In a quarterly review released by anti-phishing software developer Kaspersky Lab, Ethereum has been listed as the most popular cryptocurrency to be targeted by cybercriminals running phishing scams. The second quarterly review of 2018 states that, by rough estimate, $2,329,317 USD worth of potential investor money has been siphoned out of the market by criminals posing as both fake and existing initial coin offerings (ICOs) in the last quarter alone. This figure excludes traditional phishing methods to gain access to private key information and accounts, such as posing as popular wallets and exchanges.
The investment scams impersonate true ICOs by creating fake sites that mimic the real project page or by contacting potential investors directly via email whilst masquerading as the official ICO. Multiple other phishing scams have also been documented including fake mobile apps, airdrops and wallet registrations; most of which request a comparative small sum deposit for a large reward upon completion.
The ICO market holds a particularly strong appeal to scammers, with ICO’s raising $17,895,606,193 USD worth of funds across 717 different programs in 2018 alone, and many investors allured to the prospect of gaining early access and capitalizing on new ICO’s.
The anonymity of online currencies has made it particularly easy to run cryptocurrency giveaway scams on social media platforms such a Twitter, Facebook and Instagram; with bot accounts masquerading as celebrities offering free coins in exchange for a small deposit. Recent celebrity names targeted have been the likes of Elon Musk, Richard Branson, and, Martin Lewis; all of whom have a strong crypto following. According to the recent report, deposit wallets can be located on separate websites in order to build the victim’s trust, with the wallets containing a list of live fake transactions “updating” to confirm transferred money is being reimbursed at several times the initial amount invested.
It is, however, not the first time these types of bot phishing scams have been documented; after an open letter signed by a number of prominent members of the cryptocurrency community was published calling for action, Twitter attempted to counter some of these bot accounts by putting an indiscriminate block on any account using Elon Musk’s name. Once blocked, the account must verify itself by completing an anti-bot challenge and validating an associated phone number.
The industry is also seeing a stronger and more prevalent involvement from government bodies in response to this rise in fraudulent activities. The City of London Police’s Economic Crime Academy (ECA) recently launched a UK first course on cryptocurrencies for officers, after the National Fraud and Cybercrime Reporting Centre (ECA) published a separate report stating that between 1 June 2018 and 31 July 2018, 203 reports of fraud involving cryptocurrency were issued which pointed to a combined loss of £2,059,501.29 GBP.
With such a lack of consumer protection within the cryptocurrency market, it is understandable why more international regulatory bodies are intervening to mitigate these scams. While centralized intervention is rarely welcomed in the crypto space, the need for more action is now greater than ever.