Unlike the fiat currency in your physical wallet, cryptocurrency is entirely digital in nature. The move towards using a global, decentralised currency which is stored in a virtual wallet has many advantages over using traditional currency, but unfortunately criminals have evolved with the times too – using manipulative techniques such as social engineering and trading scams to illegally access the wallets of unsuspecting cryptocurrency investors.
Your security is of the utmost importance to us at Luno. We take every effort to ensure that our customers are safe and protected by making use of advanced and sophisticated security measures. While our security is first-class and adhere to strict internal security practices to keep your risk as low as possible, we rely on our customers to be informed about the steps fraudsters take to access funds.
It pays to be smart when trading in any currency. Here’s how to play it safe when using cryptocurrency:
Have you ever been contacted by an individual on social media who asked if you would be interested in investing? These individuals may introduce themselves as forex traders, binary option traders and brokers. They may be friendly and believable in their communication with you, usually claiming that they have a very lucrative business proposal if you first buy into it by making an urgent payment. To some, the opportunity may sound fantastic, but this activity is the hallmark of a classic trading scam and sadly a common method used to lure cryptocurrency investors into losing their money.
Consider this question. Would you trust a random stranger if they approached you in the street with a business proposal that sounded too good to be true? Cryptocurrency should never be viewed as a get-rich-quick scheme.
Another form of a trading scam is CEO fraud, in that employees who are authorised to make payments receive an email from a senior member of management in their company, requesting them to settle an invoice. The account that the funds are paid into is controlled by the fraudster.
Ponzi and pyramid schemes
A ponzi scheme by definition is a form of fraud which lures investors and pays profits to earlier investors by using funds obtained from the more recent investors. A pyramid scheme differs in that it is a business model which recruits members via a promise of payments or services for enrolling others into the scheme, rather than supplying investments or sale of products or services.
As the world moves closer to embracing cryptocurrency through the natural evolution of currency, fraudsters have intelligently crafted ponzi and pyramid schemes to match. If you are contacted by a representative of an organisation who is offering you a lucrative opportunity, check to see if that organisation is listed on the Bitcoin Badlist – a list of known scams, ponzi and pyramid schemes.
Social engineering is used by fraudsters who capitalise on social situations to commit crime. In the context of cryptocurrency, it is the psychological manipulation of victims into performing actions or divulging confidential information to access wallets. Criminals are constantly looking for new ways to access digital funds, and often they rely on using personal techniques to convince victims into trusting them.
Receiving an email with the instruction “Click here to confirm your account” is a common method used by phishers to unlawfully gain access to accounts. The message may seem entirely legit, branded with a company’s identity that you may recognise, but upon further inspection you are likely to spot irregularities. Is the website that you’ve been directed to secure? You can verify this by the padlock icon displaying in your browser’s address bar. Check what the sender is asking – are they requesting sensitive information such as your bank account details or your password? Luno will never ask you for these nor will we ever threaten to deactivate your account if you do not comply.
We have another Help Centre article dedicated to protecting yourself against phishing, but below we’ll diversify and explain the various forms of it.
Vishing (Voice phishing) is a phone scam used by phishers who may impersonate an employee of a business, bank or another financial institution. Victims are fooled into providing valuable account information over the phone.
Smishing (SMS phishing) takes place through SMS communication, whereby phishers trick victims into revealing information or transferring money to them.
Twishing (phishing through Twitter) is when a phisher tweets to or sends a direct message to a Twitter user with a link to a fraudulent website. If the user signs into that site, the phisher obtains their private information such as a name and password, which may be used elsewhere on the internet to access email inboxes and even cryptocurrency wallets.
Protect your sensitive information by seeing if your email account has been previously compromised on https://haveibeenpwned.com – this website will let you know if there has ever been a breach of security involving your email. We recommend changing your password to be more secure if your account security has previously been breached.