Whenever a new world-changing technology is released unto the masses, inspiring, industrious individuals inevitably start thinking of positive use cases. On the flip-side, other individuals nefariously plot how this technology can be used for their own under-handed gain. In the internet’s case, for every exciting new invention, we’re forced to contend with 10 Nigerian prince scams.
And while scammers are nothing new, thanks to cryptocurrencies, those committing fraud have another means of receiving illicit funds. After all, we can now send and receive large amounts of money pseudonymously over the internet without the involvement of banks or governmental bodies. We are essentially transporting money between alphanumeric strings, with no name, address, or identifying details attached.
The irony is, cryptocurrencies are technically very safe and efficient. Due to the “crypto” portion of cryptocurrencies and the blockchain itself, transactions themselves are incredibly secure. This means that the most vulnerable part of the crypto landscape is the human element, which is incidentally the target of most scammers.
Despite all of the technology and security measures cryptocurrencies adhere to, familiar and low-tech tricks such as spoofing and impersonation are now the most effective way to scam money from unsuspecting users. Now more than ever, it’s important to ensure that your crypto funds are being sent to the intended recipient rather than an attractive or deceitful proposition.
Who is John Smith, Really?
When someone envisions an online impersonation scheme, they might conjure up an image of a man in sunglasses and a dark hoodie, surrounded by monitors of neon green “Matrix” code.
In reality, online impersonation can be pretty low-tech. We’ll explore some frequently-seen schemes, from the easy-to-spot to tricky to catch:
Claim to Someone Else’s Fame
In this case, you would be contacted by someone whose name does not match up with the real person. Our users have reported being contacted by scammers on Telegram. Names or emails may be an obvious jumbled mess of letters and numbers. If this is the case, this is a likely and obvious scam.
Example: “Yes, my Telegram name is wrestlingfan316, but I am really Bill Gates and I need to verify your account number in order to send you money.”
Fake Name and Impersonation
This method is an additional step-up from a scammer who claims to be someone else, since the impersonator will go through the effort to make a realistic-sounding ID.
The regulation of names on chat programs or social media is more popular, but not ubiquitous. This means a scammer can potentially set their name to “Bill_Gates” or “Microsoft_Bill” without credentials to back it up. There’s no guarantee that a party is actually who their username claims to be, unless there is some sort of verification process that shows official accounts with the “Blue Check” on Twitter. Be careful when you receive a suspicious, unsolicited message without verifying the name first.
Example: “My Telegram name is Bill_Gates. Only the real Bill Gates would have this name, so I must be him!”
Impersonating Usernames with Look Alike Letters: The Perils of Sans-Serif
Ok, you’ve verified the actual username that Bill Gates uses, and it’s “Bill”. You’ve been talking with “BiII”, so you should be fine, right?
This is unfortunately, wrong. Take another look at the two names above. The official username is “Bill”, which is spelled with a pair of lowercase L’s. The imposter “BiII” was able to create an account with what seems like the same username, instead using a pair of upper-case i’s to create the username.
Unfortunately, this “look alike letter” spoofing is a low-tech, but highly effective impersonation trick that many buy into without conducting their own verification check.
This method can be used in spoofed email domains as well, giving correspondence a seemingly “official” appearance. For example, using an upper case “i” for a lower case “L” can make a “@GoogIe.com” and “@Google.com” email domain virtually indistinguishable.
Another easier-to-spot method would be to swap, add, or jumble letters of a well-known domain. If you aren’t paying close attention, an illegitimate email from “Mircosoft” might appear to be coming from “Microsoft”.
Example: “Hello! This is biII@mircosoft.com! I have some money to transfer to you, all that’s required is some details!”
Of all the methods we’ve shared so far, this method requires the most technical know-how to pull off. Unfortunately, this also makes it the most difficult to spot.
In our previous example, spoofing is identified by carefully spotting details that are visible to the human eye. In email spoofing, a nefarious party has edited the metadata of an email to match the details of the party it seeks to impersonate. Since this data is hidden by default, a recipient will not be able to identify spoofing unless they closely examine invisible email headers. Even in these cases, a suspicious party needs to know what details to look for, in order to identify abnormalities.
Luckily, client-side detection has improved, and programs like Gmail are able to identify some spoofed data mismatches by flashing huge warning messages like these:
However, scammers are in a constant arms race with security researchers, and new exploits can fly under the radar until new methods of verification are devised.
What to Suspect When You’re Suspecting
While paying attention to senders is important, the messaging and content can easily tip you off of suspicious activity. We also suggest being on the lookout for the following:
Stay Alert at All Times
Beyond any obvious scams (Let’s say you were able to spot “Mircosoft” and cut off communication with “BiII”), there are a few steps that you can perform to verify an identity.
This may seem like a momentum-ending reset button, but it’s the surest way to verify that your contact is who they say they are. There are some key things to remember:
At any point, you have every right to request a method of verification. This can include placing key details on a site’s official channel or having a phone call via an officially listed number/extension.
As a humanoid arachnid’s Uncle Ben once said, “With great power comes great responsibility.” The same is true with the internet and its seemingly unlimited potential. Thanks to the internet, we have thousands of ways to communicate, which unfortunately provides thousands of ways to be tricked. With crypto, we have an untraceable, anonymous method of sending money, and we also have a scammer’s dream.
Hopefully this article has provided you with some tools to help protect yourself from impersonation and scams in a crypto-based world. Be safe out there!
Leading global blockchain news provider. A blockchain, originally block chain, is a growing list of records, called blocks, that are linked using cryptography.