Over the past few years, cryptocurrency-related content has flooded social media channels. Much of it is genuinely educational, some of it, mindless chatter. In a world where we can connect and share information– fast, free and with ease — more and more people are learning about the digital space from within it. However, this content shift, from mainstream media to social, comes with its own risks. The crypto-sphere has increasingly become a target for phishing attacks and investment scams.
As crypto market engagement occurs predominantly online, malicious actors, groups and bots have leveraged social media sites, such as Twitter, and their technology underpinnings, to initiate a range of sophisticated criminal activities. Victims range from novices and everyday enthusiasts to more seasoned traders – even some well-established influencers have fallen prey.
The U.S. Federal Trade Commission reports that more than $80 million has been lost to cryptocurrency-related investment scams since October 2020, representing roughly a 1,000% increase compared to 2019.
We’ve already written a blog about how to know it’s Uphold emailing you, although the scope of our watchful eye extends to social media, too. Because we recognize how important it is to help our customers safeguard themselves online.
What is phishing? 🕵️
Phishing is a form of social engineering whereby cybercriminals dupe victims into providing their personal information. This refers to any form of personally identifiable information and includes but is not limited to:
- Email addresses
- Home addresses
- Date of birth
- Social security numbers
- Passwords and Pins
- Full name
- Phone Numbers
- Memorable recovery phrases for private wallets.
Whilst some of these details on their own may not appear to be much of a risk, when combined can be pieced together to initiate an identity theft online.
Increased growth in social media activity for the cryptocurrency space 📈
On January 1st 2020, Bitinfocharts reports that there were 13.62k daily tweets with hashtag #Bitcoin. A year later this figure had increased tenfold to 196.07k and by mid-May 2021, it peaked at 363.566K hashtags with #Bitcoin. Even when we look more broadly via Google searches and using the tool “Google Trends” which is a barometer they have for gauging general or retail interest in trending topics, with 100 being highest, 0 being lowest. The word “Cryptocurrency” between Jan 5-11th 2020 sat at 6. About a year and a half later in May 2021, it sat 100 – dominating search data.
With this data, it’s clear the trend towards social media has increased, however, this has provided the opportunity for cybercriminals to target these sites. We’re seeing a lot of incidents/attacks occurring on sites such as Twitter, Youtube, Facebook, Telegram, Instagram, Reddit and others to name.
What to look out for 👀🗣
📉 Investment Scams:
- These might come in the form of tweets or comments which say: “Contact John Doe at [email protected] and he’ll flip your $100 in BTC into $1000 in BTC”
- They’ll ask you to make a small deposit and promise a higher return, but once the money is sent, they’ll usually block, or stop responding to the victim all around.
➡️ Fake Giveaways and Airdrops
- Investment scams may also take the form of fake giveaways & airdrops where they tell you to deposit a small amount and following which, promise that you’ll get a larger value sent back to your wallets address. We’ve seen cyber criminals becoming more sophisticated and creating fake profiles pretending to be established exchanges, like us, or fake profiles of well-established cryptocurrency influencers. Please see real-life examples below 👇
- 👈 Here are clear examples of Brand Infringement, where a page has been set up pretending to be us and offering a giveaway. Often, you can tell a page is a fake one as they usually include an extra letter, punctuation so that they can bypass the duplicate page rules. Please look out for these small username distinctions as well as verified ticks.
- 💪 We report these pages on our end. If you see one please make sure to report such pages if you come across them so that the site’s algorithms can get better at automatically spotting these types of pages and taking them down.
👥🕵️♀️ Identity theft:
- Another way in which cybercriminals can use personal data shared online is to initiate identity theft. We see these happen when a profile is created pretending to be a trusted individual or institution, redirects you to a link that asks you to enter or DM your personal information. Information which can then be pieced together to perform theft of a personal account and/or funds.
- We’ve also seen attempts of identity theft occur via Customer Support related queries. Where the individual or group creates a profile and informs customers that “We’ll help you recover your account” and in the same as above, will take you to a form which asks you to enter sensitive details which you would never be asked by our official Customer Support channels.
✏️ Employment-related scams: There’s also a rise of incidents where individuals create fake job adverts in WhatsApp or Telegram groups pretending to advertise job roles at Uphold. Asking individuals to provide personal information and in some cases money, information which again can be pieced together to initiate an account takeover or identity theft.
➡️ As we can see there are spelling mistakes and grammatical errors in this message which wouldn’t happen in our official recruitment processes. Please be aware of these and note that we’ll only ever post job openings via our official careers page linked here.
- We hope that this blog has given you an insight into the types of scams that are appearing online. As cybercriminals become more sophisticated in their approach it is important that the cryptocurrency community becomes more enlightened and proactive in our response to protecting ourselves and personal data 📚
- Make sure you use strong passwords and don’t use the same passwords for your online accounts.
- As mentioned earlier, personally identifiable information such as email addresses, home addresses, date of birth, social security numbers, passwords and pins, full names, memorable recovery phrases for private wallets shouldn’t be shared. We’ll never ask you for this information, at least not altogether. So it’s important that you don’t share it 🤞
Please make sure to read our blog on how we’ll contact you so you’re in the loop with our official lines of communication.