Dear Sir/Madam, I pray to the lords that you are in good health...
Who the hell speaks like that?! Let alone send a professional email with sentences like this.
We've all encountered spam emails. I get on average five per day and all have similar weird sentences. Thankfully, they get automatically sent to junk so I don't have to be notified by them. However, you should know how to identify spam emails, especially in this day and age where it's super easy to reach anyone in the world, and where spam can be coupled with malicious intent.
What is the definition of spam?
"Spamming is the use of messaging systems to send multiple unsolicited messages to large numbers of recipients for the purpose of commercial advertising, for the purpose of non-commercial proselytizing, for any prohibited purpose, or simply sending the same message over and over to the same user." Basically thousands of people receive the same email/message you do trying to either advertise something to you or trick you into giving them money through several ways.
How can scammers harm me?
By far the most dangerous scams involve stealing your personal information and there several ways scammers go about doing that. The first and most common method is when someone sends you a phishing email or message impersonating your bank, a website you might use, binance, any other crypto website.
But what is phishing?
"Phish" is analogous to the word "fish", i.e., the scammer throws a baited hook out there (the phishing email or message) and hopes you (the fish) bite. Notable examples you might have heard of are when hackers tricked Hillary Clinton campaign chair John Podesta to give up his GMAIL password or when private nude photos of celebrities were leaked in an event termed "the fappening".
The Phishing Kit
Even worse kits are available for hackers who want an effortless method to steal data. A phishing kit contains all the necessary tools for phishing. The hackers installs these tools ton a server and sends out emails/messages to potential victims. These phishing kits can be obtained from the darkweb or are available on open source platforms. Importantly, some kits allow you to spoof legitimate brands such as Amazon and Microsoft.
The goals of phishing
Simply put, the goal is to earn money either by stealing sensitive data or locking your PC.
Emails/messages can be used to trick a user into revealing usernames and passwords that the attacker can use to access an account. By clicking on a phishing link, the victim is taken to a malicious site designed to resemble either a bank page, an online store like Amazon, or even cryptocurrency exchange websites. The victim will then enter his username and password into these fake login fields revealing them to the hacker.
A similar method is called clone phishing where the hacker copies the exact content of a legitimate email/message but sends malicious links and/or malware to the victim.
Another vile method is infecting your device with malware. The victim is tricked into downloading a file which contains malware. These files are often .zip files, or Microsoft Office documents with malicious embedded code. The most common form of malicious code is ransomware, a malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again.
The above methods are usually used on millions of people. But what about targeted phishing? Unfortunately, it exists and it's called spear phishing (like you're throwing a spear to hunt a whale, get it?). This one requires more effort on the part of the hacker as he has to study the victim and spoof the right content to trick the victim into believing that it's one of their co-workers or trusted contacts that are contacting them. The subsequent steps are the same and invariably lead to the hacker stealing money. Targeting bigger whales is known as whaling and is the hardest method for a hacker to successfully perform as it requires gathering a vast amount of info on high profile targets such as CEOs.
Other phishing methods exist but these are the main ones.
- Fake online surveys/Fake ads
"Fill this survey for a chance to win xyz" or "buy this iPhone for 15$"... Scammers tend to use these methods to easily obtain any personal information. Even if you're just giving them your email without any passwords, you're opening the door for more scam mails. And keep in mind, a lot of people use the same password for multiple sites so if someone creates an account on these fake sites, they might end up using the same password as the one for their email and inadvertently give access to the scammer.
Imagine losing $10k on fake promises. That could never happen to me right? Well it's easier said than done, especially when the scammer tricks you into believing you've made a profit initially. All the scams mentioned above are applicable to crypto, but here are some crypto specific scams.
The exit scam
An exit scam is centered around a fake initial coin offering (ICO). A legitimate ICO will raise money for a new cryptocurrency company. But, scammers create a fake company (fake ICOs), stir up hype online, and trick investors into buying.
Scammers launch a new crypto platform, market the currency and concept, raise money from hopeful investors, run the business for a short time, and then disappear with everyone's money and leave the project to dust. They basically guarantee you profits every week, and may even give you back some profit so that you invest even more, and once they're satisfied with the money everyone has invested, they take it all and leave.
Pump and dump
By far, one of the more popular crypto scams in the pump and dump. Picture this: a group of people inject their money into new or existing crypto coin that is valued at less than <0.001 for example to drive the value up. They then hype that coin up through social media, ads, news articles, fake celebrities endorsements (those ads with Elon Musk's face on them aren't done with his permission), etc. You then believe the hype, invest in this exciting coin along with hundreds/thousands of people, its value keeps rising until the scammers sell all their coins and disappear, leaving the coin dead in the waters.
I've already touched on this but the difference with crypto scams, is that malware can access your crypto wallet and syphon everything. This is why people recommend using a hardware wallet versus a software wallet.
- The giveaways/Ponzi schemes
A fake ad uses pictures of celebrities like Elon Musk without their permission, promising you twice your payment back if you contribute. You end up giving away your money and never hearing back from anyone. Ponzi schemes operate the same way but actually give you profit using other users' invested money in a constant cycle until they accumulated enough money to disappear.
How to Avoid Scams
- Rule #1: If it's too good to be true, it's a scam. There's no such thing as free and easy money. I know we're all looking for the next dogecoin for quick money but that's very unlikely to be replicated. Some would argue doge is a pump and dump scheme, after all "100 people control the entire $46 billion DOGE market."
- Rule #2: No one should ever need to ask for your private information. Be careful where you put your email, phone number, secret questions and answers (can be used to breach other websites). When in doubt, Google is your friend. Can't find the answer on Google? then go on Reddit and check communities that have been active for a while and have a good userbase (as to avoid fake subreddits). Subs such as r/CryptoCurrency are legit and will help you.
- Rule #3: Do not click on any links from emails you receive out of the blue. Got an email telling you to claim your 5000 dogecoins? It's likely a phishing site.
- Rule #4: Stay away from unknown miners. Always do your research about what you're willingly installing on your PC. There are plenty of fake miners that contain malware and that will steal your wallet.
- Rule #5: This is more general advice, but if you've received unwanted email from someone/something you've never subscribed to, then do NOT click the unsubscribe button as it will have the opposite effect and confirm that you are a real person, and your email will be flagged for scammers. Additionally, avoid opening shady email. These emails usually have a read receipt attached to them, i.e., they inform the sender when someone opens the email. You can disable read receipt on your PC and mobile devices, just Google whichever email app you use and how to disable read receipt (make sure you disable it on both your PC AND phone/tablet).
- Rule #6: Social media scams are very common, avoid at all cost. There are plenty of stories of Instagram scams where someone deposits 100$ and gets 30$ in profit, leading him to deposit more and more money until the scammers collects thousands and bails. Obviously this isn't exclusive to Instagram but is seen on all social media networks. Again remember Rule #1.
- Rule #7: Check the credibility of the person/team promoting their ICOs. It's very cheap and easy to buy likes and followers, don't be fooled by that, actually check who these people are. If you can't find any background info then they're likely scammers.
The Bottom Line
Scamming can ruin your life financially. With the ever increasing popularity of Crypto, scammers have access to easier targets. Pay attention to what you click on and what you read. Don't blindly invest your life savings into a "get rich quick" scheme. Try to educate your family and friends about scams. Above all, keep your personal info safe at all times.