has worked to alert users of such scams. According to SEC Chairman Jay Clayton on the widespread promotion of ICOs,

“We embrace new technologies, but we also want investors to see what fraud looks like, so we built this educational site with many of the classic warning signs of fraud. Distributed ledger technology can add efficiency to the capital raising process, but promoters and issuers need to make sure they follow the securities laws. I encourage investors to do their diligence and ask questions.”

There have also been a number of ICO exit scams. According to Cointelegraph, a few of them include PlexCoin, BEnebit, and Opair and Ebitz.

A sybil + malware attack is ongoing against @ElectrumWallet users – if you see a message asking you to upgrade, don't click on it! Users who only connect to their own personal Electrum server are unaffected. https://t.co/DDrLY1vInN pic.twitter.com/3M5MyYrQlE

— Jameson Lopp (@lopp) December 27, 2018

Sextortion Scams

Unfortunately, sextortion has permeated the world of bitcoin. According to an article by The Next Web, blackmailers scammed users from $332,000 in sextortion scams. This scam works by scammers targeting individuals and sending them emails that mention an existing password and they state that they’ve been able to compromise the account. They also state that they have access to compromising videos or images of a sexual nature and that they will share them with the public if they do not send funds in crypto.

These are extremely dubious circumstances and users should be wary not to fall for them.